1 /* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <openssl/x509.h>
16
17 #include <assert.h>
18 #include <limits.h>
19
20 #include <openssl/bytestring.h>
21 #include <openssl/err.h>
22 #include <openssl/mem.h>
23 #include <openssl/obj.h>
24 #include <openssl/pem.h>
25 #include <openssl/stack.h>
26
27 #include "../bytestring/internal.h"
28
29
30 /* pkcs7_parse_header reads the non-certificate/non-CRL prefix of a PKCS#7
31 * SignedData blob from |cbs| and sets |*out| to point to the rest of the
32 * input. If the input is in BER format, then |*der_bytes| will be set to a
33 * pointer that needs to be freed by the caller once they have finished
34 * processing |*out| (which will be pointing into |*der_bytes|).
35 *
36 * It returns one on success or zero on error. On error, |*der_bytes| is
37 * NULL. */
pkcs7_parse_header(uint8_t ** der_bytes,CBS * out,CBS * cbs)38 static int pkcs7_parse_header(uint8_t **der_bytes, CBS *out, CBS *cbs) {
39 size_t der_len;
40 CBS in, content_info, content_type, wrapped_signed_data, signed_data;
41 uint64_t version;
42
43 /* The input may be in BER format. */
44 *der_bytes = NULL;
45 if (!CBS_asn1_ber_to_der(cbs, der_bytes, &der_len)) {
46 return 0;
47 }
48 if (*der_bytes != NULL) {
49 CBS_init(&in, *der_bytes, der_len);
50 } else {
51 CBS_init(&in, CBS_data(cbs), CBS_len(cbs));
52 }
53
54 /* See https://tools.ietf.org/html/rfc2315#section-7 */
55 if (!CBS_get_asn1(&in, &content_info, CBS_ASN1_SEQUENCE) ||
56 !CBS_get_asn1(&content_info, &content_type, CBS_ASN1_OBJECT)) {
57 goto err;
58 }
59
60 if (OBJ_cbs2nid(&content_type) != NID_pkcs7_signed) {
61 OPENSSL_PUT_ERROR(X509, X509_R_NOT_PKCS7_SIGNED_DATA);
62 goto err;
63 }
64
65 /* See https://tools.ietf.org/html/rfc2315#section-9.1 */
66 if (!CBS_get_asn1(&content_info, &wrapped_signed_data,
67 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
68 !CBS_get_asn1(&wrapped_signed_data, &signed_data, CBS_ASN1_SEQUENCE) ||
69 !CBS_get_asn1_uint64(&signed_data, &version) ||
70 !CBS_get_asn1(&signed_data, NULL /* digests */, CBS_ASN1_SET) ||
71 !CBS_get_asn1(&signed_data, NULL /* content */, CBS_ASN1_SEQUENCE)) {
72 goto err;
73 }
74
75 if (version < 1) {
76 OPENSSL_PUT_ERROR(X509, X509_R_BAD_PKCS7_VERSION);
77 goto err;
78 }
79
80 CBS_init(out, CBS_data(&signed_data), CBS_len(&signed_data));
81 return 1;
82
83 err:
84 if (*der_bytes) {
85 OPENSSL_free(*der_bytes);
86 *der_bytes = NULL;
87 }
88
89 return 0;
90 }
91
PKCS7_get_certificates(STACK_OF (X509)* out_certs,CBS * cbs)92 int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs) {
93 CBS signed_data, certificates;
94 uint8_t *der_bytes = NULL;
95 int ret = 0;
96 const size_t initial_certs_len = sk_X509_num(out_certs);
97
98 if (!pkcs7_parse_header(&der_bytes, &signed_data, cbs)) {
99 return 0;
100 }
101
102 /* See https://tools.ietf.org/html/rfc2315#section-9.1 */
103 if (!CBS_get_asn1(&signed_data, &certificates,
104 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) {
105 OPENSSL_PUT_ERROR(X509, X509_R_NO_CERTIFICATES_INCLUDED);
106 goto err;
107 }
108
109 while (CBS_len(&certificates) > 0) {
110 CBS cert;
111 X509 *x509;
112 const uint8_t *inp;
113
114 if (!CBS_get_asn1_element(&certificates, &cert, CBS_ASN1_SEQUENCE)) {
115 goto err;
116 }
117
118 if (CBS_len(&cert) > LONG_MAX) {
119 goto err;
120 }
121 inp = CBS_data(&cert);
122 x509 = d2i_X509(NULL, &inp, (long)CBS_len(&cert));
123 if (!x509) {
124 goto err;
125 }
126
127 assert(inp == CBS_data(&cert) + CBS_len(&cert));
128
129 if (sk_X509_push(out_certs, x509) == 0) {
130 X509_free(x509);
131 goto err;
132 }
133 }
134
135 ret = 1;
136
137 err:
138 if (der_bytes) {
