1 /*
2 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
3 *
4 * Use is subject to license terms.
5 */
6 /*
7 * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved.
8 */
9 /*
10 * Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
11 * project 2000.
12 */
13 /*
14 * ====================================================================
15 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 *
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 *
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in
26 * the documentation and/or other materials provided with the
27 * distribution.
63 * (eay@cryptsoft.com). This product includes software written by Tim
64 * Hudson (tjh@cryptsoft.com).
65 *
66 */
67
68 #include <stdlib.h>
69 #include <kmfapiP.h>
70 #include <ber_der.h>
71 #include <fcntl.h>
72 #include <sys/stat.h>
73 #include <dirent.h>
74 #include <cryptoutil.h>
75 #include <synch.h>
76 #include <thread.h>
77
78 /* OPENSSL related headers */
79 #include <openssl/bio.h>
80 #include <openssl/bn.h>
81 #include <openssl/asn1.h>
82 #include <openssl/err.h>
83 #include <openssl/bn.h>
84 #include <openssl/x509.h>
85 #include <openssl/rsa.h>
86 #include <openssl/dsa.h>
87 #include <openssl/x509v3.h>
88 #include <openssl/objects.h>
89 #include <openssl/pem.h>
90 #include <openssl/pkcs12.h>
91 #include <openssl/ocsp.h>
92 #include <openssl/des.h>
93 #include <openssl/rand.h>
94
95 #define PRINT_ANY_EXTENSION (\
96 KMF_X509_EXT_KEY_USAGE |\
97 KMF_X509_EXT_CERT_POLICIES |\
98 KMF_X509_EXT_SUBJALTNAME |\
99 KMF_X509_EXT_BASIC_CONSTRAINTS |\
100 KMF_X509_EXT_NAME_CONSTRAINTS |\
101 KMF_X509_EXT_POLICY_CONSTRAINTS |\
102 KMF_X509_EXT_EXT_KEY_USAGE |\
103 KMF_X509_EXT_INHIBIT_ANY_POLICY |\
104 KMF_X509_EXT_AUTH_KEY_ID |\
105 KMF_X509_EXT_SUBJ_KEY_ID |\
106 KMF_X509_EXT_POLICY_MAPPING)
107
108 static uchar_t P[] = { 0x00, 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76,
109 0xaa, 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69,
110 0xcb, 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c,
111 0xf7, 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82,
112 0xe5, 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e,
113 0xaf, 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a,
120 0x8e, 0xda, 0xce, 0x91, 0x5f };
121
122 static uchar_t G[] = { 0x00, 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a,
123 0x13, 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5,
124 0x00, 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef,
125 0xcb, 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c,
126 0x2e, 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba,
127 0xbf, 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c,
128 0x9c, 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08,
129 0x8c, 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88,
130 0x02 };
131
132 #define SET_ERROR(h, c) h->lasterr.kstype = KMF_KEYSTORE_OPENSSL; \
133 h->lasterr.errcode = c;
134
135 #define SET_SYS_ERROR(h, c) h->lasterr.kstype = -1; h->lasterr.errcode = c;
136
137 /*
138 * Declare some new macros for managing stacks of EVP_PKEYS.
139 */
140 DECLARE_STACK_OF(EVP_PKEY)
141
142 #define sk_EVP_PKEY_new_null() SKM_sk_new_null(EVP_PKEY)
143 #define sk_EVP_PKEY_free(st) SKM_sk_free(EVP_PKEY, (st))
144 #define sk_EVP_PKEY_num(st) SKM_sk_num(EVP_PKEY, (st))
145 #define sk_EVP_PKEY_value(st, i) SKM_sk_value(EVP_PKEY, (st), (i))
146 #define sk_EVP_PKEY_push(st, val) SKM_sk_push(EVP_PKEY, (st), (val))
147 #define sk_EVP_PKEY_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY, (st), \
148 (free_func))
149
150 mutex_t init_lock = DEFAULTMUTEX;
151 static int ssl_initialized = 0;
152 static BIO *bio_err = NULL;
153
154 static int
155 test_for_file(char *, mode_t);
156 static KMF_RETURN
157 openssl_parse_bag(PKCS12_SAFEBAG *, char *, int,
158 STACK_OF(EVP_PKEY) *, STACK_OF(X509) *);
159
160 static KMF_RETURN
161 local_export_pk12(KMF_HANDLE_T, KMF_CREDENTIAL *, int, KMF_X509_DER_CERT *,
162 int, KMF_KEY_HANDLE *, char *);
163
164 static KMF_RETURN set_pkey_attrib(EVP_PKEY *, ASN1_TYPE *, int);
165
166 static KMF_RETURN
167 extract_pem(KMF_HANDLE *, char *, char *, KMF_BIGINT *, char *,
168 CK_UTF8CHAR *, CK_ULONG, EVP_PKEY **, KMF_DATA **, int *);
169
276 OpenSSL_DeleteCRL,
277 OpenSSL_CreateKeypair,
278 OpenSSL_FindKey,
279 OpenSSL_EncodePubKeyData,
280 OpenSSL_SignData,
281 OpenSSL_DeleteKey,
282 OpenSSL_ListCRL,
283 NULL, /* FindCRL */
284 OpenSSL_FindCertInCRL,
285 OpenSSL_GetErrorString,
286 OpenSSL_FindPrikeyByCert,
287 OpenSSL_DecryptData,
288 OpenSSL_ExportPK12,
289 OpenSSL_CreateSymKey,
290 OpenSSL_GetSymKeyValue,
291 NULL, /* SetTokenPin */
292 OpenSSL_StoreKey,
293 NULL /* Finalize */
294 };
295
296 static mutex_t *lock_cs;
297 static long *lock_count;
298
299 static void
300 /* ARGSUSED1 */
301 locking_cb(int mode, int type, char *file, int line)
302 {
303 if (mode & CRYPTO_LOCK) {
304 (void) mutex_lock(&(lock_cs[type]));
305 lock_count[type]++;
306 } else {
307 (void) mutex_unlock(&(lock_cs[type]));
308 }
309 }
310
311 static unsigned long
312 thread_id()
313 {
314 return ((unsigned long)thr_self());
315 }
316
317 KMF_PLUGIN_FUNCLIST *
318 KMF_Plugin_Initialize()
319 {
320 int i;
321
322 (void) mutex_lock(&init_lock);
323 if (!ssl_initialized) {
324 /*
325 * Add support for extension OIDs that are not yet in the
326 * openssl default set.
327 */
328 (void) OBJ_create("2.5.29.30", "nameConstraints",
329 "X509v3 Name Constraints");
330 (void) OBJ_create("2.5.29.33", "policyMappings",
331 "X509v3 Policy Mappings");
332 (void) OBJ_create("2.5.29.36", "policyConstraints",
333 "X509v3 Policy Constraints");
334 (void) OBJ_create("2.5.29.46", "freshestCRL",
335 "X509v3 Freshest CRL");
336 (void) OBJ_create("2.5.29.54", "inhibitAnyPolicy",
337 "X509v3 Inhibit Any-Policy");
338 /*
339 * Set up for thread-safe operation.
340 */
341 lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (mutex_t));
342 if (lock_cs == NULL) {
343 (void) mutex_unlock(&init_lock);
344 return (NULL);
345 }
346
347 lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (long));
348 if (lock_count == NULL) {
349 OPENSSL_free(lock_cs);
350 (void) mutex_unlock(&init_lock);
351 return (NULL);
352 }
353
354 for (i = 0; i < CRYPTO_num_locks(); i++) {
355 lock_count[i] = 0;
356 (void) mutex_init(&lock_cs[i], USYNC_THREAD, NULL);
357 }
358
359 CRYPTO_set_id_callback((unsigned long (*)())thread_id);
360 if (CRYPTO_get_locking_callback() == NULL)
361 CRYPTO_set_locking_callback((void (*)())locking_cb);
362
363 OpenSSL_add_all_algorithms();
364
365 /* Enable error strings for reporting */
366 ERR_load_crypto_strings();
367
368 ssl_initialized = 1;
369 }
370 (void) mutex_unlock(&init_lock);
371
372 return (&openssl_plugin_table);
373 }
374 /*
375 * Convert an SSL DN to a KMF DN.
