X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fpkcs12%2Fp12_mutl.c;h=eb9e6eb47763e97f856139efd8b272d074c3352c;hb=cd4afec69f13e283f74d59f1c97e15db6803bdcb;hp=4025e3fc41859969f267fdc747592e70933bd022;hpb=b39fc560612984e65ec30d7f37487303bf514fb3;p=oweals%2Fopenssl.git diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 4025e3fc41..eb9e6eb477 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -1,77 +1,98 @@ -/* p12_mutl.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * HMAC low level APIs are deprecated for public use, but still ok for internal + * use. */ +#include "internal/deprecated.h" -# include -# include "internal/cryptlib.h" -# include -# include -# include +#include +#include "internal/cryptlib.h" +#include +#include +#include +#include +#include "p12_local.h" + +int PKCS12_mac_present(const PKCS12 *p12) +{ + return p12->mac ? 1 : 0; +} + +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, + const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, + const ASN1_INTEGER **piter, + const PKCS12 *p12) +{ + if (p12->mac) { + X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac); + if (psalt) + *psalt = p12->mac->salt; + if (piter) + *piter = p12->mac->iter; + } else { + if (pmac) + *pmac = NULL; + if (pmacalg) + *pmacalg = NULL; + if (psalt) + *psalt = NULL; + if (piter) + *piter = NULL; + } +} + +#define TK26_MAC_KEY_LEN 32 + +static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, + const unsigned char *salt, int saltlen, + int iter, int keylen, unsigned char *key, + const EVP_MD *digest) +{ + unsigned char out[96]; + + if (keylen != TK26_MAC_KEY_LEN) { + return 0; + } + + if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, + digest, sizeof(out), out)) { + return 0; + } + memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN); + OPENSSL_cleanse(out, sizeof(out)); + return 1; +} /* Generate a MAC */ -int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen) +static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen, + int (*pkcs12_key_gen)(const char *pass, int passlen, + unsigned char *salt, int slen, + int id, int iter, int n, + unsigned char *out, + const EVP_MD *md_type)) { + int ret = 0; const EVP_MD *md_type; - HMAC_CTX hmac; + HMAC_CTX *hmac = NULL; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; - int md_size; + int md_size = 0; + int md_type_nid; + const X509_ALGOR *macalg; + const ASN1_OBJECT *macoid; + + if (pkcs12_key_gen == NULL) + pkcs12_key_gen = PKCS12_key_gen_utf8; if (!PKCS7_type_is_data(p12->authsafes)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); @@ -80,33 +101,55 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; - if (!p12->mac->iter) + if (p12->mac->iter == NULL) iter = 1; else iter = ASN1_INTEGER_get(p12->mac->iter); - if ((md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm)) - == NULL) { + X509_SIG_get0(p12->mac->dinfo, &macalg, NULL); + X509_ALGOR_get0(&macoid, NULL, NULL, macalg); + if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } md_size = EVP_MD_size(md_type); + md_type_nid = EVP_MD_type(md_type); if (md_size < 0) return 0; - if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, - md_size, key, md_type)) { + if ((md_type_nid == NID_id_GostR3411_94 + || md_type_nid == NID_id_GostR3411_2012_256 + || md_type_nid == NID_id_GostR3411_2012_512) + && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) { + md_size = TK26_MAC_KEY_LEN; + if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, + md_size, key, md_type)) { + PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); + goto err; + } + } else + if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, + iter, md_size, key, md_type)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); - return 0; + goto err; } - HMAC_CTX_init(&hmac); - if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) - || !HMAC_Update(&hmac, p12->authsafes->d.data->data, + if ((hmac = HMAC_CTX_new()) == NULL + || !HMAC_Init_ex(hmac, key, md_size, md_type, NULL) + || !HMAC_Update(hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length) - || !HMAC_Final(&hmac, mac, maclen)) { - HMAC_CTX_cleanup(&hmac); - return 0; + || !HMAC_Final(hmac, mac, maclen)) { + goto err; } - HMAC_CTX_cleanup(&hmac); - return 1; + ret = 1; + +err: + OPENSSL_cleanse(key, sizeof(key)); + HMAC_CTX_free(hmac); + return ret; +} + +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen) +{ + return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL); } /* Verify the mac */ @@ -114,17 +157,22 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; + const ASN1_OCTET_STRING *macoct; + if (p12->mac == NULL) { PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); return 0; } - if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { + if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, + PKCS12_key_gen_utf8)) { PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } - if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) - || memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + X509_SIG_get0(p12->mac->dinfo, NULL, &macoct); + if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) + || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0) return 0; + return 1; } @@ -136,6 +184,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; + ASN1_OCTET_STRING *macoct; if (!md_type) md_type = EVP_sha1(); @@ -143,11 +192,16 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR); return 0; } - if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { + /* + * Note that output mac is forced to UTF-8... + */ + if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, + PKCS12_key_gen_utf8)) { PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); return 0; } - if (!(ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { + X509_SIG_getm(p12->mac->dinfo, NULL, &macoct); + if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); return 0; } @@ -158,6 +212,11 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { + X509_ALGOR *macalg; + + PKCS12_MAC_DATA_free(p12->mac); + p12->mac = NULL; + if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) return PKCS12_ERROR; if (iter > 1) { @@ -172,22 +231,22 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, } if (!saltlen) saltlen = PKCS12_SALT_LEN; - p12->mac->salt->length = saltlen; if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } + p12->mac->salt->length = saltlen; if (!salt) { if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0) return 0; } else memcpy(p12->mac->salt->data, salt, saltlen); - p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); - if ((p12->mac->dinfo->algor->parameter = ASN1_TYPE_new()) == NULL) { + X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); + if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)), + V_ASN1_NULL, NULL)) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } - p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; return 1; }