File: | src/lib/libcrypto/ts/ts_rsp_verify.c |
Warning: | line 578, column 12 Use of zero-allocated memory |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: ts_rsp_verify.c,v 1.24 2021/12/12 21:30:14 tb Exp $ */ | |||
2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | |||
3 | * project 2002. | |||
4 | */ | |||
5 | /* ==================================================================== | |||
6 | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. | |||
7 | * | |||
8 | * Redistribution and use in source and binary forms, with or without | |||
9 | * modification, are permitted provided that the following conditions | |||
10 | * are met: | |||
11 | * | |||
12 | * 1. Redistributions of source code must retain the above copyright | |||
13 | * notice, this list of conditions and the following disclaimer. | |||
14 | * | |||
15 | * 2. Redistributions in binary form must reproduce the above copyright | |||
16 | * notice, this list of conditions and the following disclaimer in | |||
17 | * the documentation and/or other materials provided with the | |||
18 | * distribution. | |||
19 | * | |||
20 | * 3. All advertising materials mentioning features or use of this | |||
21 | * software must display the following acknowledgment: | |||
22 | * "This product includes software developed by the OpenSSL Project | |||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |||
24 | * | |||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |||
26 | * endorse or promote products derived from this software without | |||
27 | * prior written permission. For written permission, please contact | |||
28 | * licensing@OpenSSL.org. | |||
29 | * | |||
30 | * 5. Products derived from this software may not be called "OpenSSL" | |||
31 | * nor may "OpenSSL" appear in their names without prior written | |||
32 | * permission of the OpenSSL Project. | |||
33 | * | |||
34 | * 6. Redistributions of any form whatsoever must retain the following | |||
35 | * acknowledgment: | |||
36 | * "This product includes software developed by the OpenSSL Project | |||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |||
38 | * | |||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |||
51 | * ==================================================================== | |||
52 | * | |||
53 | * This product includes cryptographic software written by Eric Young | |||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |||
55 | * Hudson (tjh@cryptsoft.com). | |||
56 | * | |||
57 | */ | |||
58 | ||||
59 | #include <stdio.h> | |||
60 | #include <string.h> | |||
61 | ||||
62 | #include <openssl/err.h> | |||
63 | #include <openssl/objects.h> | |||
64 | #include <openssl/pkcs7.h> | |||
65 | #include <openssl/ts.h> | |||
66 | ||||
67 | #include "evp_locl.h" | |||
68 | #include "x509_lcl.h" | |||
69 | ||||
70 | /* Private function declarations. */ | |||
71 | ||||
72 | static int TS_verify_cert(X509_STORE *store, STACK_OF(X509)struct stack_st_X509 *untrusted, | |||
73 | X509 *signer, STACK_OF(X509)struct stack_st_X509 **chain); | |||
74 | static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509)struct stack_st_X509 *chain); | |||
75 | static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); | |||
76 | static int TS_find_cert(STACK_OF(ESS_CERT_ID)struct stack_st_ESS_CERT_ID *cert_ids, X509 *cert); | |||
77 | static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); | |||
78 | static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, | |||
79 | PKCS7 *token, TS_TST_INFO *tst_info); | |||
80 | static int TS_check_status_info(TS_RESP *response); | |||
81 | static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING)struct stack_st_ASN1_UTF8STRING *text); | |||
82 | static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); | |||
83 | static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, | |||
84 | X509_ALGOR **md_alg, | |||
85 | unsigned char **imprint, unsigned *imprint_len); | |||
86 | static int TS_check_imprints(X509_ALGOR *algor_a, | |||
87 | unsigned char *imprint_a, unsigned len_a, | |||
88 | TS_TST_INFO *tst_info); | |||
89 | static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); | |||
