Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 1fb125c74a0b547c95ce7e6b7dd12ddb68d45d35 / . / ssl / ssl_rsa.c
blob: cca2f06384700775b0823e273ee03e25a478345a [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
David Benjamin443a1f62015-09-04 15:05:05 -0400[diff] [blame]57#include <openssl/ssl.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]58
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]59#include <limits.h>
60
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]61#include <openssl/ec.h>
62#include <openssl/ec_key.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]63#include <openssl/err.h>
64#include <openssl/evp.h>
65#include <openssl/mem.h>
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]66#include <openssl/type_check.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]67#include <openssl/x509.h>
68
David Benjamin2ee94aa2015-04-07 22:38:30 -0400[diff] [blame]69#include "internal.h"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]70
David Benjamin443a1f62015-09-04 15:05:05 -0400[diff] [blame]71
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]72static int ssl_set_cert(CERT *c, X509 *x509);
73static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]74
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]75static int is_key_type_supported(int key_type) {
76 return key_type == EVP_PKEY_RSA || key_type == EVP_PKEY_EC;
77}
78
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]79int SSL_use_certificate(SSL *ssl, X509 *x) {
80 if (x == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]81 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]82 return 0;
83 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]84 return ssl_set_cert(ssl->cert, x);
85}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]86
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]87int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) {
88 if (der_len > LONG_MAX) {
89 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]90 return 0;
91 }
92
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]93 const uint8_t *p = der;
94 X509 *x509 = d2i_X509(NULL, &p, (long)der_len);
95 if (x509 == NULL || p != der + der_len) {
96 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
97 X509_free(x509);
98 return 0;
99 }
100
101 int ret = SSL_use_certificate(ssl, x509);
102 X509_free(x509);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]103 return ret;
104}
105
106int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) {
107 EVP_PKEY *pkey;
108 int ret;
109
110 if (rsa == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]111 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]112 return 0;
113 }
114
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]115 pkey = EVP_PKEY_new();
116 if (pkey == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]117 OPENSSL_PUT_ERROR(SSL, ERR_R_EVP_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]118 return 0;
119 }
120
121 RSA_up_ref(rsa);
122 EVP_PKEY_assign_RSA(pkey, rsa);
123
124 ret = ssl_set_pkey(ssl->cert, pkey);
125 EVP_PKEY_free(pkey);
126
127 return ret;
128}
129
130static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) {
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]131 if (!is_key_type_supported(pkey->type)) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]132 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]133 return 0;
134 }
135
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]136 if (c->x509 != NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]137 /* Sanity-check that the private key and the certificate match, unless the
138 * key is opaque (in case of, say, a smartcard). */
139 if (!EVP_PKEY_is_opaque(pkey) &&
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]140 !X509_check_private_key(c->x509, pkey)) {
141 X509_free(c->x509);
142 c->x509 = NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]143 return 0;
144 }
145 }
146
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]147 EVP_PKEY_free(c->privatekey);
Adam Langley310d3f62016-07-12 10:39:20 -0700[diff] [blame]148 EVP_PKEY_up_ref(pkey);
149 c->privatekey = pkey;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]150
151 return 1;
152}
153
David Benjamin74f71102015-06-27 14:56:25 -0400[diff] [blame]154int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) {