376 */
377 static KMF_RETURN
378 get_x509_dn(X509_NAME *sslDN, KMF_X509_NAME *kmfDN)
379 {
380 KMF_DATA derdata;
381 KMF_RETURN rv = KMF_OK;
382 uchar_t *tmp;
383
384 /* Convert to raw DER format */
385 derdata.Length = i2d_X509_NAME(sslDN, NULL);
386 if ((tmp = derdata.Data = (uchar_t *)OPENSSL_malloc(derdata.Length))
387 == NULL) {
388 return (KMF_ERR_MEMORY);
389 }
390 (void) i2d_X509_NAME(sslDN, &tmp);
391
392 /* Decode to KMF format */
393 rv = DerDecodeName(&derdata, kmfDN);
468 boolean_t findSubject = FALSE;
469 boolean_t findSerial = FALSE;
470 KMF_X509_NAME issuerDN, subjectDN;
471 KMF_X509_NAME certIssuerDN, certSubjectDN;
472
473 *match = FALSE;
474 if (xcert == NULL) {
475 return (KMF_ERR_BAD_PARAMETER);
476 }
477
478 (void) memset(&issuerDN, 0, sizeof (KMF_X509_NAME));
479 (void) memset(&subjectDN, 0, sizeof (KMF_X509_NAME));
480 (void) memset(&certIssuerDN, 0, sizeof (KMF_X509_NAME));
481 (void) memset(&certSubjectDN, 0, sizeof (KMF_X509_NAME));
482
483 if (issuer != NULL && strlen(issuer)) {
484 rv = kmf_dn_parser(issuer, &issuerDN);
485 if (rv != KMF_OK)
486 return (KMF_ERR_BAD_PARAMETER);
487
488 rv = get_x509_dn(xcert->cert_info->issuer, &certIssuerDN);
489 if (rv != KMF_OK) {
490 kmf_free_dn(&issuerDN);
491 return (KMF_ERR_BAD_PARAMETER);
492 }
493
494 findIssuer = TRUE;
495 }
496 if (subject != NULL && strlen(subject)) {
497 rv = kmf_dn_parser(subject, &subjectDN);
498 if (rv != KMF_OK) {
499 rv = KMF_ERR_BAD_PARAMETER;
500 goto cleanup;
501 }
502
503 rv = get_x509_dn(xcert->cert_info->subject, &certSubjectDN);
504 if (rv != KMF_OK) {
505 rv = KMF_ERR_BAD_PARAMETER;
506 goto cleanup;
507 }
508 findSubject = TRUE;
509 }
510 if (serial != NULL && serial->val != NULL)
511 findSerial = TRUE;
512
513 if (findSerial) {
514 BIGNUM *bn;
515
516 /* Comparing BIGNUMs is a pain! */
517 bn = ASN1_INTEGER_to_BN(xcert->cert_info->serialNumber, NULL);
518 if (bn != NULL) {
519 int bnlen = BN_num_bytes(bn);
520
521 if (bnlen == serial->len) {
522 uchar_t *a = malloc(bnlen);
523 if (a == NULL) {
524 rv = KMF_ERR_MEMORY;
525 BN_free(bn);
526 goto cleanup;
527 }
528 bnlen = BN_bn2bin(bn, a);
529 *match = (memcmp(a, serial->val, serial->len) ==
530 0);
531 rv = KMF_OK;
532 free(a);
533 }
534 BN_free(bn);
535 if (!(*match))
536 goto cleanup;
537 } else {
1403 }
1404
1405 return (rv);
1406 }
1407
1408 static KMF_RETURN
1409 ssl_write_key(KMF_HANDLE *kmfh, KMF_ENCODE_FORMAT format, BIO *out,
1410 KMF_CREDENTIAL *cred, EVP_PKEY *pkey, boolean_t private)
1411 {
1412 int rv = 0;
1413 RSA *rsa;
1414 DSA *dsa;
1415
1416 if (pkey == NULL || out == NULL)
1417 return (KMF_ERR_BAD_PARAMETER);
1418
1419 switch (format) {
1420 case KMF_FORMAT_RAWKEY:
1421 /* same as ASN.1 */
1422 case KMF_FORMAT_ASN1:
1423 if (pkey->type == EVP_PKEY_RSA) {
1424 rsa = EVP_PKEY_get1_RSA(pkey);
1425 if (private)
1426 rv = i2d_RSAPrivateKey_bio(out, rsa);
1427 else
1428 rv = i2d_RSAPublicKey_bio(out, rsa);
1429 RSA_free(rsa);
1430 } else if (pkey->type == EVP_PKEY_DSA) {
1431 dsa = EVP_PKEY_get1_DSA(pkey);
1432 rv = i2d_DSAPrivateKey_bio(out, dsa);
1433 DSA_free(dsa);
1434 }
1435 if (rv == 1) {
1436 rv = KMF_OK;
1437 } else {
1438 SET_ERROR(kmfh, rv);
1439 }
1440 break;
1441 case KMF_FORMAT_PEM:
1442 if (pkey->type == EVP_PKEY_RSA) {
1443 rsa = EVP_PKEY_get1_RSA(pkey);
1444 if (private)
1445 rv = PEM_write_bio_RSAPrivateKey(out,
1446 rsa, NULL, NULL, 0, NULL,
1447 (cred != NULL ? cred->cred : NULL));
1448 else
1449 rv = PEM_write_bio_RSAPublicKey(out,
1450 rsa);
1451 RSA_free(rsa);
1452 } else if (pkey->type == EVP_PKEY_DSA) {
1453 dsa = EVP_PKEY_get1_DSA(pkey);
1454 rv = PEM_write_bio_DSAPrivateKey(out,
1455 dsa, NULL, NULL, 0, NULL,
1456 (cred != NULL ? cred->cred : NULL));
1457 DSA_free(dsa);
1458 }
1459
1460 if (rv == 1) {
1461 rv = KMF_OK;
1462 } else {
1463 SET_ERROR(kmfh, rv);
1464 }
1465 break;
1466
1467 default:
1468 rv = KMF_ERR_BAD_PARAMETER;
1469 }
1470
1471 return (rv);
1472 }
1473
1474 KMF_RETURN
1475 OpenSSL_CreateKeypair(KMF_HANDLE_T handle, int numattr,
1476 KMF_ATTRIBUTE *attrlist)
1477 {
1478 KMF_RETURN rv = KMF_OK;
1479 KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
1480 uint32_t eValue = 0x010001;
1481 RSA *sslPrivKey = NULL;
1482 DSA *sslDSAKey = NULL;
1483 EVP_PKEY *eprikey = NULL;
1484 EVP_PKEY *epubkey = NULL;
1485 BIO *out = NULL;
1486 KMF_KEY_HANDLE *pubkey = NULL, *privkey = NULL;
1487 uint32_t keylen = 1024;
1488 uint32_t keylen_size = sizeof (uint32_t);
1489 boolean_t storekey = TRUE;
1490 KMF_KEY_ALG keytype = KMF_RSA;
1491
1492 rv = kmf_get_attr(KMF_STOREKEY_BOOL_ATTR, attrlist, numattr,
1493 &storekey, NULL);
1494 if (rv != KMF_OK) {
1495 /* "storekey" is optional. Default is TRUE */
1496 rv = KMF_OK;
1497 }
1498
1499 rv = kmf_get_attr(KMF_KEYALG_ATTR, attrlist, numattr,
1500 (void *)&keytype, NULL);
1501 if (rv != KMF_OK)
1502 /* keytype is optional. KMF_RSA is default */
1503 rv = KMF_OK;
1504
1505 pubkey = kmf_get_attr_ptr(KMF_PUBKEY_HANDLE_ATTR, attrlist, numattr);
1506 if (pubkey == NULL)
1507 return (KMF_ERR_BAD_PARAMETER);
1508
1509 privkey = kmf_get_attr_ptr(KMF_PRIVKEY_HANDLE_ATTR, attrlist, numattr);
1510 if (privkey == NULL)
1511 return (KMF_ERR_BAD_PARAMETER);
1512
1513 (void) memset(pubkey, 0, sizeof (KMF_KEY_HANDLE));
1514 (void) memset(privkey, 0, sizeof (KMF_KEY_HANDLE));
1515
1516 eprikey = EVP_PKEY_new();
1517 if (eprikey == NULL) {
1518 SET_ERROR(kmfh, ERR_get_error());
1519 rv = KMF_ERR_KEYGEN_FAILED;
1520 goto cleanup;
1521 }
1522 epubkey = EVP_PKEY_new();
1523 if (epubkey == NULL) {
1524 SET_ERROR(kmfh, ERR_get_error());
1525 rv = KMF_ERR_KEYGEN_FAILED;
1526 goto cleanup;
1527 }
1528 if (keytype == KMF_RSA) {
1529 KMF_BIGINT *rsaexp = NULL;
1530
1531 rsaexp = kmf_get_attr_ptr(KMF_RSAEXP_ATTR, attrlist, numattr);
1532 if (rsaexp != NULL) {
1533 if (rsaexp->len > 0 &&
1534 rsaexp->len <= sizeof (eValue) &&
1535 rsaexp->val != NULL) {
1536 /* LINTED E_BAD_PTR_CAST_ALIGN */
1537 eValue = *(uint32_t *)rsaexp->val;
1538 } else {
1539 rv = KMF_ERR_BAD_PARAMETER;
1540 goto cleanup;
1541 }
1542 } else {
1543 /* RSA Exponent is optional. Default is 0x10001 */
1544 rv = KMF_OK;
1545 }
1546
1547 rv = kmf_get_attr(KMF_KEYLENGTH_ATTR, attrlist, numattr,
1548 &keylen, &keylen_size);
1549 if (rv == KMF_ERR_ATTR_NOT_FOUND)
1550 /* keylen is optional, default is 1024 */
1551 rv = KMF_OK;
1552 if (rv != KMF_OK) {
1553 rv = KMF_ERR_BAD_PARAMETER;
1554 goto cleanup;
1555 }
1556
1557 sslPrivKey = RSA_generate_key(keylen, eValue, NULL, NULL);
1558 if (sslPrivKey == NULL) {
1559 SET_ERROR(kmfh, ERR_get_error());
1560 rv = KMF_ERR_KEYGEN_FAILED;
1561 } else {
1562 (void) EVP_PKEY_set1_RSA(eprikey, sslPrivKey);
1563 privkey->kstype = KMF_KEYSTORE_OPENSSL;
1564 privkey->keyalg = KMF_RSA;
1565 privkey->keyclass = KMF_ASYM_PRI;
1566 privkey->israw = FALSE;
1567 privkey->keyp = (void *)eprikey;
1568
1569 /* OpenSSL derives the public key from the private */
1570 (void) EVP_PKEY_set1_RSA(epubkey, sslPrivKey);
1571 pubkey->kstype = KMF_KEYSTORE_OPENSSL;
1572 pubkey->keyalg = KMF_RSA;
1573 pubkey->israw = FALSE;
1574 pubkey->keyclass = KMF_ASYM_PUB;
1575 pubkey->keyp = (void *)epubkey;
1576 }
1577 } else if (keytype == KMF_DSA) {
1578 DSA *dp;
1579 sslDSAKey = DSA_new();
1580 if (sslDSAKey == NULL) {
1581 SET_ERROR(kmfh, ERR_get_error());
1582 return (KMF_ERR_MEMORY);
1583 }
1584
1585 if ((sslDSAKey->p = BN_bin2bn(P, sizeof (P), sslDSAKey->p)) ==