90 | static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); | |||
91 | static int TS_find_name(STACK_OF(GENERAL_NAME)struct stack_st_GENERAL_NAME *gen_names, GENERAL_NAME *name); | |||
92 | ||||
93 | /* | |||
94 | * Local mapping between response codes and descriptions. | |||
95 | * Don't forget to change TS_STATUS_BUF_SIZE when modifying | |||
96 | * the elements of this array. | |||
97 | */ | |||
98 | static const char *TS_status_text[] = { | |||
99 | "granted", | |||
100 | "grantedWithMods", | |||
101 | "rejection", | |||
102 | "waiting", | |||
103 | "revocationWarning", | |||
104 | "revocationNotification" | |||
105 | }; | |||
106 | ||||
107 | #define TS_STATUS_TEXT_SIZE(sizeof(TS_status_text)/sizeof(*TS_status_text)) (sizeof(TS_status_text)/sizeof(*TS_status_text)) | |||
108 | ||||
109 | /* | |||
110 | * This must be greater or equal to the sum of the strings in TS_status_text | |||
111 | * plus the number of its elements. | |||
112 | */ | |||
113 | #define TS_STATUS_BUF_SIZE256 256 | |||
114 | ||||
115 | static struct { | |||
116 | int code; | |||
117 | const char *text; | |||
118 | } TS_failure_info[] = { | |||
119 | { TS_INFO_BAD_ALG0, "badAlg" }, | |||
120 | { TS_INFO_BAD_REQUEST2, "badRequest" }, | |||
121 | { TS_INFO_BAD_DATA_FORMAT5, "badDataFormat" }, | |||
122 | { TS_INFO_TIME_NOT_AVAILABLE14, "timeNotAvailable" }, | |||
123 | { TS_INFO_UNACCEPTED_POLICY15, "unacceptedPolicy" }, | |||
124 | { TS_INFO_UNACCEPTED_EXTENSION16, "unacceptedExtension" }, | |||
125 | { TS_INFO_ADD_INFO_NOT_AVAILABLE17, "addInfoNotAvailable" }, | |||
126 | { TS_INFO_SYSTEM_FAILURE25, "systemFailure" } | |||
127 | }; | |||
128 | ||||
129 | #define TS_FAILURE_INFO_SIZE(sizeof(TS_failure_info) / sizeof(*TS_failure_info)) (sizeof(TS_failure_info) / \ | |||
130 | sizeof(*TS_failure_info)) | |||
131 | ||||
132 | /* Functions for verifying a signed TS_TST_INFO structure. */ | |||
133 | ||||
134 | /* | |||
135 | * This function carries out the following tasks: | |||
136 | * - Checks if there is one and only one signer. | |||
137 | * - Search for the signing certificate in 'certs' and in the response. | |||
138 | * - Check the extended key usage and key usage fields of the signer | |||
139 | * certificate (done by the path validation). | |||
140 | * - Build and validate the certificate path. | |||
141 | * - Check if the certificate path meets the requirements of the | |||
142 | * SigningCertificate ESS signed attribute. | |||
143 | * - Verify the signature value. | |||
144 | * - Returns the signer certificate in 'signer', if 'signer' is not NULL. | |||
145 | */ | |||
146 | int | |||
147 | TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509)struct stack_st_X509 *certs, | |||
148 | X509_STORE *store, X509 **signer_out) | |||
149 | { | |||
150 | STACK_OF(PKCS7_SIGNER_INFO)struct stack_st_PKCS7_SIGNER_INFO *sinfos = NULL((void*)0); | |||
151 | PKCS7_SIGNER_INFO *si; | |||
152 | STACK_OF(X509)struct stack_st_X509 *signers = NULL((void*)0); | |||
153 | X509 *signer; | |||
154 | STACK_OF(X509)struct stack_st_X509 *chain = NULL((void*)0); | |||
155 | char buf[4096]; | |||
156 | int i, j = 0, ret = 0; | |||
157 | BIO *p7bio = NULL((void*)0); | |||
158 | ||||
159 | /* Some sanity checks first. */ | |||
160 | if (!token) { | |||
161 | TSerror(TS_R_INVALID_NULL_POINTER)ERR_put_error(47,(0xfff),(102),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,161); | |||
162 | goto err; | |||
163 | } | |||
164 | ||||
165 | /* Check for the correct content type */ | |||
166 | if (!PKCS7_type_is_signed(token)(OBJ_obj2nid((token)->type) == 22)) { | |||
167 | TSerror(TS_R_WRONG_CONTENT_TYPE)ERR_put_error(47,(0xfff),(114),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,167); | |||
168 | goto err; | |||
169 | } | |||
170 | ||||
171 | /* Check if there is one and only one signer. */ | |||
172 | sinfos = PKCS7_get_signer_info(token); | |||
173 | if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos)sk_num(((_STACK*) (1 ? (sinfos) : (struct stack_st_PKCS7_SIGNER_INFO *)0))) != 1) { | |||
174 | TSerror(TS_R_THERE_MUST_BE_ONE_SIGNER)ERR_put_error(47,(0xfff),(110),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,174); | |||