139 OPENSSL_free(der_bytes);
140 }
141
142 if (!ret) {
143 while (sk_X509_num(out_certs) != initial_certs_len) {
144 X509 *x509 = sk_X509_pop(out_certs);
145 X509_free(x509);
146 }
147 }
148
149 return ret;
150 }
151
PKCS7_get_CRLs(STACK_OF (X509_CRL)* out_crls,CBS * cbs)152 int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs) {
153 CBS signed_data, crls;
154 uint8_t *der_bytes = NULL;
155 int ret = 0;
156 const size_t initial_crls_len = sk_X509_CRL_num(out_crls);
157
158 if (!pkcs7_parse_header(&der_bytes, &signed_data, cbs)) {
159 return 0;
160 }
161
162 /* See https://tools.ietf.org/html/rfc2315#section-9.1 */
163
164 /* Even if only CRLs are included, there may be an empty certificates block.
165 * OpenSSL does this, for example. */
166 if (CBS_peek_asn1_tag(&signed_data,
167 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) &&
168 !CBS_get_asn1(&signed_data, NULL /* certificates */,
169 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) {
170 goto err;
171 }
172
173 if (!CBS_get_asn1(&signed_data, &crls,
174 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 1)) {
175 OPENSSL_PUT_ERROR(X509, X509_R_NO_CRLS_INCLUDED);
176 goto err;
177 }
178
179 while (CBS_len(&crls) > 0) {
180 CBS crl_data;
181 X509_CRL *crl;
182 const uint8_t *inp;
183
184 if (!CBS_get_asn1_element(&crls, &crl_data, CBS_ASN1_SEQUENCE)) {
185 goto err;
186 }
187
188 if (CBS_len(&crl_data) > LONG_MAX) {
189 goto err;
190 }
191 inp = CBS_data(&crl_data);
192 crl = d2i_X509_CRL(NULL, &inp, (long)CBS_len(&crl_data));
193 if (!crl) {
194 goto err;
195 }
196
197 assert(inp == CBS_data(&crl_data) + CBS_len(&crl_data));
198
199 if (sk_X509_CRL_push(out_crls, crl) == 0) {
200 X509_CRL_free(crl);
201 goto err;
202 }
203 }
204
205 ret = 1;
206
207 err:
208 if (der_bytes) {
209 OPENSSL_free(der_bytes);
210 }
211
212 if (!ret) {
213 while (sk_X509_CRL_num(out_crls) != initial_crls_len) {
214 X509_CRL_free(sk_X509_CRL_pop(out_crls));
215 }
216 }
217
218 return ret;
219 }
220
PKCS7_get_PEM_certificates(STACK_OF (X509)* out_certs,BIO * pem_bio)221 int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs, BIO *pem_bio) {
222 uint8_t *data;
223 long len;
224 int ret;
225
226 /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM
227 * internally will actually allow several other values too, including
228 * "CERTIFICATE". */
229 if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */,
230 PEM_STRING_PKCS7, pem_bio,
231 NULL /* password callback */,
232 NULL /* password callback argument */)) {
233 return 0;
234 }
235
236 CBS cbs;
237 CBS_init(&cbs, data, len);
238 ret = PKCS7_get_certificates(out_certs, &cbs);
239 OPENSSL_free(data);
240 return ret;
241 }
242
PKCS7_get_PEM_CRLs(STACK_OF (X509_CRL)* out_crls,BIO * pem_bio)243 int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls, BIO *pem_bio) {
244 uint8_t *data;
245 long len;
246 int ret;
247
248 /* Even though we pass PEM_STRING_PKCS7 as the expected PEM type here, PEM
249 * internally will actually allow several other values too, including
250 * "CERTIFICATE". */
251 if (!PEM_bytes_read_bio(&data, &len, NULL /* PEM type output */,
252 PEM_STRING_PKCS7, pem_bio,
253 NULL /* password callback */,
254 NULL /* password callback argument */)) {
255 return 0;
256 }
257
258 CBS cbs;
259 CBS_init(&cbs, data, len);
260 ret = PKCS7_get_CRLs(out_crls, &cbs);
261 OPENSSL_free(data);
262 return ret;
263 }
264
265 /* pkcs7_bundle writes a PKCS#7, SignedData structure to |out| and then calls
266 * |cb| with a CBB to which certificate or CRL data can be written, and the
267 * opaque context pointer, |arg|. The callback can return zero to indicate an
268 * error.