1586 NULL) {
1587 SET_ERROR(kmfh, ERR_get_error());
1588 rv = KMF_ERR_KEYGEN_FAILED;
1589 goto cleanup;
1590 }
1591 if ((sslDSAKey->q = BN_bin2bn(Q, sizeof (Q), sslDSAKey->q)) ==
1592 NULL) {
1593 SET_ERROR(kmfh, ERR_get_error());
1594 rv = KMF_ERR_KEYGEN_FAILED;
1595 goto cleanup;
1596 }
1597 if ((sslDSAKey->g = BN_bin2bn(G, sizeof (G), sslDSAKey->g)) ==
1598 NULL) {
1599 SET_ERROR(kmfh, ERR_get_error());
1600 rv = KMF_ERR_KEYGEN_FAILED;
1601 goto cleanup;
1602 }
1603
1604 if (!DSA_generate_key(sslDSAKey)) {
1605 SET_ERROR(kmfh, ERR_get_error());
1606 rv = KMF_ERR_KEYGEN_FAILED;
1607 goto cleanup;
1608 }
1609
1610 privkey->kstype = KMF_KEYSTORE_OPENSSL;
1611 privkey->keyalg = KMF_DSA;
1612 privkey->keyclass = KMF_ASYM_PRI;
1613 privkey->israw = FALSE;
1614 if (EVP_PKEY_set1_DSA(eprikey, sslDSAKey)) {
1615 privkey->keyp = (void *)eprikey;
1616 } else {
1617 SET_ERROR(kmfh, ERR_get_error());
1618 rv = KMF_ERR_KEYGEN_FAILED;
1619 goto cleanup;
1620 }
1621 dp = DSA_new();
1622 /* Make a copy for the public key */
1623 if (dp != NULL) {
1624 if ((dp->p = BN_new()) == NULL) {
1625 SET_ERROR(kmfh, ERR_get_error());
1626 rv = KMF_ERR_MEMORY;
1627 DSA_free(dp);
1628 goto cleanup;
1629 }
1630 if ((dp->q = BN_new()) == NULL) {
1631 SET_ERROR(kmfh, ERR_get_error());
1632 rv = KMF_ERR_MEMORY;
1633 BN_free(dp->p);
1634 DSA_free(dp);
1635 goto cleanup;
1636 }
1637 if ((dp->g = BN_new()) == NULL) {
1638 SET_ERROR(kmfh, ERR_get_error());
1639 rv = KMF_ERR_MEMORY;
1640 BN_free(dp->q);
1641 BN_free(dp->p);
1642 DSA_free(dp);
1643 goto cleanup;
1644 }
1645 if ((dp->pub_key = BN_new()) == NULL) {
1646 SET_ERROR(kmfh, ERR_get_error());
1647 rv = KMF_ERR_MEMORY;
1648 BN_free(dp->q);
1649 BN_free(dp->p);
1650 BN_free(dp->g);
1651 DSA_free(dp);
1652 goto cleanup;
1653 }
1654 (void) BN_copy(dp->p, sslDSAKey->p);
1655 (void) BN_copy(dp->q, sslDSAKey->q);
1656 (void) BN_copy(dp->g, sslDSAKey->g);
1657 (void) BN_copy(dp->pub_key, sslDSAKey->pub_key);
1658
1659 pubkey->kstype = KMF_KEYSTORE_OPENSSL;
1660 pubkey->keyalg = KMF_DSA;
1661 pubkey->keyclass = KMF_ASYM_PUB;
1662 pubkey->israw = FALSE;
1663
1664 if (EVP_PKEY_set1_DSA(epubkey, sslDSAKey)) {
1665 pubkey->keyp = (void *)epubkey;
1666 } else {
1667 SET_ERROR(kmfh, ERR_get_error());
1668 rv = KMF_ERR_KEYGEN_FAILED;
1669 goto cleanup;
1670 }
1671 }
1672 }
1673
1674 if (rv != KMF_OK) {
1675 goto cleanup;
1676 }
1677
1678 if (storekey) {
1679 KMF_ATTRIBUTE storeattrs[4]; /* max. 4 attributes needed */
1680 int i = 0;
1681 char *keyfile = NULL, *dirpath = NULL;
1682 KMF_ENCODE_FORMAT format;
1683 /*
1684 * Construct a new attribute arrray and call openssl_store_key
1685 */
1686 kmf_set_attr_at_index(storeattrs, i, KMF_PRIVKEY_HANDLE_ATTR,
1687 privkey, sizeof (privkey));
1688 i++;
1689
1690 dirpath = kmf_get_attr_ptr(KMF_DIRPATH_ATTR, attrlist, numattr);
1691 if (dirpath != NULL) {
1692 storeattrs[i].type = KMF_DIRPATH_ATTR;
1702 storeattrs[i].type = KMF_KEY_FILENAME_ATTR;
1703 storeattrs[i].pValue = keyfile;
1704 storeattrs[i].valueLen = strlen(keyfile);
1705 i++;
1706 } else {
1707 goto cleanup; /* KEYFILE is required */
1708 }
1709 rv = kmf_get_attr(KMF_ENCODE_FORMAT_ATTR, attrlist, numattr,
1710 (void *)&format, NULL);
1711 if (rv == KMF_OK) {
1712 storeattrs[i].type = KMF_ENCODE_FORMAT_ATTR;
1713 storeattrs[i].pValue = &format;
1714 storeattrs[i].valueLen = sizeof (format);
1715 i++;
1716 }
1717
1718 rv = OpenSSL_StoreKey(handle, i, storeattrs);
1719 }
1720
1721 cleanup:
1722 if (rv != KMF_OK) {
1723 if (eprikey != NULL)
1724 EVP_PKEY_free(eprikey);
1725
1726 if (epubkey != NULL)
1727 EVP_PKEY_free(epubkey);
1728
1729 if (pubkey->keylabel) {
1730 free(pubkey->keylabel);
1731 pubkey->keylabel = NULL;
1732 }
1733
1734 if (privkey->keylabel) {
1735 free(privkey->keylabel);
1736 privkey->keylabel = NULL;
1737 }
1738
1739 pubkey->keyp = NULL;
1740 privkey->keyp = NULL;
1741 }
1742
1743 if (sslPrivKey)
1744 RSA_free(sslPrivKey);
1745
1746 if (sslDSAKey)
1747 DSA_free(sslDSAKey);
1748
1749 if (out != NULL)
1750 (void) BIO_free(out);
1751
1752 return (rv);
1753 }
1754
1755 /*
1756 * Make sure the BN conversion is properly padded with 0x00
1757 * bytes. If not, signature verification for DSA signatures
1758 * may fail in the case where the bignum value does not use
1759 * all of the bits.
1760 */
1761 static int
1762 fixbnlen(BIGNUM *bn, unsigned char *buf, int len) {
1763 int bytes = len - BN_num_bytes(bn);
1764
1765 /* prepend with leading 0x00 if necessary */
1766 while (bytes-- > 0)
1767 *buf++ = 0;
1768
1769 (void) BN_bn2bin(bn, buf);
1770 /*
1771 * Return the desired length since we prepended it
1772 * with the necessary 0x00 padding.
1773 */
1774 return (len);
1775 }
1776
1777 KMF_RETURN
1778 OpenSSL_SignData(KMF_HANDLE_T handle, KMF_KEY_HANDLE *key,
1779 KMF_OID *AlgOID, KMF_DATA *tobesigned, KMF_DATA *output)
1780 {
1781 KMF_RETURN ret = KMF_OK;
1782 KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
1783 KMF_ALGORITHM_INDEX AlgId;
1784 EVP_MD_CTX ctx;
1785 const EVP_MD *md;
1786
1787 if (key == NULL || AlgOID == NULL ||
1788 tobesigned == NULL || output == NULL ||
1789 tobesigned->Data == NULL ||
1790 output->Data == NULL)
1791 return (KMF_ERR_BAD_PARAMETER);
1792
1793 /* Map the OID to an OpenSSL algorithm */
1794 AlgId = x509_algoid_to_algid(AlgOID);
1795 if (AlgId == KMF_ALGID_NONE)
1796 return (KMF_ERR_BAD_ALGORITHM);
1797
1798 if (key->keyalg == KMF_RSA) {
1799 EVP_PKEY *pkey = (EVP_PKEY *)key->keyp;
1800 uchar_t *p;
1801 int len;
1802 if (AlgId == KMF_ALGID_MD5WithRSA)
1803 md = EVP_md5();
1804 else if (AlgId == KMF_ALGID_SHA1WithRSA)
1809 md = EVP_sha384();
1810 else if (AlgId == KMF_ALGID_SHA512WithRSA)
1811 md = EVP_sha512();
1812 else if (AlgId == KMF_ALGID_RSA)
1813 md = NULL;
1814 else
1815 return (KMF_ERR_BAD_ALGORITHM);
1816
1817 if ((md == NULL) && (AlgId == KMF_ALGID_RSA)) {
1818 RSA *rsa = EVP_PKEY_get1_RSA((EVP_PKEY *)pkey);
1819
1820 p = output->Data;
1821 if ((len = RSA_private_encrypt(tobesigned->Length,
1822 tobesigned->Data, p, rsa,
1823 RSA_PKCS1_PADDING)) <= 0) {
1824 SET_ERROR(kmfh, ERR_get_error());
1825 ret = KMF_ERR_INTERNAL;
1826 }
1827 output->Length = len;
1828 } else {
1829 (void) EVP_MD_CTX_init(&ctx);
1830 (void) EVP_SignInit_ex(&ctx, md, NULL);
1831 (void) EVP_SignUpdate(&ctx, tobesigned->Data,
1832 (uint32_t)tobesigned->Length);
1833 len = (uint32_t)output->Length;
1834 p = output->Data;
1835 if (!EVP_SignFinal(&ctx, p, (uint32_t *)&len, pkey)) {
1836 SET_ERROR(kmfh, ERR_get_error());
1837 len = 0;
1838 ret = KMF_ERR_INTERNAL;
1839 }
1840 output->Length = len;
1841 (void) EVP_MD_CTX_cleanup(&ctx);
1842 }
1843 } else if (key->keyalg == KMF_DSA) {
1844 DSA *dsa = EVP_PKEY_get1_DSA(key->keyp);
1845
1846 uchar_t hash[EVP_MAX_MD_SIZE];
1847 uint32_t hashlen;
1848 DSA_SIG *dsasig;
1849
1850 if (AlgId == KMF_ALGID_DSA ||
1851 AlgId == KMF_ALGID_SHA1WithDSA)
1852 md = EVP_sha1();
1853 else if (AlgId == KMF_ALGID_SHA256WithDSA)
1854 md = EVP_sha256();
1855 else /* Bad algorithm */
1856 return (KMF_ERR_BAD_ALGORITHM);
1857
1858 /*
1859 * OpenSSL EVP_Sign operation automatically converts to
1860 * ASN.1 output so we do the operations separately so we
1861 * are assured of NOT getting ASN.1 output returned.
1862 * KMF does not want ASN.1 encoded results because
1863 * not all mechanisms return ASN.1 encodings (PKCS#11
1864 * and NSS return raw signature data).