175 | goto err; | |||
176 | } | |||
177 | si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0)((PKCS7_SIGNER_INFO *)sk_value(((_STACK*) (1 ? (sinfos) : (struct stack_st_PKCS7_SIGNER_INFO*)0)), (0))); | |||
178 | ||||
179 | /* Check for no content: no data to verify signature. */ | |||
180 | if (PKCS7_get_detached(token)PKCS7_ctrl(token,2,0,((void*)0))) { | |||
181 | TSerror(TS_R_NO_CONTENT)ERR_put_error(47,(0xfff),(106),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,181); | |||
182 | goto err; | |||
183 | } | |||
184 | ||||
185 | /* Get hold of the signer certificate, search only internal | |||
186 | certificates if it was requested. */ | |||
187 | signers = PKCS7_get0_signers(token, certs, 0); | |||
188 | if (!signers || sk_X509_num(signers)sk_num(((_STACK*) (1 ? (signers) : (struct stack_st_X509*)0)) ) != 1) | |||
189 | goto err; | |||
190 | signer = sk_X509_value(signers, 0)((X509 *)sk_value(((_STACK*) (1 ? (signers) : (struct stack_st_X509 *)0)), (0))); | |||
191 | ||||
192 | /* Now verify the certificate. */ | |||
193 | if (!TS_verify_cert(store, certs, signer, &chain)) | |||
194 | goto err; | |||
195 | ||||
196 | /* Check if the signer certificate is consistent with the | |||
197 | ESS extension. */ | |||
198 | if (!TS_check_signing_certs(si, chain)) | |||
199 | goto err; | |||
200 | ||||
201 | /* Creating the message digest. */ | |||
202 | p7bio = PKCS7_dataInit(token, NULL((void*)0)); | |||
203 | ||||
204 | /* We now have to 'read' from p7bio to calculate digests etc. */ | |||
205 | while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0) | |||
206 | ; | |||
207 | ||||
208 | /* Verifying the signature. */ | |||
209 | j = PKCS7_signatureVerify(p7bio, token, si, signer); | |||
210 | if (j <= 0) { | |||
211 | TSerror(TS_R_SIGNATURE_FAILURE)ERR_put_error(47,(0xfff),(109),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,211); | |||
212 | goto err; | |||
213 | } | |||
214 | ||||
215 | /* Return the signer certificate if needed. */ | |||
216 | if (signer_out) { | |||
217 | *signer_out = signer; | |||
218 | CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509)CRYPTO_add_lock(&signer->references,1,3,((void*)0),0); | |||
219 | } | |||
220 | ||||
221 | ret = 1; | |||
222 | ||||
223 | err: | |||
224 | BIO_free_all(p7bio); | |||
225 | sk_X509_pop_free(chain, X509_free)sk_pop_free(((_STACK*) (1 ? (chain) : (struct stack_st_X509*) 0)), ((void (*)(void *)) ((1 ? (X509_free) : (void (*)(X509 * ))0)))); | |||
226 | sk_X509_free(signers)sk_free(((_STACK*) (1 ? (signers) : (struct stack_st_X509*)0) )); | |||
227 | ||||
228 | return ret; | |||
229 | } | |||
230 | ||||
231 | /* | |||
232 | * The certificate chain is returned in chain. Caller is responsible for | |||
233 | * freeing the vector. | |||
234 | */ | |||
235 | static int | |||
236 | TS_verify_cert(X509_STORE *store, STACK_OF(X509)struct stack_st_X509 *untrusted, X509 *signer, | |||
237 | STACK_OF(X509)struct stack_st_X509 **chain) | |||
238 | { | |||
239 | X509_STORE_CTX cert_ctx; | |||
240 | int i; | |||
241 | int ret = 0; | |||
242 | ||||
243 | /* chain is an out argument. */ | |||
244 | *chain = NULL((void*)0); | |||
245 | if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0) { | |||
246 | TSerror(ERR_R_X509_LIB)ERR_put_error(47,(0xfff),(11),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,246); | |||
247 | goto err; | |||
248 | } | |||
249 | if (X509_STORE_CTX_set_purpose(&cert_ctx, | |||
250 | X509_PURPOSE_TIMESTAMP_SIGN9) == 0) | |||
251 | goto err; | |||
252 | i = X509_verify_cert(&cert_ctx); | |||
253 | if (i <= 0) { | |||
254 | int j = X509_STORE_CTX_get_error(&cert_ctx); | |||
255 | ||||
256 | TSerror(TS_R_CERTIFICATE_VERIFY_ERROR)ERR_put_error(47,(0xfff),(100),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,256); | |||
257 | ERR_asprintf_error_data("Verify error:%s", | |||
258 | X509_verify_cert_error_string(j)); | |||
259 | goto err; | |||
260 | } else { | |||
261 | /* Get a copy of the certificate chain. */ | |||
262 | *chain = X509_STORE_CTX_get1_chain(&cert_ctx); | |||
263 | ret = 1; | |||
264 | } | |||
265 | ||||
266 | err: | |||
267 | X509_STORE_CTX_cleanup(&cert_ctx); | |||
268 | ||||
269 | return ret; | |||