155 RSA *rsa = RSA_private_key_from_bytes(der, der_len);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]156 if (rsa == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]157 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]158 return 0;
159 }
160
David Benjamin74f71102015-06-27 14:56:25 -0400[diff] [blame]161 int ret = SSL_use_RSAPrivateKey(ssl, rsa);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]162 RSA_free(rsa);
163 return ret;
164}
165
166int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) {
167 int ret;
168
169 if (pkey == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]170 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]171 return 0;
172 }
173
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]174 ret = ssl_set_pkey(ssl->cert, pkey);
175 return ret;
176}
177
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]178int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const uint8_t *der,
179 size_t der_len) {
180 if (der_len > LONG_MAX) {
181 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]182 return 0;
183 }
184
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]185 const uint8_t *p = der;
186 EVP_PKEY *pkey = d2i_PrivateKey(type, NULL, &p, (long)der_len);
187 if (pkey == NULL || p != der + der_len) {
188 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
189 EVP_PKEY_free(pkey);
190 return 0;
191 }
192
193 int ret = SSL_use_PrivateKey(ssl, pkey);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]194 EVP_PKEY_free(pkey);
195 return ret;
196}
197
198int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) {
199 if (x == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]200 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]201 return 0;
202 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]203
204 return ssl_set_cert(ctx->cert, x);
205}
206
207static int ssl_set_cert(CERT *c, X509 *x) {
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]208 EVP_PKEY *pkey = X509_get_pubkey(x);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]209 if (pkey == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]210 OPENSSL_PUT_ERROR(SSL, SSL_R_X509_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]211 return 0;
212 }
213
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]214 if (!is_key_type_supported(pkey->type)) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]215 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]216 EVP_PKEY_free(pkey);
217 return 0;
218 }
219
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]220 if (c->privatekey != NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]221 /* Sanity-check that the private key and the certificate match, unless the
222 * key is opaque (in case of, say, a smartcard). */
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]223 if (!EVP_PKEY_is_opaque(c->privatekey) &&
224 !X509_check_private_key(x, c->privatekey)) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]225 /* don't fail for a cert/key mismatch, just free current private key
226 * (when switching to a different cert & key, first this function should
227 * be used, then ssl_set_pkey */
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]228 EVP_PKEY_free(c->privatekey);
229 c->privatekey = NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]230 /* clear error queue */
231 ERR_clear_error();
232 }
233 }
234
235 EVP_PKEY_free(pkey);
236
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]237 X509_free(c->x509);
238 c->x509 = X509_up_ref(x);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]239
240 return 1;
241}
242
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]243int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, size_t der_len,
244 const uint8_t *der) {
245 if (der_len > LONG_MAX) {
246 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]247 return 0;
248 }
249
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]250 const uint8_t *p = der;
251 X509 *x509 = d2i_X509(NULL, &p, (long)der_len);
252 if (x509 == NULL || p != der + der_len) {
253 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
254 X509_free(x509);
255 return 0;
256 }
257
258 int ret = SSL_CTX_use_certificate(ctx, x509);
259 X509_free(x509);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]260 return ret;
261}
262
263int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) {