1865 */
1866 EVP_MD_CTX_init(&ctx);
1867 (void) EVP_DigestInit_ex(&ctx, md, NULL);
1868 (void) EVP_DigestUpdate(&ctx, tobesigned->Data,
1869 tobesigned->Length);
1870 (void) EVP_DigestFinal_ex(&ctx, hash, &hashlen);
1871
1872 /* Only sign first 20 bytes for SHA2 */
1873 if (AlgId == KMF_ALGID_SHA256WithDSA)
1874 hashlen = 20;
1875 dsasig = DSA_do_sign(hash, hashlen, dsa);
1876 if (dsasig != NULL) {
1877 int i;
1878 output->Length = i = fixbnlen(dsasig->r, output->Data,
1879 hashlen);
1880
1881 output->Length += fixbnlen(dsasig->s, &output->Data[i],
1882 hashlen);
1883
1884 DSA_SIG_free(dsasig);
1885 } else {
1886 SET_ERROR(kmfh, ERR_get_error());
1887 }
1888 (void) EVP_MD_CTX_cleanup(&ctx);
1889 } else {
1890 return (KMF_ERR_BAD_PARAMETER);
1891 }
1892 cleanup:
1893 return (ret);
1894 }
1895
1896 KMF_RETURN
1897 /*ARGSUSED*/
1898 OpenSSL_DeleteKey(KMF_HANDLE_T handle,
1899 int numattr, KMF_ATTRIBUTE *attrlist)
1900 {
1901 KMF_RETURN rv = KMF_OK;
1902 KMF_KEY_HANDLE *key;
1903 boolean_t destroy = B_TRUE;
1904
1905 key = kmf_get_attr_ptr(KMF_KEY_HANDLE_ATTR, attrlist, numattr);
1906 if (key == NULL || key->keyp == NULL)
1907 return (KMF_ERR_BAD_PARAMETER);
1908
2006 case KMF_X509_EXT_POLICY_CONSTRAINTS:
2007 return (OBJ_sn2nid("policyConstraints"));
2008 case KMF_X509_EXT_INHIBIT_ANY_POLICY:
2009 return (OBJ_sn2nid("inhibitAnyPolicy"));
2010 case KMF_X509_EXT_FRESHEST_CRL:
2011 return (OBJ_sn2nid("freshestCRL"));
2012 default:
2013 return (NID_undef);
2014 }
2015 }
2016
2017 KMF_RETURN
2018 OpenSSL_CertGetPrintable(KMF_HANDLE_T handle, const KMF_DATA *pcert,
2019 KMF_PRINTABLE_ITEM flag, char *resultStr)
2020 {
2021 KMF_RETURN ret = KMF_OK;
2022 KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
2023 X509 *xcert = NULL;
2024 unsigned char *outbuf = NULL;
2025 unsigned char *outbuf_p;
2026 char *tmpstr = NULL;
2027 int j;
2028 int ext_index, nid, len;
2029 BIO *mem = NULL;
2030 #if OPENSSL_VERSION_NUMBER < 0x10000000L
2031 STACK *emlst = NULL;
2032 #else
2033 STACK_OF(OPENSSL_STRING) *emlst = NULL;
2034 #endif
2035 X509_EXTENSION *ex;
2036 X509_CINF *ci;
2037
2038 if (pcert == NULL || pcert->Data == NULL || pcert->Length == 0) {
2039 return (KMF_ERR_BAD_PARAMETER);
2040 }
2041
2042 /* copy cert data to outbuf */
2043 outbuf = malloc(pcert->Length);
2044 if (outbuf == NULL) {
2045 return (KMF_ERR_MEMORY);
2046 }
2047 (void) memcpy(outbuf, pcert->Data, pcert->Length);
2048
2049 outbuf_p = outbuf; /* use a temp pointer; required by openssl */
2050 xcert = d2i_X509(NULL, (const uchar_t **)&outbuf_p, pcert->Length);
2051 if (xcert == NULL) {
2052 SET_ERROR(kmfh, ERR_get_error());
2053 ret = KMF_ERR_ENCODING;
2054 goto out;
2055 }
2056
2058 if (mem == NULL) {
2059 SET_ERROR(kmfh, ERR_get_error());
2060 ret = KMF_ERR_MEMORY;
2061 goto out;
2062 }
2063
2064 switch (flag) {
2065 case KMF_CERT_ISSUER:
2066 (void) X509_NAME_print_ex(mem, X509_get_issuer_name(xcert), 0,
2067 XN_FLAG_SEP_CPLUS_SPC);
2068 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2069 break;
2070
2071 case KMF_CERT_SUBJECT:
2072 (void) X509_NAME_print_ex(mem, X509_get_subject_name(xcert), 0,
2073 XN_FLAG_SEP_CPLUS_SPC);
2074 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2075 break;
2076
2077 case KMF_CERT_VERSION:
2078 tmpstr = i2s_ASN1_INTEGER(NULL, xcert->cert_info->version);
2079 (void) strncpy(resultStr, tmpstr, KMF_CERT_PRINTABLE_LEN);
2080 OPENSSL_free(tmpstr);
2081 len = strlen(resultStr);
2082 break;
2083
2084 case KMF_CERT_SERIALNUM:
2085 if (i2a_ASN1_INTEGER(mem, X509_get_serialNumber(xcert)) > 0) {
2086 (void) strcpy(resultStr, "0x");
2087 len = BIO_gets(mem, &resultStr[2],
2088 KMF_CERT_PRINTABLE_LEN - 2);
2089 }
2090 break;
2091
2092 case KMF_CERT_NOTBEFORE:
2093 (void) ASN1_TIME_print(mem, X509_get_notBefore(xcert));
2094 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2095 break;
2096
2097 case KMF_CERT_NOTAFTER:
2098 (void) ASN1_TIME_print(mem, X509_get_notAfter(xcert));
2099 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2100 break;
2101
2102 case KMF_CERT_PUBKEY_DATA:
2103 {
2104 EVP_PKEY *pkey = X509_get_pubkey(xcert);
2105 if (pkey == NULL) {
2106 SET_ERROR(kmfh, ERR_get_error());
2107 ret = KMF_ERR_ENCODING;
2108 goto out;
2109 }
2110
2111 if (pkey->type == EVP_PKEY_RSA) {
2112 (void) BIO_printf(mem,
2113 "RSA Public Key: (%d bit)\n",
2114 BN_num_bits(pkey->pkey.rsa->n));
2115 (void) RSA_print(mem, pkey->pkey.rsa, 0);
2116 } else if (pkey->type == EVP_PKEY_DSA) {
2117 (void) BIO_printf(mem,
2118 "%12sDSA Public Key:\n", "");
2119 (void) DSA_print(mem, pkey->pkey.dsa, 0);
2120 } else {
2121 (void) BIO_printf(mem,
2122 "%12sUnknown Public Key:\n", "");
2123 }
2124 (void) BIO_printf(mem, "\n");
2125 EVP_PKEY_free(pkey);
2126 }
2127 len = BIO_read(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2128 break;
2129 case KMF_CERT_SIGNATURE_ALG:
2130 case KMF_CERT_PUBKEY_ALG:
2131 if (flag == KMF_CERT_SIGNATURE_ALG) {
2132 len = i2a_ASN1_OBJECT(mem,
2133 xcert->sig_alg->algorithm);
2134 } else {
2135 len = i2a_ASN1_OBJECT(mem,
2136 xcert->cert_info->key->algor->algorithm);
2137 }
2138
2139 if (len > 0) {
2140 len = BIO_read(mem, resultStr,
2141 KMF_CERT_PRINTABLE_LEN);
2142 }
2143 break;
2144
2145 case KMF_CERT_EMAIL:
2146 emlst = X509_get1_email(xcert);
2147 #if OPENSSL_VERSION_NUMBER < 0x10000000L
2148 for (j = 0; j < sk_num(emlst); j++)
2149 (void) BIO_printf(mem, "%s\n", sk_value(emlst, j));
2150 #else
2151 for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
2152 (void) BIO_printf(mem, "%s\n",
2153 sk_OPENSSL_STRING_value(emlst, j));
2154 #endif
2155
2156 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2157 X509_email_free(emlst);
2158 break;
2159 case KMF_X509_EXT_ISSUER_ALTNAME:
2160 case KMF_X509_EXT_SUBJ_ALTNAME:
2161 case KMF_X509_EXT_KEY_USAGE:
2162 case KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD:
2163 case KMF_X509_EXT_CERT_POLICIES:
2164 case KMF_X509_EXT_BASIC_CONSTRAINTS:
2165 case KMF_X509_EXT_NAME_CONSTRAINTS:
2166 case KMF_X509_EXT_POLICY_CONSTRAINTS:
2167 case KMF_X509_EXT_EXT_KEY_USAGE:
2168 case KMF_X509_EXT_INHIBIT_ANY_POLICY:
2169 case KMF_X509_EXT_AUTH_KEY_ID:
2170 case KMF_X509_EXT_SUBJ_KEY_ID:
2171 case KMF_X509_EXT_POLICY_MAPPINGS:
2172 case KMF_X509_EXT_CRL_DIST_POINTS:
2173 case KMF_X509_EXT_FRESHEST_CRL:
2174 nid = ext2NID(flag);
2175 if (nid == NID_undef) {
2176 ret = KMF_ERR_EXTENSION_NOT_FOUND;
2177 goto out;
2178 }
2179 ci = xcert->cert_info;
2180
2181 ext_index = X509v3_get_ext_by_NID(ci->extensions, nid, -1);
2182 if (ext_index == -1) {
2183 SET_ERROR(kmfh, ERR_get_error());
2184
2185 ret = KMF_ERR_EXTENSION_NOT_FOUND;
2186 goto out;
2187 }
2188 ex = X509v3_get_ext(ci->extensions, ext_index);
2189
2190 (void) i2a_ASN1_OBJECT(mem, X509_EXTENSION_get_object(ex));
2191
2192 if (BIO_printf(mem, ": %s\n",
2193 X509_EXTENSION_get_critical(ex) ? "critical" : "") <= 0) {
2194 SET_ERROR(kmfh, ERR_get_error());
2195 ret = KMF_ERR_ENCODING;
2196 goto out;
2197 }
2198 if (!X509V3_EXT_print(mem, ex, X509V3_EXT_DUMP_UNKNOWN, 4)) {
2199 (void) BIO_printf(mem, "%*s", 4, "");
2200 (void) M_ASN1_OCTET_STRING_print(mem, ex->value);
2201 }
2202 if (BIO_write(mem, "\n", 1) <= 0) {
2203 SET_ERROR(kmfh, ERR_get_error());
2204 ret = KMF_ERR_ENCODING;
2205 goto out;
2206 }
2207 len = BIO_read(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2208 }
2209 if (len <= 0) {
2210 SET_ERROR(kmfh, ERR_get_error());
2211 ret = KMF_ERR_ENCODING;
2212 }
2213
2214 out:
2215 if (outbuf != NULL) {
2216 free(outbuf);
2217 }
2218
2219 if (xcert != NULL) {
2220 X509_free(xcert);
2461 ret = KMF_ERR_ENCODING;
2462 }
2463
2464 end:
2465 /*
2466 * We don't need to free "id" explicitely, because OCSP_REQUEST_free()
2467 * will also deallocate certid's space.