270 | } | |||
271 | ||||
272 | static int | |||
273 | TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509)struct stack_st_X509 *chain) | |||
274 | { | |||
275 | ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si); | |||
276 | STACK_OF(ESS_CERT_ID)struct stack_st_ESS_CERT_ID *cert_ids = NULL((void*)0); | |||
277 | X509 *cert; | |||
278 | int i = 0; | |||
279 | int ret = 0; | |||
280 | ||||
281 | if (!ss) | |||
282 | goto err; | |||
283 | cert_ids = ss->cert_ids; | |||
284 | /* The signer certificate must be the first in cert_ids. */ | |||
285 | cert = sk_X509_value(chain, 0)((X509 *)sk_value(((_STACK*) (1 ? (chain) : (struct stack_st_X509 *)0)), (0))); | |||
286 | if (TS_find_cert(cert_ids, cert) != 0) | |||
287 | goto err; | |||
288 | ||||
289 | /* Check the other certificates of the chain if there are more | |||
290 | than one certificate ids in cert_ids. */ | |||
291 | if (sk_ESS_CERT_ID_num(cert_ids)sk_num(((_STACK*) (1 ? (cert_ids) : (struct stack_st_ESS_CERT_ID *)0))) > 1) { | |||
292 | /* All the certificates of the chain must be in cert_ids. */ | |||
293 | for (i = 1; i < sk_X509_num(chain)sk_num(((_STACK*) (1 ? (chain) : (struct stack_st_X509*)0))); ++i) { | |||
294 | cert = sk_X509_value(chain, i)((X509 *)sk_value(((_STACK*) (1 ? (chain) : (struct stack_st_X509 *)0)), (i))); | |||
295 | if (TS_find_cert(cert_ids, cert) < 0) | |||
296 | goto err; | |||
297 | } | |||
298 | } | |||
299 | ret = 1; | |||
300 | ||||
301 | err: | |||
302 | if (!ret) | |||
303 | TSerror(TS_R_ESS_SIGNING_CERTIFICATE_ERROR)ERR_put_error(47,(0xfff),(101),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,303); | |||
304 | ESS_SIGNING_CERT_free(ss); | |||
305 | return ret; | |||
306 | } | |||
307 | ||||
308 | static ESS_SIGNING_CERT * | |||
309 | ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) | |||
310 | { | |||
311 | ASN1_TYPE *attr; | |||
312 | const unsigned char *p; | |||
313 | ||||
314 | attr = PKCS7_get_signed_attribute(si, | |||
315 | NID_id_smime_aa_signingCertificate223); | |||
316 | if (!attr) | |||
317 | return NULL((void*)0); | |||
318 | if (attr->type != V_ASN1_SEQUENCE16) | |||
319 | return NULL((void*)0); | |||
320 | p = attr->value.sequence->data; | |||
321 | return d2i_ESS_SIGNING_CERT(NULL((void*)0), &p, attr->value.sequence->length); | |||
322 | } | |||
323 | ||||
324 | /* Returns < 0 if certificate is not found, certificate index otherwise. */ | |||
325 | static int | |||
326 | TS_find_cert(STACK_OF(ESS_CERT_ID)struct stack_st_ESS_CERT_ID *cert_ids, X509 *cert) | |||
327 | { | |||
328 | int i; | |||
329 | unsigned char cert_hash[TS_HASH_LEN20]; | |||
330 | ||||
331 | if (!cert_ids || !cert) | |||
332 | return -1; | |||
333 | ||||
334 | if (!X509_digest(cert, TS_HASH_EVPEVP_sha1(), cert_hash, NULL((void*)0))) | |||
335 | return -1; | |||
336 | ||||
337 | /* Recompute SHA1 hash of certificate if necessary (side effect). */ | |||
338 | X509_check_purpose(cert, -1, 0); | |||
339 | ||||
340 | /* Look for cert in the cert_ids vector. */ | |||
341 | for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids)sk_num(((_STACK*) (1 ? (cert_ids) : (struct stack_st_ESS_CERT_ID *)0))); ++i) { | |||
342 | ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i)((ESS_CERT_ID *)sk_value(((_STACK*) (1 ? (cert_ids) : (struct stack_st_ESS_CERT_ID*)0)), (i))); | |||
343 | ||||
344 | /* Check the SHA-1 hash first. */ | |||
345 | if (cid->hash->length == TS_HASH_LEN20 && !memcmp(cid->hash->data, | |||
346 | cert_hash, TS_HASH_LEN20)) { | |||
347 | /* Check the issuer/serial as well if specified. */ | |||
348 | ESS_ISSUER_SERIAL *is = cid->issuer_serial; | |||
349 | if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) | |||
350 | return i; | |||
351 | } | |||
352 | } | |||
353 | ||||
354 | return -1; | |||
355 | } | |||
356 | ||||
357 | static int | |||
358 | TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) | |||
359 | { | |||
360 | GENERAL_NAME *issuer; | |||
361 | ||||
362 | if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer)sk_num(((_STACK*) (1 ? (is->issuer) : (struct stack_st_GENERAL_NAME *)0))) != 1) | |||
363 | return -1; | |||
364 | ||||