269 *
270 * pkcs7_bundle returns one on success or zero on error. */
pkcs7_bundle(CBB * out,int (* cb)(CBB * out,const void * arg),const void * arg)271 static int pkcs7_bundle(CBB *out, int (*cb)(CBB *out, const void *arg),
272 const void *arg) {
273 CBB outer_seq, wrapped_seq, seq, version_bytes, digest_algos_set,
274 content_info;
275
276 /* See https://tools.ietf.org/html/rfc2315#section-7 */
277 if (!CBB_add_asn1(out, &outer_seq, CBS_ASN1_SEQUENCE) ||
278 !OBJ_nid2cbb(&outer_seq, NID_pkcs7_signed) ||
279 !CBB_add_asn1(&outer_seq, &wrapped_seq,
280 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
281 /* See https://tools.ietf.org/html/rfc2315#section-9.1 */
282 !CBB_add_asn1(&wrapped_seq, &seq, CBS_ASN1_SEQUENCE) ||
283 !CBB_add_asn1(&seq, &version_bytes, CBS_ASN1_INTEGER) ||
284 !CBB_add_u8(&version_bytes, 1) ||
285 !CBB_add_asn1(&seq, &digest_algos_set, CBS_ASN1_SET) ||
286 !CBB_add_asn1(&seq, &content_info, CBS_ASN1_SEQUENCE) ||
287 !OBJ_nid2cbb(&content_info, NID_pkcs7_data) ||
288 !cb(&seq, arg)) {
289 return 0;
290 }
291
292 return CBB_flush(out);
293 }
294
pkcs7_bundle_certificates_cb(CBB * out,const void * arg)295 static int pkcs7_bundle_certificates_cb(CBB *out, const void *arg) {
296 const STACK_OF(X509) *certs = arg;
297 size_t i;
298 CBB certificates;
299
300 /* See https://tools.ietf.org/html/rfc2315#section-9.1 */
301 if (!CBB_add_asn1(out, &certificates,
302 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) {
303 return 0;
304 }
305
306 for (i = 0; i < sk_X509_num(certs); i++) {
307 X509 *x509 = sk_X509_value(certs, i);
308 uint8_t *buf;
309 int len = i2d_X509(x509, NULL);
310
311 if (len < 0 ||
312 !CBB_add_space(&certificates, &buf, len) ||
313 i2d_X509(x509, &buf) < 0) {
314 return 0;
315 }
316 }
317
318 return CBB_flush(out);
319 }
320
PKCS7_bundle_certificates(CBB * out,const STACK_OF (X509)* certs)321 int PKCS7_bundle_certificates(CBB *out, const STACK_OF(X509) *certs) {
322 return pkcs7_bundle(out, pkcs7_bundle_certificates_cb, certs);
323 }
324
pkcs7_bundle_crls_cb(CBB * out,const void * arg)325 static int pkcs7_bundle_crls_cb(CBB *out, const void *arg) {
326 const STACK_OF(X509_CRL) *crls = arg;
327 size_t i;
328 CBB crl_data;
329
330 /* See https://tools.ietf.org/html/rfc2315#section-9.1 */
331 if (!CBB_add_asn1(out, &crl_data,
332 CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 1)) {
333 return 0;
334 }
335
336 for (i = 0; i < sk_X509_CRL_num(crls); i++) {
337 X509_CRL *crl = sk_X509_CRL_value(crls, i);
338 uint8_t *buf;
339 int len = i2d_X509_CRL(crl, NULL);
340
341 if (len < 0 ||
342 !CBB_add_space(&crl_data, &buf, len) ||
343 i2d_X509_CRL(crl, &buf) < 0) {
344 return 0;
345 }
346 }
347
348 return CBB_flush(out);
349 }
350
PKCS7_bundle_CRLs(CBB * out,const STACK_OF (X509_CRL)* crls)351 int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls) {
352 return pkcs7_bundle(out, pkcs7_bundle_crls_cb, crls);
353 }
354