2468 */
2469 if (req != NULL) {
2470 OCSP_REQUEST_free(req);
2471 }
2472
2473 if (derbio != NULL) {
2474 (void) BIO_free(derbio);
2475 }
2476
2477 return (ret);
2478 }
2479
2480 /* ocsp_find_signer_sk() is copied from openssl source */
2481 static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
2482 {
2483 int i;
2484 unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
2485
2486 /* Easy if lookup by name */
2487 if (id->type == V_OCSP_RESPID_NAME)
2488 return (X509_find_by_subject(certs, id->value.byName));
2489
2490 /* Lookup by key hash */
2491
2492 /* If key hash isn't SHA1 length then forget it */
2493 if (id->value.byKey->length != SHA_DIGEST_LENGTH)
2494 return (NULL);
2495
2496 keyhash = id->value.byKey->data;
2497 /* Calculate hash of each key and compare */
2498 for (i = 0; i < sk_X509_num(certs); i++) {
2499 /* LINTED E_BAD_PTR_CAST_ALIGN */
2500 X509 *x = sk_X509_value(certs, i);
2501 /* Use pubkey_digest to get the key ID value */
2502 (void) X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
2503 if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
2504 return (x);
2505 }
2506 return (NULL);
2507 }
2508
2509 /* ocsp_find_signer() is copied from openssl source */
2510 /* ARGSUSED2 */
2511 static int
2512 ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
2513 X509_STORE *st, unsigned long flags)
2514 {
2515 X509 *signer;
2516 OCSP_RESPID *rid = bs->tbsResponseData->responderId;
2517 if ((signer = ocsp_find_signer_sk(certs, rid))) {
2518 *psigner = signer;
2519 return (2);
2520 }
2521 if (!(flags & OCSP_NOINTERN) &&
2522 (signer = ocsp_find_signer_sk(bs->certs, rid))) {
2523 *psigner = signer;
2524 return (1);
2525 }
2526 /* Maybe lookup from store if by subject name */
2527
2528 *psigner = NULL;
2529 return (0);
2530 }
2531
2532 /*
2533 * This function will verify the signature of a basic response, using
2534 * the public key from the OCSP responder certificate.
2535 */
2536 static KMF_RETURN
2537 check_response_signature(KMF_HANDLE_T handle, OCSP_BASICRESP *bs,
2538 KMF_DATA *signer_cert, KMF_DATA *issuer_cert)
2539 {
2540 KMF_RETURN ret = KMF_OK;
2541 KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
2542 STACK_OF(X509) *cert_stack = NULL;
2543 X509 *signer = NULL;
2544 X509 *issuer = NULL;
2545 EVP_PKEY *skey = NULL;
2546 unsigned char *ptmp;
2547
2548
2549 if (bs == NULL || issuer_cert == NULL)
2550 return (KMF_ERR_BAD_PARAMETER);
2551
2552 /*
2553 * Find the certificate that signed the basic response.
2554 *
2555 * If signer_cert is not NULL, we will use that as the signer cert.
2556 * Otherwise, we will check if the issuer cert is actually the signer.
2557 * If we still do not find a signer, we will look for it from the
2558 * certificate list came with the response file.
2559 */
2560 if (signer_cert != NULL) {
2561 ptmp = signer_cert->Data;
2562 signer = d2i_X509(NULL, (const uchar_t **)&ptmp,
2563 signer_cert->Length);
2564 if (signer == NULL) {
2565 SET_ERROR(kmfh, ERR_get_error());
2566 ret = KMF_ERR_OCSP_BAD_SIGNER;
2567 goto end;
2568 }
2582
2583 if ((cert_stack = sk_X509_new_null()) == NULL) {
2584 ret = KMF_ERR_INTERNAL;
2585 goto end;
2586 }
2587
2588 if (sk_X509_push(cert_stack, issuer) == NULL) {
2589 ret = KMF_ERR_INTERNAL;
2590 goto end;
2591 }
2592
2593 ret = ocsp_find_signer(&signer, bs, cert_stack, NULL, 0);
2594 if (!ret) {
2595 /* can not find the signer */
2596 ret = KMF_ERR_OCSP_BAD_SIGNER;
2597 goto end;
2598 }
2599 }
2600
2601 /* Verify the signature of the response */
2602 skey = X509_get_pubkey(signer);
2603 if (skey == NULL) {
2604 ret = KMF_ERR_OCSP_BAD_SIGNER;
2605 goto end;
2606 }
2607
2608 ret = OCSP_BASICRESP_verify(bs, skey, 0);
2609 if (ret == 0) {
2610 ret = KMF_ERR_OCSP_RESPONSE_SIGNATURE;
2611 goto end;
2612 }
2613
2614 end:
2615 if (issuer != NULL) {
2616 X509_free(issuer);
2617 }
2618
2619 if (signer != NULL) {
2620 X509_free(signer);
2621 }
2622
2623 if (skey != NULL) {
2624 EVP_PKEY_free(skey);
2625 }
2626
2627 if (cert_stack != NULL) {
2628 sk_X509_free(cert_stack);
2629 }
2630
2631 return (ret);
2632 }
2633
2634
2635
2636 KMF_RETURN
2637 OpenSSL_GetOCSPStatusForCert(KMF_HANDLE_T handle,
2638 int numattr, KMF_ATTRIBUTE *attrlist)
2639 {
2640 KMF_RETURN ret = KMF_OK;
2641 BIO *derbio = NULL;
2642 OCSP_RESPONSE *resp = NULL;
2643 OCSP_BASICRESP *bs = NULL;
2644 OCSP_CERTID *id = NULL;
2645 OCSP_SINGLERESP *single = NULL;
2646 ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
2647 int index, status, reason;
2648 KMF_DATA *issuer_cert;
2649 KMF_DATA *user_cert;
2650 KMF_DATA *signer_cert;
2651 KMF_DATA *response;
2652 int *response_reason, *response_status, *cert_status;
2653 boolean_t ignore_response_sign = B_FALSE; /* default is FALSE */
2654 uint32_t response_lifetime;
2655
2804 OCSP_CERTID_free(id);
2805
2806 return (ret);
2807 }
2808
2809 static KMF_RETURN
2810 fetch_key(KMF_HANDLE_T handle, char *path,
2811 KMF_KEY_CLASS keyclass, KMF_KEY_HANDLE *key)
2812 {
2813 KMF_RETURN rv = KMF_OK;
2814 EVP_PKEY *pkey = NULL;
2815 KMF_RAW_SYM_KEY *rkey = NULL;
2816
2817 if (keyclass == KMF_ASYM_PRI ||
2818 keyclass == KMF_ASYM_PUB) {
2819 pkey = openssl_load_key(handle, path);
2820 if (pkey == NULL) {
2821 return (KMF_ERR_KEY_NOT_FOUND);
2822 }
2823 if (key != NULL) {
2824 if (pkey->type == EVP_PKEY_RSA)
2825 key->keyalg = KMF_RSA;
2826 else if (pkey->type == EVP_PKEY_DSA)
2827 key->keyalg = KMF_DSA;
2828
2829 key->kstype = KMF_KEYSTORE_OPENSSL;
2830 key->keyclass = keyclass;
2831 key->keyp = (void *)pkey;
2832 key->israw = FALSE;
2833 if (path != NULL &&
2834 ((key->keylabel = strdup(path)) == NULL)) {
2835 EVP_PKEY_free(pkey);
2836 return (KMF_ERR_MEMORY);
2837 }
2838 } else {
2839 EVP_PKEY_free(pkey);
2840 pkey = NULL;
2841 }
2842 } else if (keyclass == KMF_SYMMETRIC) {
2843 KMF_ENCODE_FORMAT fmt;
2844 /*
2845 * If the file is a recognized format,
2846 * then it is NOT a symmetric key.
3003 }
3004 }
3005
3006 if (rv == KMF_OK && (*numkeys) == 0)
3007 rv = KMF_ERR_KEY_NOT_FOUND;
3008 else if (rv == KMF_ERR_KEY_NOT_FOUND && (*numkeys) > 0)
3009 rv = KMF_OK;
3010
3011 return (rv);
3012 }
3013
3014 #define HANDLE_PK12_ERROR { \
3015 SET_ERROR(kmfh, ERR_get_error()); \
3016 rv = KMF_ERR_ENCODING; \
3017 goto out; \
3018 }
3019
3020 static int
3021 add_alias_to_bag(PKCS12_SAFEBAG *bag, X509 *xcert)
3022 {
3023 if (xcert != NULL && xcert->aux != NULL &&
3024 xcert->aux->alias != NULL) {
3025 if (PKCS12_add_friendlyname_asc(bag,
3026 (const char *)xcert->aux->alias->data,
3027 xcert->aux->alias->length) == 0)
3028 return (0);
3029 }
3030 return (1);
3031 }
3032
3033 static PKCS7 *
3034 add_cert_to_safe(X509 *sslcert, KMF_CREDENTIAL *cred,
3035 uchar_t *keyid, unsigned int keyidlen)
3036 {
3037 PKCS12_SAFEBAG *bag = NULL;
3038 PKCS7 *cert_authsafe = NULL;
3039 STACK_OF(PKCS12_SAFEBAG) *bag_stack;
3040
3041 bag_stack = sk_PKCS12_SAFEBAG_new_null();
3042 if (bag_stack == NULL)
3043 return (NULL);
3044
3045 /* Convert cert from X509 struct to PKCS#12 bag */
3046 bag = PKCS12_x5092certbag(sslcert);
3047 if (bag == NULL) {
3048 goto out;
3049 }
3050
3051 /* Add the key id to the certificate bag. */
3052 if (keyidlen > 0 && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) {
3053 goto out;
3054 }
3055
3056 if (!add_alias_to_bag(bag, sslcert))
3057 goto out;
3058
3059 /* Pile it on the bag_stack. */
3060 if (!sk_PKCS12_SAFEBAG_push(bag_stack, bag)) {
3061 goto out;
3062 }
3063 /* Turn bag_stack of certs into encrypted authsafe. */
3064 cert_authsafe = PKCS12_pack_p7encdata(
3065 NID_pbe_WithSHA1And40BitRC2_CBC,
3066 cred->cred, cred->credlen, NULL, 0,
3071 sk_PKCS12_SAFEBAG_pop_free(bag_stack, PKCS12_SAFEBAG_free);
3072
3073 return (cert_authsafe);
3074 }
3075
3076 static PKCS7 *
3077 add_key_to_safe(EVP_PKEY *pkey, KMF_CREDENTIAL *cred,
3078 uchar_t *keyid, unsigned int keyidlen,
3079 char *label, int label_len)
3080 {
3081 PKCS8_PRIV_KEY_INFO *p8 = NULL;
3082 STACK_OF(PKCS12_SAFEBAG) *bag_stack = NULL;
3083 PKCS12_SAFEBAG *bag = NULL;
3084 PKCS7 *key_authsafe = NULL;
3085
3086 p8 = EVP_PKEY2PKCS8(pkey);
3087 if (p8 == NULL) {
3088 return (NULL);
3089 }
3090 /* Put the shrouded key into a PKCS#12 bag. */
3091 bag = PKCS12_MAKE_SHKEYBAG(
3092 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
3093 cred->cred, cred->credlen,
3094 NULL, 0, PKCS12_DEFAULT_ITER, p8);
3095