365 | /* Check the issuer first. It must be a directory name. */ | |||
366 | issuer = sk_GENERAL_NAME_value(is->issuer, 0)((GENERAL_NAME *)sk_value(((_STACK*) (1 ? (is->issuer) : ( struct stack_st_GENERAL_NAME*)0)), (0))); | |||
367 | if (issuer->type != GEN_DIRNAME4 || | |||
368 | X509_NAME_cmp(issuer->d.dirn, cinfo->issuer)) | |||
369 | return -1; | |||
370 | ||||
371 | /* Check the serial number, too. */ | |||
372 | if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber)) | |||
373 | return -1; | |||
374 | ||||
375 | return 0; | |||
376 | } | |||
377 | ||||
378 | /* | |||
379 | * Verifies whether 'response' contains a valid response with regards | |||
380 | * to the settings of the context: | |||
381 | * - Gives an error message if the TS_TST_INFO is not present. | |||
382 | * - Calls _TS_RESP_verify_token to verify the token content. | |||
383 | */ | |||
384 | int | |||
385 | TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) | |||
386 | { | |||
387 | PKCS7 *token = TS_RESP_get_token(response); | |||
388 | TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); | |||
389 | int ret = 0; | |||
390 | ||||
391 | /* Check if we have a successful TS_TST_INFO object in place. */ | |||
392 | if (!TS_check_status_info(response)) | |||
| ||||
393 | goto err; | |||
394 | ||||
395 | /* Check the contents of the time stamp token. */ | |||
396 | if (!int_TS_RESP_verify_token(ctx, token, tst_info)) | |||
397 | goto err; | |||
398 | ||||
399 | ret = 1; | |||
400 | ||||
401 | err: | |||
402 | return ret; | |||
403 | } | |||
404 | ||||
405 | /* | |||
406 | * Tries to extract a TS_TST_INFO structure from the PKCS7 token and | |||
407 | * calls the internal int_TS_RESP_verify_token function for verifying it. | |||
408 | */ | |||
409 | int | |||
410 | TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) | |||
411 | { | |||
412 | TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); | |||
413 | int ret = 0; | |||
414 | ||||
415 | if (tst_info) { | |||
416 | ret = int_TS_RESP_verify_token(ctx, token, tst_info); | |||
417 | TS_TST_INFO_free(tst_info); | |||
418 | } | |||
419 | return ret; | |||
420 | } | |||
421 | ||||
422 | /* | |||
423 | * Verifies whether the 'token' contains a valid time stamp token | |||
424 | * with regards to the settings of the context. Only those checks are | |||
425 | * carried out that are specified in the context: | |||
426 | * - Verifies the signature of the TS_TST_INFO. | |||
427 | * - Checks the version number of the response. | |||
428 | * - Check if the requested and returned policies math. | |||
429 | * - Check if the message imprints are the same. | |||
430 | * - Check if the nonces are the same. | |||
431 | * - Check if the TSA name matches the signer. | |||
432 | * - Check if the TSA name is the expected TSA. | |||
433 | */ | |||
434 | static int | |||
435 | int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, | |||
436 | TS_TST_INFO *tst_info) | |||
437 | { | |||
438 | X509 *signer = NULL((void*)0); | |||
439 | GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info); | |||
440 | X509_ALGOR *md_alg = NULL((void*)0); | |||
441 | unsigned char *imprint = NULL((void*)0); | |||
442 | unsigned imprint_len = 0; | |||
443 | int ret = 0; | |||
444 | ||||
445 | /* Verify the signature. */ | |||
446 | if ((ctx->flags & TS_VFY_SIGNATURE(1u << 0)) && | |||
447 | !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer)) | |||
448 | goto err; | |||
449 | ||||
450 | /* Check version number of response. */ | |||
451 | if ((ctx->flags & TS_VFY_VERSION(1u << 1)) && | |||
452 | TS_TST_INFO_get_version(tst_info) != 1) { | |||
453 | TSerror(TS_R_UNSUPPORTED_VERSION)ERR_put_error(47,(0xfff),(113),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,453); | |||
454 | goto err; | |||
455 | } | |||
456 | ||||
457 | /* Check policies. */ | |||
458 | if ((ctx->flags & TS_VFY_POLICY(1u << 2)) && | |||
459 | !TS_check_policy(ctx->policy, tst_info)) | |||
460 | goto err; | |||
461 | ||||
462 | /* Check message imprints. */ | |||
463 | if ((ctx->flags & TS_VFY_IMPRINT(1u << 3)) && | |||
464 | !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, | |||
465 | tst_info)) | |||
466 | goto err; | |||