264 int ret;
265 EVP_PKEY *pkey;
266
267 if (rsa == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]268 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]269 return 0;
270 }
271
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]272 pkey = EVP_PKEY_new();
273 if (pkey == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]274 OPENSSL_PUT_ERROR(SSL, ERR_R_EVP_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]275 return 0;
276 }
277
278 RSA_up_ref(rsa);
279 EVP_PKEY_assign_RSA(pkey, rsa);
280
281 ret = ssl_set_pkey(ctx->cert, pkey);
282 EVP_PKEY_free(pkey);
283 return ret;
284}
285
David Benjamin74f71102015-06-27 14:56:25 -0400[diff] [blame]286int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const uint8_t *der,
287 size_t der_len) {
288 RSA *rsa = RSA_private_key_from_bytes(der, der_len);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]289 if (rsa == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]290 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]291 return 0;
292 }
293
David Benjamin74f71102015-06-27 14:56:25 -0400[diff] [blame]294 int ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]295 RSA_free(rsa);
296 return ret;
297}
298
299int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) {
300 if (pkey == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]301 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]302 return 0;
303 }
304
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]305 return ssl_set_pkey(ctx->cert, pkey);
306}
307
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]308int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const uint8_t *der,
309 size_t der_len) {
310 if (der_len > LONG_MAX) {
311 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]312 return 0;
313 }
314
David Benjamin3a596112015-11-12 09:25:30 -0800[diff] [blame]315 const uint8_t *p = der;
316 EVP_PKEY *pkey = d2i_PrivateKey(type, NULL, &p, (long)der_len);
317 if (pkey == NULL || p != der + der_len) {
318 OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
319 EVP_PKEY_free(pkey);
320 return 0;
321 }
322
323 int ret = SSL_CTX_use_PrivateKey(ctx, pkey);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]324 EVP_PKEY_free(pkey);
325 return ret;
326}
327
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]328void SSL_set_private_key_method(SSL *ssl,
329 const SSL_PRIVATE_KEY_METHOD *key_method) {
330 ssl->cert->key_method = key_method;
331}
332
Tom Thorogood66b2fe82016-03-06 20:08:38 +1030[diff] [blame]333void SSL_CTX_set_private_key_method(SSL_CTX *ctx,
334 const SSL_PRIVATE_KEY_METHOD *key_method) {
335 ctx->cert->key_method = key_method;
336}
337
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]338OPENSSL_COMPILE_ASSERT(sizeof(int) >= 2 * sizeof(uint16_t),
339 digest_list_conversion_cannot_overflow);
340
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]341int SSL_set_private_key_digest_prefs(SSL *ssl, const int *digest_nids,
342 size_t num_digests) {
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]343 OPENSSL_free(ssl->cert->sigalgs);
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]344
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]345 ssl->cert->sigalgs_len = 0;
346 ssl->cert->sigalgs = OPENSSL_malloc(sizeof(uint16_t) * 2 * num_digests);
347 if (ssl->cert->sigalgs == NULL) {
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]348 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
349 return 0;
350 }
351
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]352 /* Convert the digest list to a signature algorithms list.
353 *
354 * TODO(davidben): Replace this API with one that can express RSA-PSS, etc. */
355 for (size_t i = 0; i < num_digests; i++) {
356 switch (digest_nids[i]) {
357 case NID_sha1:
358 ssl->cert->sigalgs[ssl->cert->sigalgs_len] = SSL_SIGN_RSA_PKCS1_SHA1;
359 ssl->cert->sigalgs[ssl->cert->sigalgs_len + 1] = SSL_SIGN_ECDSA_SHA1;
360 ssl->cert->sigalgs_len += 2;
361 break;
362 case NID_sha256:
363 ssl->cert->sigalgs[ssl->cert->sigalgs_len] = SSL_SIGN_RSA_PKCS1_SHA256;
364 ssl->cert->sigalgs[ssl->cert->sigalgs_len + 1] =
365 SSL_SIGN_ECDSA_SECP256R1_SHA256;
366 ssl->cert->sigalgs_len += 2;
367 break;
368 case NID_sha384:
369 ssl->cert->sigalgs[ssl->cert->sigalgs_len] = SSL_SIGN_RSA_PKCS1_SHA384;