3096 /* Clean up the PKCS#8 shrouded key, don't need it now. */
3097 PKCS8_PRIV_KEY_INFO_free(p8);
3098 p8 = NULL;
3099
3100 if (bag == NULL) {
3101 return (NULL);
3102 }
3103 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
3104 goto out;
3105 if (label != NULL && !PKCS12_add_friendlyname(bag, label, label_len))
3106 goto out;
3107
3108 /* Start a PKCS#12 safebag container for the private key. */
3109 bag_stack = sk_PKCS12_SAFEBAG_new_null();
3110 if (bag_stack == NULL)
3111 goto out;
3112
3113 /* Pile on the private key on the bag_stack. */
3114 if (!sk_PKCS12_SAFEBAG_push(bag_stack, bag))
3115 goto out;
3116
3117 key_authsafe = PKCS12_pack_p7data(bag_stack);
3118
3119 out:
3120 if (bag_stack != NULL)
3121 sk_PKCS12_SAFEBAG_pop_free(bag_stack, PKCS12_SAFEBAG_free);
3122 bag_stack = NULL;
3123 return (key_authsafe);
3124 }
3125
3126 static EVP_PKEY *
3127 ImportRawRSAKey(KMF_RAW_RSA_KEY *key)
3128 {
3129 RSA *rsa = NULL;
3130 EVP_PKEY *newkey = NULL;
3131
3132 if ((rsa = RSA_new()) == NULL)
3133 return (NULL);
3134
3135 if ((rsa->n = BN_bin2bn(key->mod.val, key->mod.len, rsa->n)) == NULL)
3136 return (NULL);
3137
3138 if ((rsa->e = BN_bin2bn(key->pubexp.val, key->pubexp.len, rsa->e)) ==
3139 NULL)
3140 return (NULL);
3141
3142 if (key->priexp.val != NULL)
3143 if ((rsa->d = BN_bin2bn(key->priexp.val, key->priexp.len,
3144 rsa->d)) == NULL)
3145 return (NULL);
3146
3147 if (key->prime1.val != NULL)
3148 if ((rsa->p = BN_bin2bn(key->prime1.val, key->prime1.len,
3149 rsa->p)) == NULL)
3150 return (NULL);
3151
3152 if (key->prime2.val != NULL)
3153 if ((rsa->q = BN_bin2bn(key->prime2.val, key->prime2.len,
3154 rsa->q)) == NULL)
3155 return (NULL);
3156
3157 if (key->exp1.val != NULL)
3158 if ((rsa->dmp1 = BN_bin2bn(key->exp1.val, key->exp1.len,
3159 rsa->dmp1)) == NULL)
3160 return (NULL);
3161
3162 if (key->exp2.val != NULL)
3163 if ((rsa->dmq1 = BN_bin2bn(key->exp2.val, key->exp2.len,
3164 rsa->dmq1)) == NULL)
3165 return (NULL);
3166
3167 if (key->coef.val != NULL)
3168 if ((rsa->iqmp = BN_bin2bn(key->coef.val, key->coef.len,
3169 rsa->iqmp)) == NULL)
3170 return (NULL);
3171
3172 if ((newkey = EVP_PKEY_new()) == NULL)
3173 return (NULL);
3174
3175 (void) EVP_PKEY_set1_RSA(newkey, rsa);
3176
3177 /* The original key must be freed once here or it leaks memory */
3178 RSA_free(rsa);
3179
3180 return (newkey);
3181 }
3182
3183 static EVP_PKEY *
3184 ImportRawDSAKey(KMF_RAW_DSA_KEY *key)
3185 {
3186 DSA *dsa = NULL;
3187 EVP_PKEY *newkey = NULL;
3188
3189 if ((dsa = DSA_new()) == NULL)
3190 return (NULL);
3191
3192 if ((dsa->p = BN_bin2bn(key->prime.val, key->prime.len,
3193 dsa->p)) == NULL)
3194 return (NULL);
3195
3196 if ((dsa->q = BN_bin2bn(key->subprime.val, key->subprime.len,
3197 dsa->q)) == NULL)
3198 return (NULL);
3199
3200 if ((dsa->g = BN_bin2bn(key->base.val, key->base.len,
3201 dsa->g)) == NULL)
3202 return (NULL);
3203
3204 if ((dsa->priv_key = BN_bin2bn(key->value.val, key->value.len,
3205 dsa->priv_key)) == NULL)
3206 return (NULL);
3207
3208 if (key->pubvalue.val != NULL) {
3209 if ((dsa->pub_key = BN_bin2bn(key->pubvalue.val,
3210 key->pubvalue.len, dsa->pub_key)) == NULL)
3211 return (NULL);
3212 }
3213
3214 if ((newkey = EVP_PKEY_new()) == NULL)
3215 return (NULL);
3216
3217 (void) EVP_PKEY_set1_DSA(newkey, dsa);
3218
3219 /* The original key must be freed once here or it leaks memory */
3220 DSA_free(dsa);
3221 return (newkey);
3222 }
3223
3224 static EVP_PKEY *
3225 raw_key_to_pkey(KMF_KEY_HANDLE *key)
3226 {
3227 EVP_PKEY *pkey = NULL;
3228 KMF_RAW_KEY_DATA *rawkey;
3229 ASN1_TYPE *attr = NULL;
3230 KMF_RETURN ret;
3231
3232 if (key == NULL || !key->israw)
3233 return (NULL);
3234
3235 rawkey = (KMF_RAW_KEY_DATA *)key->keyp;
3236 if (rawkey->keytype == KMF_RSA) {
3237 pkey = ImportRawRSAKey(&rawkey->rawdata.rsa);
3238 } else if (rawkey->keytype == KMF_DSA) {
3239 pkey = ImportRawDSAKey(&rawkey->rawdata.dsa);
3240 } else if (rawkey->keytype == KMF_ECDSA) {
3715 else if (priv_key != NULL && pkey != NULL)
3716 *priv_key = pkey;
3717
3718 err:
3719 /* Cleanup the stack of X509 info records */
3720 for (i = 0; i < sk_X509_INFO_num(x509_info_stack); i++) {
3721 /* LINTED E_BAD_PTR_CAST_ALIGN */
3722 info = (X509_INFO *)sk_X509_INFO_value(x509_info_stack, i);
3723 X509_INFO_free(info);
3724 }
3725 if (x509_info_stack)
3726 sk_X509_INFO_free(x509_info_stack);
3727
3728 if (cert_infos != NULL)
3729 free(cert_infos);
3730
3731 return (rv);
3732 }
3733
3734 static KMF_RETURN
3735 openssl_parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *pin,
3736 STACK_OF(EVP_PKEY) *keys, STACK_OF(X509) *certs)
3737 {
3738 KMF_RETURN ret;
3739 int i;
3740
3741 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
3742 /* LINTED E_BAD_PTR_CAST_ALIGN */
3743 PKCS12_SAFEBAG *bag = sk_PKCS12_SAFEBAG_value(bags, i);
3744 ret = openssl_parse_bag(bag, pin, (pin ? strlen(pin) : 0),
3745 keys, certs);
3746
3747 if (ret != KMF_OK)
3748 return (ret);
3749 }
3750
3751 return (ret);
3752 }
3753
3754 static KMF_RETURN
3755 set_pkey_attrib(EVP_PKEY *pkey, ASN1_TYPE *attrib, int nid)
3756 {
3757 X509_ATTRIBUTE *attr = NULL;
3758
3759 if (pkey == NULL || attrib == NULL)
3760 return (KMF_ERR_BAD_PARAMETER);
3761
3762 if (pkey->attributes == NULL) {
3763 pkey->attributes = sk_X509_ATTRIBUTE_new_null();
3764 if (pkey->attributes == NULL)
3765 return (KMF_ERR_MEMORY);
3766 }
3767 attr = X509_ATTRIBUTE_create(nid, attrib->type, attrib->value.ptr);
3768 if (attr != NULL) {
3769 int i;
3770 X509_ATTRIBUTE *a;
3771 for (i = 0;
3772 i < sk_X509_ATTRIBUTE_num(pkey->attributes); i++) {
3773 /* LINTED E_BAD_PTR_CASE_ALIGN */
3774 a = sk_X509_ATTRIBUTE_value(pkey->attributes, i);
3775 if (OBJ_obj2nid(a->object) == nid) {
3776 X509_ATTRIBUTE_free(a);
3777 /* LINTED E_BAD_PTR_CAST_ALIGN */
3778 (void) sk_X509_ATTRIBUTE_set(pkey->attributes,
3779 i, attr);
3780 return (KMF_OK);
3781 }
3782 }
3783 if (sk_X509_ATTRIBUTE_push(pkey->attributes, attr) == NULL) {
3784 X509_ATTRIBUTE_free(attr);
3785 return (KMF_ERR_MEMORY);
3786 }
3787 } else {
3788 return (KMF_ERR_MEMORY);
3789 }
3790
3791 return (KMF_OK);
3792 }
3793
3794 static KMF_RETURN
3795 openssl_parse_bag(PKCS12_SAFEBAG *bag, char *pass, int passlen,
3796 STACK_OF(EVP_PKEY) *keylist, STACK_OF(X509) *certlist)
3797 {
3798 KMF_RETURN ret = KMF_OK;
3799 PKCS8_PRIV_KEY_INFO *p8 = NULL;
3800 EVP_PKEY *pkey = NULL;
3801 X509 *xcert = NULL;
3802 ASN1_TYPE *keyid = NULL;
3803 ASN1_TYPE *fname = NULL;
3804 uchar_t *data = NULL;
3805
3806 keyid = PKCS12_get_attr(bag, NID_localKeyID);
3807 fname = PKCS12_get_attr(bag, NID_friendlyName);
3808
3809 switch (M_PKCS12_bag_type(bag)) {
3810 case NID_keyBag:
3811 if (keylist == NULL)
3812 goto end;
3813 pkey = EVP_PKCS82PKEY(bag->value.keybag);
3814 if (pkey == NULL)
3815 ret = KMF_ERR_PKCS12_FORMAT;
3816
3817 break;
3818 case NID_pkcs8ShroudedKeyBag:
3819 if (keylist == NULL)
3820 goto end;
3821 p8 = M_PKCS12_decrypt_skey(bag, pass, passlen);
3822 if (p8 == NULL)
3823 return (KMF_ERR_AUTH_FAILED);
3824 pkey = EVP_PKCS82PKEY(p8);
3825 PKCS8_PRIV_KEY_INFO_free(p8);
3826 if (pkey == NULL)
3827 ret = KMF_ERR_PKCS12_FORMAT;
3828 break;
3829 case NID_certBag:
3830 if (certlist == NULL)
3831 goto end;
3832 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
3833 return (KMF_ERR_PKCS12_FORMAT);
3834 xcert = M_PKCS12_certbag2x509(bag);
3835 if (xcert == NULL) {
3836 ret = KMF_ERR_PKCS12_FORMAT;
3837 goto end;
3838 }
3839 if (keyid != NULL) {
3840 if (X509_keyid_set1(xcert,
3841 keyid->value.octet_string->data,
3842 keyid->value.octet_string->length) == 0) {
3843 ret = KMF_ERR_PKCS12_FORMAT;
3844 goto end;
3845 }
3846 }
3847 if (fname != NULL) {
3848 int len, r;
3849 len = ASN1_STRING_to_UTF8(&data,
3850 fname->value.asn1_string);
3851 if (len > 0 && data != NULL) {
3852 r = X509_alias_set1(xcert, data, len);
3853 if (r == NULL) {
3854 ret = KMF_ERR_PKCS12_FORMAT;
3855 goto end;
3856 }
3857 } else {
3858 ret = KMF_ERR_PKCS12_FORMAT;
3859 goto end;
3860 }
3861 }
3862 if (sk_X509_push(certlist, xcert) == 0)
3863 ret = KMF_ERR_MEMORY;
3864 else
3865 xcert = NULL;
3866 break;
3867 case NID_safeContentsBag:
3868 return (openssl_parse_bags(bag->value.safes, pass,
3869 keylist, certlist));
3870 default:
3871 ret = KMF_ERR_PKCS12_FORMAT;
3872 break;
3873 }
3874
3875 /*
3876 * Set the ID and/or FriendlyName attributes on the key.