467 | ||||
468 | /* Compute and check message imprints. */ | |||
469 | if ((ctx->flags & TS_VFY_DATA(1u << 4)) && | |||
470 | (!TS_compute_imprint(ctx->data, tst_info, | |||
471 | &md_alg, &imprint, &imprint_len) || | |||
472 | !TS_check_imprints(md_alg, imprint, imprint_len, tst_info))) | |||
473 | goto err; | |||
474 | ||||
475 | /* Check nonces. */ | |||
476 | if ((ctx->flags & TS_VFY_NONCE(1u << 5)) && | |||
477 | !TS_check_nonces(ctx->nonce, tst_info)) | |||
478 | goto err; | |||
479 | ||||
480 | /* Check whether TSA name and signer certificate match. */ | |||
481 | if ((ctx->flags & TS_VFY_SIGNER(1u << 6)) && | |||
482 | tsa_name && !TS_check_signer_name(tsa_name, signer)) { | |||
483 | TSerror(TS_R_TSA_NAME_MISMATCH)ERR_put_error(47,(0xfff),(111),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,483); | |||
484 | goto err; | |||
485 | } | |||
486 | ||||
487 | /* Check whether the TSA is the expected one. */ | |||
488 | if ((ctx->flags & TS_VFY_TSA_NAME(1u << 7)) && | |||
489 | !TS_check_signer_name(ctx->tsa_name, signer)) { | |||
490 | TSerror(TS_R_TSA_UNTRUSTED)ERR_put_error(47,(0xfff),(112),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,490); | |||
491 | goto err; | |||
492 | } | |||
493 | ||||
494 | ret = 1; | |||
495 | ||||
496 | err: | |||
497 | X509_free(signer); | |||
498 | X509_ALGOR_free(md_alg); | |||
499 | free(imprint); | |||
500 | return ret; | |||
501 | } | |||
502 | ||||
503 | static int | |||
504 | TS_check_status_info(TS_RESP *response) | |||
505 | { | |||
506 | TS_STATUS_INFO *info = TS_RESP_get_status_info(response); | |||
507 | long status = ASN1_INTEGER_get(info->status); | |||
508 | const char *status_text = NULL((void*)0); | |||
509 | char *embedded_status_text = NULL((void*)0); | |||
510 | char failure_text[TS_STATUS_BUF_SIZE256] = ""; | |||
511 | ||||
512 | /* Check if everything went fine. */ | |||
513 | if (status == 0 || status == 1) | |||
514 | return 1; | |||
515 | ||||
516 | /* There was an error, get the description in status_text. */ | |||
517 | if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE(sizeof(TS_status_text)/sizeof(*TS_status_text))) | |||
518 | status_text = TS_status_text[status]; | |||
519 | else | |||
520 | status_text = "unknown code"; | |||
521 | ||||
522 | /* Set the embedded_status_text to the returned description. */ | |||
523 | if (sk_ASN1_UTF8STRING_num(info->text)sk_num(((_STACK*) (1 ? (info->text) : (struct stack_st_ASN1_UTF8STRING *)0))) > 0 && | |||
524 | !(embedded_status_text = TS_get_status_text(info->text))) | |||
525 | return 0; | |||
526 | ||||
527 | /* Filling in failure_text with the failure information. */ | |||
528 | if (info->failure_info) { | |||
529 | int i; | |||
530 | int first = 1; | |||
531 | for (i = 0; i < (int)TS_FAILURE_INFO_SIZE(sizeof(TS_failure_info) / sizeof(*TS_failure_info)); ++i) { | |||
532 | if (ASN1_BIT_STRING_get_bit(info->failure_info, | |||
533 | TS_failure_info[i].code)) { | |||
534 | if (!first) | |||
535 | strlcat(failure_text, ",", | |||
536 | TS_STATUS_BUF_SIZE256); | |||
537 | else | |||
538 | first = 0; | |||
539 | strlcat(failure_text, TS_failure_info[i].text, | |||
540 | TS_STATUS_BUF_SIZE256); | |||
541 | } | |||
542 | } | |||
543 | } | |||
544 | if (failure_text[0] == '\0') | |||
545 | strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE256); | |||
546 | ||||
547 | /* Making up the error string. */ | |||
548 | TSerror(TS_R_NO_TIME_STAMP_TOKEN)ERR_put_error(47,(0xfff),(107),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,548); | |||
549 | ERR_asprintf_error_data | |||
550 | ("status code: %s, status text: %s, failure codes: %s", | |||
551 | status_text, | |||
552 | embedded_status_text ? embedded_status_text : "unspecified", | |||
553 | failure_text); | |||
554 | free(embedded_status_text); | |||
555 | ||||
556 | return 0; | |||
557 | } | |||
558 | ||||
559 | static char * | |||
560 | TS_get_status_text(STACK_OF(ASN1_UTF8STRING)struct stack_st_ASN1_UTF8STRING *text) | |||
561 | { | |||
562 | int i; | |||
563 | unsigned int length = 0; | |||
564 | char *result = NULL((void*)0); | |||
565 | ||||
566 | /* Determine length first. */ | |||