370 ssl->cert->sigalgs[ssl->cert->sigalgs_len + 1] =
371 SSL_SIGN_ECDSA_SECP384R1_SHA384;
372 ssl->cert->sigalgs_len += 2;
373 break;
374 case NID_sha512:
375 ssl->cert->sigalgs[ssl->cert->sigalgs_len] = SSL_SIGN_RSA_PKCS1_SHA512;
376 ssl->cert->sigalgs[ssl->cert->sigalgs_len + 1] =
377 SSL_SIGN_ECDSA_SECP521R1_SHA512;
378 ssl->cert->sigalgs_len += 2;
379 break;
380 }
381 }
382
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]383 return 1;
384}
385
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]386int ssl_has_private_key(SSL *ssl) {
387 return ssl->cert->privatekey != NULL || ssl->cert->key_method != NULL;
388}
389
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]390int ssl_private_key_type(SSL *ssl) {
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]391 if (ssl->cert->key_method != NULL) {
392 return ssl->cert->key_method->type(ssl);
393 }
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]394 return EVP_PKEY_id(ssl->cert->privatekey);
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]395}
396
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]397size_t ssl_private_key_max_signature_len(SSL *ssl) {
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]398 if (ssl->cert->key_method != NULL) {
399 return ssl->cert->key_method->max_signature_len(ssl);
400 }
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]401 return EVP_PKEY_size(ssl->cert->privatekey);
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]402}
403
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]404static int is_rsa_pkcs1(const EVP_MD **out_md, uint16_t sigalg) {
405 switch (sigalg) {
406 case SSL_SIGN_RSA_PKCS1_MD5_SHA1:
407 *out_md = EVP_md5_sha1();
408 return 1;
409 case SSL_SIGN_RSA_PKCS1_SHA1:
410 *out_md = EVP_sha1();
411 return 1;
412 case SSL_SIGN_RSA_PKCS1_SHA256:
413 *out_md = EVP_sha256();
414 return 1;
415 case SSL_SIGN_RSA_PKCS1_SHA384:
416 *out_md = EVP_sha384();
417 return 1;
418 case SSL_SIGN_RSA_PKCS1_SHA512:
419 *out_md = EVP_sha512();
420 return 1;
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]421 default:
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]422 return 0;
David Benjamind246b812016-07-08 15:07:02 -0700[diff] [blame]423 }
424}
425
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]426static int ssl_sign_rsa_pkcs1(SSL *ssl, uint8_t *out, size_t *out_len,
427 size_t max_out, const EVP_MD *md,
428 const uint8_t *in, size_t in_len) {
429 EVP_MD_CTX ctx;
430 EVP_MD_CTX_init(&ctx);
431 *out_len = max_out;
432 int ret = EVP_DigestSignInit(&ctx, NULL, md, NULL, ssl->cert->privatekey) &&
433 EVP_DigestSignUpdate(&ctx, in, in_len) &&
434 EVP_DigestSignFinal(&ctx, out, out_len);
435 EVP_MD_CTX_cleanup(&ctx);
436 return ret;
437}
438
439static int ssl_verify_rsa_pkcs1(SSL *ssl, const uint8_t *signature,
440 size_t signature_len, const EVP_MD *md,
441 EVP_PKEY *pkey, const uint8_t *in,
442 size_t in_len) {
David Benjamin887c3002016-07-08 16:15:32 -0700[diff] [blame]443 if (pkey->type != EVP_PKEY_RSA) {
444 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
445 return 0;
446 }
447
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]448 EVP_MD_CTX md_ctx;
449 EVP_MD_CTX_init(&md_ctx);
450 int ret = EVP_DigestVerifyInit(&md_ctx, NULL, md, NULL, pkey) &&
451 EVP_DigestVerifyUpdate(&md_ctx, in, in_len) &&
452 EVP_DigestVerifyFinal(&md_ctx, signature, signature_len);
453 EVP_MD_CTX_cleanup(&md_ctx);
454 return ret;
455}
456
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]457static int is_ecdsa(int *out_curve, const EVP_MD **out_md, uint16_t sigalg) {
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]458 switch (sigalg) {
459 case SSL_SIGN_ECDSA_SHA1:
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]460 *out_curve = NID_undef;
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]461 *out_md = EVP_sha1();
462 return 1;
463 case SSL_SIGN_ECDSA_SECP256R1_SHA256:
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]464 *out_curve = NID_X9_62_prime256v1;
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]465 *out_md = EVP_sha256();
466 return 1;
467 case SSL_SIGN_ECDSA_SECP384R1_SHA384:
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]468 *out_curve = NID_secp384r1;
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]469 *out_md = EVP_sha384();
470 return 1;
471 case SSL_SIGN_ECDSA_SECP521R1_SHA512:
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]472 *out_curve = NID_secp521r1;
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]473 *out_md = EVP_sha512();
474 return 1;
475 default:
476 return 0;
477 }
478}
479
480static int ssl_sign_ecdsa(SSL *ssl, uint8_t *out, size_t *out_len,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]481 size_t max_out, int curve, const EVP_MD *md,
482 const uint8_t *in, size_t in_len) {
483 EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ssl->cert->privatekey);
484 if (ec_key == NULL) {
485 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
486 return 0;
487 }
488
489 /* In TLS 1.3, the curve is also specified by the signature algorithm. */
490 if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
491 (curve == NID_undef ||
492 EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) != curve)) {
493 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
494 return 0;
495 }
496
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]497 EVP_MD_CTX ctx;
498 EVP_MD_CTX_init(&ctx);
499 *out_len = max_out;
500 int ret = EVP_DigestSignInit(&ctx, NULL, md, NULL, ssl->cert->privatekey) &&
501 EVP_DigestSignUpdate(&ctx, in, in_len) &&
502 EVP_DigestSignFinal(&ctx, out, out_len);
503 EVP_MD_CTX_cleanup(&ctx);
504 return ret;
505}
506
507static int ssl_verify_ecdsa(SSL *ssl, const uint8_t *signature,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]508 size_t signature_len, int curve, const EVP_MD *md,
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]509 EVP_PKEY *pkey, const uint8_t *in, size_t in_len) {
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]510 EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
511 if (ec_key == NULL) {
512 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
513 return 0;
514 }
515
516 /* In TLS 1.3, the curve is also specified by the signature algorithm. */
517 if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
518 (curve == NID_undef ||
519 EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) != curve)) {
David Benjamin887c3002016-07-08 16:15:32 -0700[diff] [blame]520 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
521 return 0;
522 }
523
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]524 EVP_MD_CTX md_ctx;
525 EVP_MD_CTX_init(&md_ctx);
526 int ret = EVP_DigestVerifyInit(&md_ctx, NULL, md, NULL, pkey) &&
527 EVP_DigestVerifyUpdate(&md_ctx, in, in_len) &&
528 EVP_DigestVerifyFinal(&md_ctx, signature, signature_len);
529 EVP_MD_CTX_cleanup(&md_ctx);
530 return ret;
531}
532
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]533enum ssl_private_key_result_t ssl_private_key_sign(
Steven Valdezf0451ca2016-06-29 13:16:27 -0400[diff] [blame]534 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
535 uint16_t signature_algorithm, const uint8_t *in, size_t in_len) {
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]536 if (ssl->cert->key_method != NULL) {
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]537 /* For now, custom private keys can only handle pre-TLS-1.3 signature
538 * algorithms.
539 *
540 * TODO(davidben): Switch SSL_PRIVATE_KEY_METHOD to message-based APIs. */
541 const EVP_MD *md;
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]542 int curve;
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]543 if (!is_rsa_pkcs1(&md, signature_algorithm) &&
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]544 !is_ecdsa(&curve, &md, signature_algorithm)) {
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]545 OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY);
546 return ssl_private_key_failure;
547 }
548
549 uint8_t hash[EVP_MAX_MD_SIZE];
550 unsigned hash_len;
551 if (!EVP_Digest(in, in_len, hash, &hash_len, md, NULL)) {
552 return ssl_private_key_failure;
553 }
554
Steven Valdez2b8415e2016-06-30 13:27:23 -0400[diff] [blame]555 return ssl->cert->key_method->sign(ssl, out, out_len, max_out, md, hash,
556 hash_len);
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]557 }
558
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]559 const EVP_MD *md;
560 if (is_rsa_pkcs1(&md, signature_algorithm)) {
561 return ssl_sign_rsa_pkcs1(ssl, out, out_len, max_out, md, in, in_len)
562 ? ssl_private_key_success
563 : ssl_private_key_failure;
564 }
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]565 int curve;