3877 * If converting to PKCS11 objects, these can translate to CKA_ID
3878 * and CKA_LABEL values.
3879 */
3880 if (pkey != NULL && ret == KMF_OK) {
3881 ASN1_TYPE *attr = NULL;
3882 if (keyid != NULL && keyid->type == V_ASN1_OCTET_STRING) {
3883 if ((attr = ASN1_TYPE_new()) == NULL)
3884 return (KMF_ERR_MEMORY);
3885 attr->value.octet_string =
3886 ASN1_STRING_dup(keyid->value.octet_string);
3887 attr->type = V_ASN1_OCTET_STRING;
3888 attr->value.ptr = (char *)attr->value.octet_string;
3889 ret = set_pkey_attrib(pkey, attr, NID_localKeyID);
4059 to->val = (uchar_t *)malloc(sz);
4060 if (to->val == NULL)
4061 return (KMF_ERR_MEMORY);
4062
4063 if ((to->len = BN_bn2bin(from, to->val)) != sz) {
4064 free(to->val);
4065 to->val = NULL;
4066 to->len = 0;
4067 rv = KMF_ERR_MEMORY;
4068 }
4069
4070 return (rv);
4071 }
4072
4073 static KMF_RETURN
4074 exportRawRSAKey(RSA *rsa, KMF_RAW_KEY_DATA *key)
4075 {
4076 KMF_RETURN rv;
4077 KMF_RAW_RSA_KEY *kmfkey = &key->rawdata.rsa;
4078
4079 (void) memset(kmfkey, 0, sizeof (KMF_RAW_RSA_KEY));
4080 if ((rv = sslBN2KMFBN(rsa->n, &kmfkey->mod)) != KMF_OK)
4081 goto cleanup;
4082
4083 if ((rv = sslBN2KMFBN(rsa->e, &kmfkey->pubexp)) != KMF_OK)
4084 goto cleanup;
4085
4086 if (rsa->d != NULL)
4087 if ((rv = sslBN2KMFBN(rsa->d, &kmfkey->priexp)) != KMF_OK)
4088 goto cleanup;
4089
4090 if (rsa->p != NULL)
4091 if ((rv = sslBN2KMFBN(rsa->p, &kmfkey->prime1)) != KMF_OK)
4092 goto cleanup;
4093
4094 if (rsa->q != NULL)
4095 if ((rv = sslBN2KMFBN(rsa->q, &kmfkey->prime2)) != KMF_OK)
4096 goto cleanup;
4097
4098 if (rsa->dmp1 != NULL)
4099 if ((rv = sslBN2KMFBN(rsa->dmp1, &kmfkey->exp1)) != KMF_OK)
4100 goto cleanup;
4101
4102 if (rsa->dmq1 != NULL)
4103 if ((rv = sslBN2KMFBN(rsa->dmq1, &kmfkey->exp2)) != KMF_OK)
4104 goto cleanup;
4105
4106 if (rsa->iqmp != NULL)
4107 if ((rv = sslBN2KMFBN(rsa->iqmp, &kmfkey->coef)) != KMF_OK)
4108 goto cleanup;
4109 cleanup:
4110 if (rv != KMF_OK)
4111 kmf_free_raw_key(key);
4112 else
4113 key->keytype = KMF_RSA;
4114
4115 /*
4116 * Free the reference to this key, SSL will not actually free
4117 * the memory until the refcount == 0, so this is safe.
4118 */
4119 RSA_free(rsa);
4120
4121 return (rv);
4122 }
4123
4124 static KMF_RETURN
4125 exportRawDSAKey(DSA *dsa, KMF_RAW_KEY_DATA *key)
4126 {
4127 KMF_RETURN rv;
4128 KMF_RAW_DSA_KEY *kmfkey = &key->rawdata.dsa;
4129
4130 (void) memset(kmfkey, 0, sizeof (KMF_RAW_DSA_KEY));
4131 if ((rv = sslBN2KMFBN(dsa->p, &kmfkey->prime)) != KMF_OK)
4132 goto cleanup;
4133
4134 if ((rv = sslBN2KMFBN(dsa->q, &kmfkey->subprime)) != KMF_OK)
4135 goto cleanup;
4136
4137 if ((rv = sslBN2KMFBN(dsa->g, &kmfkey->base)) != KMF_OK)
4138 goto cleanup;
4139
4140 if ((rv = sslBN2KMFBN(dsa->priv_key, &kmfkey->value)) != KMF_OK)
4141 goto cleanup;
4142
4143 cleanup:
4144 if (rv != KMF_OK)
4145 kmf_free_raw_key(key);
4146 else
4147 key->keytype = KMF_DSA;
4148
4149 /*
4150 * Free the reference to this key, SSL will not actually free
4151 * the memory until the refcount == 0, so this is safe.
4152 */
4153 DSA_free(dsa);
4154
4155 return (rv);
4156 }
4157
4158 static KMF_RETURN
4159 add_cert_to_list(KMF_HANDLE *kmfh, X509 *sslcert,
4160 KMF_X509_DER_CERT **certlist, int *ncerts)
4203 int n = (*nkeys);
4204
4205 if (list == NULL) {
4206 list = (KMF_RAW_KEY_DATA *)malloc(sizeof (KMF_RAW_KEY_DATA));
4207 } else {
4208 list = (KMF_RAW_KEY_DATA *)realloc(list,
4209 sizeof (KMF_RAW_KEY_DATA) * (n + 1));
4210 }
4211
4212 if (list == NULL)
4213 return (KMF_ERR_MEMORY);
4214
4215 list[n] = *newkey;
4216 (*nkeys) = n + 1;
4217
4218 *keylist = list;
4219
4220 return (KMF_OK);
4221 }
4222
4223 static X509_ATTRIBUTE *
4224 find_attr(STACK_OF(X509_ATTRIBUTE) *attrs, int nid)
4225 {
4226 X509_ATTRIBUTE *a;
4227 int i;
4228
4229 if (attrs == NULL)
4230 return (NULL);
4231
4232 for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
4233 /* LINTED E_BAD_PTR_CAST_ALIGN */
4234 a = sk_X509_ATTRIBUTE_value(attrs, i);
4235 if (OBJ_obj2nid(a->object) == nid)
4236 return (a);
4237 }
4238 return (NULL);
4239 }
4240
4241 static KMF_RETURN
4242 convertToRawKey(EVP_PKEY *pkey, KMF_RAW_KEY_DATA *key)
4243 {
4244 KMF_RETURN rv = KMF_OK;
4245 X509_ATTRIBUTE *attr;
4246
4247 if (pkey == NULL || key == NULL)
4248 return (KMF_ERR_BAD_PARAMETER);
4249 /* Convert SSL key to raw key */
4250 switch (pkey->type) {
4251 case EVP_PKEY_RSA:
4252 rv = exportRawRSAKey(EVP_PKEY_get1_RSA(pkey),
4253 key);
4254 if (rv != KMF_OK)
4255 return (rv);
4256 break;
4257 case EVP_PKEY_DSA:
4258 rv = exportRawDSAKey(EVP_PKEY_get1_DSA(pkey),
4259 key);
4260 if (rv != KMF_OK)
4261 return (rv);
4262 break;
4263 default:
4264 return (KMF_ERR_BAD_PARAMETER);
4265 }
4266 /*
4267 * If friendlyName, add it to record.
4268 */
4269 attr = find_attr(pkey->attributes, NID_friendlyName);
4270 if (attr != NULL) {
4271 ASN1_TYPE *ty = NULL;
4272 int numattr = sk_ASN1_TYPE_num(attr->value.set);
4273 if (attr->single == 0 && numattr > 0) {
4274 /* LINTED E_BAD_PTR_CAST_ALIGN */
4275 ty = sk_ASN1_TYPE_value(attr->value.set, 0);
4276 }
4277 if (ty != NULL) {
4278 #if OPENSSL_VERSION_NUMBER < 0x10000000L
4279 key->label = uni2asc(ty->value.bmpstring->data,
4280 ty->value.bmpstring->length);
4281 #else
4282 key->label = OPENSSL_uni2asc(ty->value.bmpstring->data,
4283 ty->value.bmpstring->length);
4284 #endif
4285 }
4286 } else {
4287 key->label = NULL;
4288 }
4289
4290 /*
4291 * If KeyID, add it to record as a KMF_DATA object.