567 | for (i = 0; i < sk_ASN1_UTF8STRING_num(text)sk_num(((_STACK*) (1 ? (text) : (struct stack_st_ASN1_UTF8STRING *)0))); ++i) { | |||
568 | ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i)((ASN1_UTF8STRING *)sk_value(((_STACK*) (1 ? (text) : (struct stack_st_ASN1_UTF8STRING*)0)), (i))); | |||
569 | length += ASN1_STRING_length(current); | |||
570 | length += 1; /* separator character */ | |||
571 | } | |||
572 | /* Allocate memory (closing '\0' included). */ | |||
573 | if (!(result = malloc(length))) { | |||
574 | TSerror(ERR_R_MALLOC_FAILURE)ERR_put_error(47,(0xfff),((1|64)),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,574); | |||
575 | return NULL((void*)0); | |||
576 | } | |||
577 | /* Concatenate the descriptions. */ | |||
578 | result[0] = '\0'; | |||
| ||||
579 | for (i = 0; i < sk_ASN1_UTF8STRING_num(text)sk_num(((_STACK*) (1 ? (text) : (struct stack_st_ASN1_UTF8STRING *)0))); ++i) { | |||
580 | ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i)((ASN1_UTF8STRING *)sk_value(((_STACK*) (1 ? (text) : (struct stack_st_ASN1_UTF8STRING*)0)), (i))); | |||
581 | if (i > 0) | |||
582 | strlcat(result, "/", length); | |||
583 | strlcat(result, (const char *)ASN1_STRING_data(current), length); | |||
584 | } | |||
585 | return result; | |||
586 | } | |||
587 | ||||
588 | static int | |||
589 | TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) | |||
590 | { | |||
591 | ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); | |||
592 | ||||
593 | if (OBJ_cmp(req_oid, resp_oid) != 0) { | |||
594 | TSerror(TS_R_POLICY_MISMATCH)ERR_put_error(47,(0xfff),(108),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,594); | |||
595 | return 0; | |||
596 | } | |||
597 | ||||
598 | return 1; | |||
599 | } | |||
600 | ||||
601 | static int | |||
602 | TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **out_md_alg, | |||
603 | unsigned char **out_imprint, unsigned int *out_imprint_len) | |||
604 | { | |||
605 | TS_MSG_IMPRINT *msg_imprint; | |||
606 | X509_ALGOR *md_alg_resp; | |||
607 | X509_ALGOR *md_alg = NULL((void*)0); | |||
608 | unsigned char *imprint = NULL((void*)0); | |||
609 | unsigned int imprint_len = 0; | |||
610 | const EVP_MD *md; | |||
611 | EVP_MD_CTX md_ctx; | |||
612 | unsigned char buffer[4096]; | |||
613 | int length; | |||
614 | ||||
615 | *out_md_alg = NULL((void*)0); | |||
616 | *out_imprint = NULL((void*)0); | |||
617 | *out_imprint_len = 0; | |||
618 | ||||
619 | /* Retrieve the MD algorithm of the response. */ | |||
620 | msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); | |||
621 | md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); | |||
622 | if ((md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL((void*)0)) | |||
623 | goto err; | |||
624 | ||||
625 | /* Getting the MD object. */ | |||
626 | if ((md = EVP_get_digestbyobj((md_alg)->algorithm)EVP_get_digestbyname(OBJ_nid2sn(OBJ_obj2nid((md_alg)->algorithm )))) == NULL((void*)0)) { | |||
627 | TSerror(TS_R_UNSUPPORTED_MD_ALGORITHM)ERR_put_error(47,(0xfff),(126),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,627); | |||
628 | goto err; | |||
629 | } | |||
630 | ||||
631 | /* Compute message digest. */ | |||
632 | if ((length = EVP_MD_size(md)) < 0) | |||
633 | goto err; | |||
634 | imprint_len = length; | |||
635 | if ((imprint = malloc(imprint_len)) == NULL((void*)0)) { | |||
636 | TSerror(ERR_R_MALLOC_FAILURE)ERR_put_error(47,(0xfff),((1|64)),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,636); | |||
637 | goto err; | |||
638 | } | |||
639 | ||||
640 | if (!EVP_DigestInit(&md_ctx, md)) | |||
641 | goto err; | |||
642 | while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { | |||
643 | if (!EVP_DigestUpdate(&md_ctx, buffer, length)) | |||
644 | goto err; | |||
645 | } | |||
646 | if (!EVP_DigestFinal(&md_ctx, imprint, NULL((void*)0))) | |||
647 | goto err; | |||
648 | ||||
649 | *out_md_alg = md_alg; | |||
650 | md_alg = NULL((void*)0); | |||
651 | *out_imprint = imprint; | |||
652 | imprint = NULL((void*)0); | |||
653 | *out_imprint_len = imprint_len; | |||
654 | ||||
655 | return 1; | |||
656 | ||||
657 | err: | |||
658 | X509_ALGOR_free(md_alg); | |||
659 | free(imprint); | |||
