/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ #include "crypto/s2n_openssl_x509.h" #include "api/s2n.h" DEFINE_POINTER_CLEANUP_FUNC(EVP_PKEY *, EVP_PKEY_free); DEFINE_POINTER_CLEANUP_FUNC(EC_KEY *, EC_KEY_free); S2N_CLEANUP_RESULT s2n_openssl_x509_stack_pop_free(STACK_OF(X509) **cert_chain) { RESULT_ENSURE_REF(*cert_chain); sk_X509_pop_free(*cert_chain, X509_free); *cert_chain = NULL; return S2N_RESULT_OK; } S2N_CLEANUP_RESULT s2n_openssl_asn1_time_free_pointer(ASN1_GENERALIZEDTIME **time_ptr) { /* The ANS1_*TIME structs are just typedef wrappers around ASN1_STRING * * The ASN1_TIME, ASN1_UTCTIME and ASN1_GENERALIZEDTIME structures are * represented as an ASN1_STRING internally and can be freed up using * ASN1_STRING_free(). * https://www.openssl.org/docs/man1.1.1/man3/ASN1_TIME_to_tm.html */ RESULT_ENSURE_REF(*time_ptr); ASN1_STRING_free((ASN1_STRING *) *time_ptr); *time_ptr = NULL; return S2N_RESULT_OK; } S2N_RESULT s2n_openssl_x509_parse_impl(struct s2n_blob *asn1der, X509 **cert_out, uint32_t *parsed_length) { RESULT_ENSURE_REF(asn1der); RESULT_ENSURE_REF(asn1der->data); RESULT_ENSURE_REF(cert_out); RESULT_ENSURE_REF(parsed_length); uint8_t *cert_to_parse = asn1der->data; *cert_out = d2i_X509(NULL, (const unsigned char **) (void *) &cert_to_parse, asn1der->size); RESULT_ENSURE(*cert_out != NULL, S2N_ERR_DECODE_CERTIFICATE); /* If cert parsing is successful, d2i_X509 increments *cert_to_parse to the byte following the parsed data */ *parsed_length = cert_to_parse - asn1der->data; return S2N_RESULT_OK; } S2N_RESULT s2n_openssl_x509_parse_without_length_validation(struct s2n_blob *asn1der, X509 **cert_out) { RESULT_ENSURE_REF(asn1der); RESULT_ENSURE_REF(cert_out); uint32_t parsed_len = 0; RESULT_GUARD(s2n_openssl_x509_parse_impl(asn1der, cert_out, &parsed_len)); return S2N_RESULT_OK; } S2N_RESULT s2n_openssl_x509_parse(struct s2n_blob *asn1der, X509 **cert_out) { RESULT_ENSURE_REF(asn1der); RESULT_ENSURE_REF(cert_out); uint32_t parsed_len = 0; RESULT_GUARD(s2n_openssl_x509_parse_impl(asn1der, cert_out, &parsed_len)); /* Some TLS clients in the wild send extra trailing bytes after the Certificate. * Allow this in s2n for backwards compatibility with existing clients. */ uint32_t trailing_bytes = asn1der->size - parsed_len; RESULT_ENSURE(trailing_bytes <= S2N_MAX_ALLOWED_CERT_TRAILING_BYTES, S2N_ERR_DECODE_CERTIFICATE); return S2N_RESULT_OK; } S2N_RESULT s2n_openssl_x509_get_cert_info(X509 *cert, struct s2n_cert_info *info) { RESULT_ENSURE_REF(cert); RESULT_ENSURE_REF(info); X509_NAME *issuer_name = X509_get_issuer_name(cert); RESULT_ENSURE_REF(issuer_name); X509_NAME *subject_name = X509_get_subject_name(cert); RESULT_ENSURE_REF(subject_name); if (X509_NAME_cmp(issuer_name, subject_name) == 0) { info->self_signed = true; } else { info->self_signed = false; } #if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x02070000f) RESULT_ENSURE_REF(cert->sig_alg); info->signature_nid = OBJ_obj2nid(cert->sig_alg->algorithm); #else info->signature_nid = X509_get_signature_nid(cert); #endif /* There is no method to directly retrieve the signature digest from the X509* * that is available in all libcryptos, so instead we use find_sigid_algs. For * a signature with NID_ecdsa_with_SHA256 this will return NID_SHA256 * * signature_digest_nid may not always be set. ML-DSA does not have an associated digest. */ int find_result = OBJ_find_sigid_algs(info->signature_nid, &info->signature_digest_nid, NULL); if (find_result != 1) { /* OBJ_find_sigid_algs may fail for ML-DSA-44 and ML-DSA-87, depending on the * version of AWS-LC. See https://github.com/aws/aws-lc/issues/2347. * * In order to handle this bug, we interpret failures from OBJ_find_sigid_algs * as signature_digest_nid==0, which is equivalent to an undefined digest. */ info->signature_digest_nid = 0; } DEFER_CLEANUP(EVP_PKEY *pubkey = X509_get_pubkey(cert), EVP_PKEY_free_pointer); RESULT_ENSURE(pubkey != NULL, S2N_ERR_DECODE_CERTIFICATE); info->public_key_bits = EVP_PKEY_bits(pubkey); RESULT_ENSURE(info->public_key_bits > 0, S2N_ERR_CERT_TYPE_UNSUPPORTED); if (EVP_PKEY_base_id(pubkey) == EVP_PKEY_EC) { DEFER_CLEANUP(EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pubkey), EC_KEY_free_pointer); RESULT_ENSURE_REF(ec_key); const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key); RESULT_ENSURE_REF(ec_group); info->public_key_nid = EC_GROUP_get_curve_name(ec_group); } else { info->public_key_nid = EVP_PKEY_id(pubkey); } RESULT_ENSURE(info->public_key_nid != NID_undef, S2N_ERR_CERT_TYPE_UNSUPPORTED); return S2N_RESULT_OK; }