566 if (is_ecdsa(&curve, &md, signature_algorithm)) {
567 return ssl_sign_ecdsa(ssl, out, out_len, max_out, curve, md, in, in_len)
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]568 ? ssl_private_key_success
569 : ssl_private_key_failure;
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]570 }
571
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]572 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
573 return ssl_private_key_failure;
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]574}
575
576enum ssl_private_key_result_t ssl_private_key_sign_complete(
577 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out) {
578 /* Only custom keys may be asynchronous. */
579 return ssl->cert->key_method->sign_complete(ssl, out, out_len, max_out);
580}
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]581
Steven Valdez2b8415e2016-06-30 13:27:23 -0400[diff] [blame]582int ssl_public_key_verify(SSL *ssl, const uint8_t *signature,
583 size_t signature_len, uint16_t signature_algorithm,
584 EVP_PKEY *pkey, const uint8_t *in, size_t in_len) {
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]585 const EVP_MD *md;
586 if (is_rsa_pkcs1(&md, signature_algorithm)) {
587 return ssl_verify_rsa_pkcs1(ssl, signature, signature_len, md, pkey, in,
588 in_len);
589 }
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]590 int curve;
591 if (is_ecdsa(&curve, &md, signature_algorithm)) {
592 return ssl_verify_ecdsa(ssl, signature, signature_len, curve, md, pkey, in,
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]593 in_len);
Steven Valdez2b8415e2016-06-30 13:27:23 -0400[diff] [blame]594 }
595
David Benjamina2d81f12016-07-08 15:42:16 -0700[diff] [blame]596 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
597 return 0;
Steven Valdez2b8415e2016-06-30 13:27:23 -0400[diff] [blame]598}
599
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]600enum ssl_private_key_result_t ssl_private_key_decrypt(
601 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
602 const uint8_t *in, size_t in_len) {
603 if (ssl->cert->key_method != NULL) {
604 return ssl->cert->key_method->decrypt(ssl, out, out_len, max_out, in,
605 in_len);
606 }
607
David Benjamin758d1272015-11-20 17:47:25 -0500[diff] [blame]608 RSA *rsa = EVP_PKEY_get0_RSA(ssl->cert->privatekey);
609 if (rsa == NULL) {
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]610 /* Decrypt operations are only supported for RSA keys. */
611 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
612 return ssl_private_key_failure;
613 }
614
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]615 /* Decrypt with no padding. PKCS#1 padding will be removed as part
616 * of the timing-sensitive code by the caller. */
David Benjamin758d1272015-11-20 17:47:25 -0500[diff] [blame]617 if (!RSA_decrypt(rsa, out_len, out, max_out, in, in_len, RSA_NO_PADDING)) {
618 return ssl_private_key_failure;
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]619 }
David Benjamin758d1272015-11-20 17:47:25 -0500[diff] [blame]620 return ssl_private_key_success;
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]621}
622
623enum ssl_private_key_result_t ssl_private_key_decrypt_complete(
624 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out) {
625 /* Only custom keys may be asynchronous. */
626 return ssl->cert->key_method->decrypt_complete(ssl, out, out_len, max_out);
627}
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame^]628
629int ssl_private_key_supports_signature_algorithm(SSL *ssl,
630 uint16_t signature_algorithm) {
631 const EVP_MD *md;
632 if (is_rsa_pkcs1(&md, signature_algorithm)) {
633 return ssl_private_key_type(ssl) == EVP_PKEY_RSA;
634 }
635
636 int curve;
637 if (is_ecdsa(&curve, &md, signature_algorithm)) {
638 if (ssl_private_key_type(ssl) != EVP_PKEY_EC) {
639 return 0;
640 }
641
642 /* For non-custom keys, also check the curve matches. Custom private keys
643 * must instead configure the signature algorithms accordingly. */
644 if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
645 ssl->cert->key_method == NULL) {
646 EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ssl->cert->privatekey);
647 if (curve == NID_undef ||
648 EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) != curve) {
649 return 0;
650 }
651 }
652 return 1;
653 }
654
655 return 0;
656}