660 | return 0; | |||
661 | } | |||
662 | ||||
663 | static int | |||
664 | TS_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a, | |||
665 | TS_TST_INFO *tst_info) | |||
666 | { | |||
667 | TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info); | |||
668 | X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b); | |||
669 | int ret = 0; | |||
670 | ||||
671 | /* algor_a is optional. */ | |||
672 | if (algor_a) { | |||
673 | /* Compare algorithm OIDs. */ | |||
674 | if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) | |||
675 | goto err; | |||
676 | ||||
677 | /* The parameter must be NULL in both. */ | |||
678 | if ((algor_a->parameter && | |||
679 | ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL5) || | |||
680 | (algor_b->parameter && | |||
681 | ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL5)) | |||
682 | goto err; | |||
683 | } | |||
684 | ||||
685 | /* Compare octet strings. */ | |||
686 | ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg) && | |||
687 | memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0; | |||
688 | ||||
689 | err: | |||
690 | if (!ret) | |||
691 | TSerror(TS_R_MESSAGE_IMPRINT_MISMATCH)ERR_put_error(47,(0xfff),(103),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,691); | |||
692 | return ret; | |||
693 | } | |||
694 | ||||
695 | static int | |||
696 | TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) | |||
697 | { | |||
698 | const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); | |||
699 | ||||
700 | /* Error if nonce is missing. */ | |||
701 | if (!b) { | |||
702 | TSerror(TS_R_NONCE_NOT_RETURNED)ERR_put_error(47,(0xfff),(105),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,702); | |||
703 | return 0; | |||
704 | } | |||
705 | ||||
706 | /* No error if a nonce is returned without being requested. */ | |||
707 | if (ASN1_INTEGER_cmp(a, b) != 0) { | |||
708 | TSerror(TS_R_NONCE_MISMATCH)ERR_put_error(47,(0xfff),(104),"/usr/src/lib/libcrypto/ts/ts_rsp_verify.c" ,708); | |||
709 | return 0; | |||
710 | } | |||
711 | ||||
712 | return 1; | |||
713 | } | |||
714 | ||||
715 | /* Check if the specified TSA name matches either the subject | |||
716 | or one of the subject alternative names of the TSA certificate. */ | |||
717 | static int | |||
718 | TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) | |||
719 | { | |||
720 | STACK_OF(GENERAL_NAME)struct stack_st_GENERAL_NAME *gen_names = NULL((void*)0); | |||
721 | int idx = -1; | |||
722 | int found = 0; | |||
723 | ||||
724 | if (signer == NULL((void*)0)) | |||
725 | return 0; | |||
726 | ||||
727 | /* Check the subject name first. */ | |||
728 | if (tsa_name->type == GEN_DIRNAME4 && | |||
729 | X509_NAME_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) | |||
730 | return 1; | |||
731 | ||||
732 | /* Check all the alternative names. */ | |||
733 | gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name85, | |||
734 | NULL((void*)0), &idx); | |||
735 | while (gen_names != NULL((void*)0) && | |||
736 | !(found = (TS_find_name(gen_names, tsa_name) >= 0))) { | |||
737 | /* Get the next subject alternative name, | |||
738 | although there should be no more than one. */ | |||
739 | GENERAL_NAMES_free(gen_names); | |||
740 | gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name85, | |||
741 | NULL((void*)0), &idx); | |||
742 | } | |||
743 | if (gen_names) | |||
744 | GENERAL_NAMES_free(gen_names); | |||
745 | ||||
746 | return found; | |||
747 | } | |||
748 | ||||
749 | /* Returns 1 if name is in gen_names, 0 otherwise. */ | |||
750 | static int | |||
751 | TS_find_name(STACK_OF(GENERAL_NAME)struct stack_st_GENERAL_NAME *gen_names, GENERAL_NAME *name) | |||
752 | { | |||
753 | int i, found; | |||
754 | for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names)sk_num(((_STACK*) (1 ? (gen_names) : (struct stack_st_GENERAL_NAME *)0))); | |||
755 | ++i) { | |||
756 | GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i)((GENERAL_NAME *)sk_value(((_STACK*) (1 ? (gen_names) : (struct stack_st_GENERAL_NAME*)0)), (i))); | |||
757 | found = GENERAL_NAME_cmp(current, name) == 0; | |||
758 | } | |||
759 | return found ? i - 1 : -1; | |||
760 | } |