4292 */
4293 attr = find_attr(pkey->attributes, NID_localKeyID);
4294 if (attr != NULL) {
4295 ASN1_TYPE *ty = NULL;
4296 int numattr = sk_ASN1_TYPE_num(attr->value.set);
4297 if (attr->single == 0 && numattr > 0) {
4298 /* LINTED E_BAD_PTR_CAST_ALIGN */
4299 ty = sk_ASN1_TYPE_value(attr->value.set, 0);
4300 }
4301 key->id.Data = (uchar_t *)malloc(
4302 ty->value.octet_string->length);
4303 if (key->id.Data == NULL)
4304 return (KMF_ERR_MEMORY);
4305 (void) memcpy(key->id.Data, ty->value.octet_string->data,
4306 ty->value.octet_string->length);
4307 key->id.Length = ty->value.octet_string->length;
4308 } else {
4309 (void) memset(&key->id, 0, sizeof (KMF_DATA));
4310 }
4311
4312 return (rv);
4313 }
4314
4315 static KMF_RETURN
4316 convertPK12Objects(
4317 KMF_HANDLE *kmfh,
4318 STACK_OF(EVP_PKEY) *sslkeys,
4319 STACK_OF(X509) *sslcert,
4320 STACK_OF(X509) *sslcacerts,
5389 in = BIO_new_file(certfile, "rb");
5390 if (in == NULL) {
5391 SET_ERROR(kmfh, ERR_get_error());
5392 ret = KMF_ERR_OPEN_FILE;
5393 goto end;
5394 }
5395
5396 if (format == KMF_FORMAT_ASN1) {
5397 xcert = d2i_X509_bio(in, NULL);
5398 } else if (format == KMF_FORMAT_PEM) {
5399 xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
5400 }
5401
5402 if (xcert == NULL) {
5403 SET_ERROR(kmfh, ERR_get_error());
5404 ret = KMF_ERR_BAD_CERTFILE;
5405 goto end;
5406 }
5407
5408 /* Check if the certificate and the CRL have same issuer */
5409 if (X509_NAME_cmp(xcert->cert_info->issuer, xcrl->crl->issuer) != 0) {
5410 ret = KMF_ERR_ISSUER;
5411 goto end;
5412 }
5413
5414 /* Check to see if the certificate serial number is revoked */
5415 revoke_stack = X509_CRL_get_REVOKED(xcrl);
5416 if (sk_X509_REVOKED_num(revoke_stack) <= 0) {
5417 /* No revoked certificates in the CRL file */
5418 SET_ERROR(kmfh, ERR_get_error());
5419 ret = KMF_ERR_EMPTY_CRL;
5420 goto end;
5421 }
5422
5423 for (i = 0; i < sk_X509_REVOKED_num(revoke_stack); i++) {
5424 /* LINTED E_BAD_PTR_CAST_ALIGN */
5425 revoke = sk_X509_REVOKED_value(revoke_stack, i);
5426 if (ASN1_INTEGER_cmp(xcert->cert_info->serialNumber,
5427 revoke->serialNumber) == 0) {
5428 break;
5429 }
5430 }
5431
5432 if (i < sk_X509_REVOKED_num(revoke_stack)) {
5433 ret = KMF_OK;
5434 } else {
5435 ret = KMF_ERR_NOT_REVOKED;
5436 }
5437
5438 end:
5439 if (in != NULL)
5440 (void) BIO_free(in);
5441 if (xcrl != NULL)
5442 X509_CRL_free(xcrl);
5443 if (xcert != NULL)
5444 X509_free(xcert);
5445
5446 return (ret);
5447 }
5550 if (ret != KMF_OK)
5551 return (ret);
5552
5553 bcrl = BIO_new_file(crlname, "rb");
5554 if (bcrl == NULL) {
5555 SET_ERROR(kmfh, ERR_get_error());
5556 ret = KMF_ERR_OPEN_FILE;
5557 goto cleanup;
5558 }
5559
5560 if (crl_format == KMF_FORMAT_ASN1)
5561 xcrl = d2i_X509_CRL_bio(bcrl, NULL);
5562 else if (crl_format == KMF_FORMAT_PEM)
5563 xcrl = PEM_read_bio_X509_CRL(bcrl, NULL, NULL, NULL);
5564
5565 if (xcrl == NULL) {
5566 SET_ERROR(kmfh, ERR_get_error());
5567 ret = KMF_ERR_BAD_CRLFILE;
5568 goto cleanup;
5569 }
5570 i = X509_cmp_time(X509_CRL_get_lastUpdate(xcrl), NULL);
5571 if (i >= 0) {
5572 ret = KMF_ERR_VALIDITY_PERIOD;
5573 goto cleanup;
5574 }
5575 if (X509_CRL_get_nextUpdate(xcrl)) {
5576 i = X509_cmp_time(X509_CRL_get_nextUpdate(xcrl), NULL);
5577
5578 if (i <= 0) {
5579 ret = KMF_ERR_VALIDITY_PERIOD;
5580 goto cleanup;
5581 }
5582 }
5583
5584 ret = KMF_OK;
5585
5586 cleanup:
5587 if (bcrl != NULL)
5588 (void) BIO_free(bcrl);
5589
5590 if (xcrl != NULL)
5591 X509_CRL_free(xcrl);
5592
5593 return (ret);
5594 }
|
1 /*
2 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
3 *
4 * Use is subject to license terms.
5 */
6 /*
7 * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved.
8 * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
9 */
10 /*
11 * Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
12 * project 2000.
13 */
14 /*
15 * ====================================================================
16 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
20 * are met:
21 *
22 * 1. Redistributions of source code must retain the above copyright
23 * notice, this list of conditions and the following disclaimer.
24 *
25 * 2. Redistributions in binary form must reproduce the above copyright
26 * notice, this list of conditions and the following disclaimer in
27 * the documentation and/or other materials provided with the
28 * distribution.
64 * (eay@cryptsoft.com). This product includes software written by Tim
65 * Hudson (tjh@cryptsoft.com).
66 *
67 */
68
69 #include <stdlib.h>
70 #include <kmfapiP.h>
71 #include <ber_der.h>
72 #include <fcntl.h>
73 #include <sys/stat.h>
74 #include <dirent.h>
75 #include <cryptoutil.h>
76 #include <synch.h>
77 #include <thread.h>
78
79 /* OPENSSL related headers */
80 #include <openssl/bio.h>
81 #include <openssl/bn.h>
82 #include <openssl/asn1.h>
83 #include <openssl/err.h>
84 #include <openssl/x509.h>
85 #include <openssl/rsa.h>
86 #include <openssl/dsa.h>
87 #include <openssl/x509v3.h>
88 #include <openssl/objects.h>
89 #include <openssl/pem.h>
90 #include <openssl/pkcs12.h>
91 #include <openssl/ocsp.h>
92 #include <openssl/des.h>
93 #include <openssl/rand.h>
94 #include "compat.h"
95
96 #define PRINT_ANY_EXTENSION (\
97 KMF_X509_EXT_KEY_USAGE |\
98 KMF_X509_EXT_CERT_POLICIES |\
99 KMF_X509_EXT_SUBJALTNAME |\
100 KMF_X509_EXT_BASIC_CONSTRAINTS |\
101 KMF_X509_EXT_NAME_CONSTRAINTS |\
102 KMF_X509_EXT_POLICY_CONSTRAINTS |\
103 KMF_X509_EXT_EXT_KEY_USAGE |\
104 KMF_X509_EXT_INHIBIT_ANY_POLICY |\
105 KMF_X509_EXT_AUTH_KEY_ID |\
106 KMF_X509_EXT_SUBJ_KEY_ID |\
107 KMF_X509_EXT_POLICY_MAPPING)
108
109 static uchar_t P[] = { 0x00, 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76,
110 0xaa, 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69,
111 0xcb, 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c,
112 0xf7, 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82,
113 0xe5, 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e,
114 0xaf, 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a,
121 0x8e, 0xda, 0xce, 0x91, 0x5f };
122
123 static uchar_t G[] = { 0x00, 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a,
124 0x13, 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5,
125 0x00, 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef,
126 0xcb, 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c,
127 0x2e, 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba,
128 0xbf, 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c,
129 0x9c, 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08,
130 0x8c, 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88,
131 0x02 };
132
133 #define SET_ERROR(h, c) h->lasterr.kstype = KMF_KEYSTORE_OPENSSL; \
134 h->lasterr.errcode = c;
135
136 #define SET_SYS_ERROR(h, c) h->lasterr.kstype = -1; h->lasterr.errcode = c;
137
138 /*
139 * Declare some new macros for managing stacks of EVP_PKEYS.
140 */
141 #if OPENSSL_VERSION_NUMBER < 0x10100000L
142 DECLARE_STACK_OF(EVP_PKEY)
143
144 #define sk_EVP_PKEY_new_null() SKM_sk_new_null(EVP_PKEY)
145 #define sk_EVP_PKEY_free(st) SKM_sk_free(EVP_PKEY, (st))
146 #define sk_EVP_PKEY_num(st) SKM_sk_num(EVP_PKEY, (st))
147 #define sk_EVP_PKEY_value(st, i) SKM_sk_value(EVP_PKEY, (st), (i))
148 #define sk_EVP_PKEY_push(st, val) SKM_sk_push(EVP_PKEY, (st), (val))
149 #define sk_EVP_PKEY_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY, (st), \
150 (free_func))
151
152 #else
153 /* LINTED E_STATIC_UNUSED */
154 DEFINE_STACK_OF(EVP_PKEY)
155 #endif
156
157 mutex_t init_lock = DEFAULTMUTEX;
158 static int ssl_initialized = 0;
159 static BIO *bio_err = NULL;
160
161 static int
162 test_for_file(char *, mode_t);
163 static KMF_RETURN
164 openssl_parse_bag(PKCS12_SAFEBAG *, char *, int,
165 STACK_OF(EVP_PKEY) *, STACK_OF(X509) *);
166
167 static KMF_RETURN
168 local_export_pk12(KMF_HANDLE_T, KMF_CREDENTIAL *, int, KMF_X509_DER_CERT *,
169 int, KMF_KEY_HANDLE *, char *);
170
171 static KMF_RETURN set_pkey_attrib(EVP_PKEY *, ASN1_TYPE *, int);
172
173 static KMF_RETURN
174 extract_pem(KMF_HANDLE *, char *, char *, KMF_BIGINT *, char *,
175 CK_UTF8CHAR *, CK_ULONG, EVP_PKEY **, KMF_DATA **, int *);
176
283 OpenSSL_DeleteCRL,
284 OpenSSL_CreateKeypair,
285 OpenSSL_FindKey,
286 OpenSSL_EncodePubKeyData,
287 OpenSSL_SignData,
288 OpenSSL_DeleteKey,
289 OpenSSL_ListCRL,
290 NULL, /* FindCRL */
291 OpenSSL_FindCertInCRL,
292 OpenSSL_GetErrorString,
293 OpenSSL_FindPrikeyByCert,
294 OpenSSL_DecryptData,
295 OpenSSL_ExportPK12,
296 OpenSSL_CreateSymKey,
297 OpenSSL_GetSymKeyValue,
298 NULL, /* SetTokenPin */
299 OpenSSL_StoreKey,
300 NULL /* Finalize */
301 };
302
303 #if OPENSSL_VERSION_NUMBER < 0x10100000L
304 static mutex_t *lock_cs;
305 static long *lock_count;
306
307 static void
308 /* ARGSUSED1 */
309 locking_cb(int mode, int type, char *file, int line)
310 {
311 if (mode & CRYPTO_LOCK) {
312 (void) mutex_lock(&(lock_cs[type]));
313 lock_count[type]++;
314 } else {
315 (void) mutex_unlock(&(lock_cs[type]));
316 }
317 }
318
319 static unsigned long
320 thread_id()
321 {
322 return ((unsigned long)thr_self());
323 }
324 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
325
326 KMF_PLUGIN_FUNCLIST *
327 KMF_Plugin_Initialize()
328 {
329 #if OPENSSL_VERSION_NUMBER < 0x10100000L
330 int i;
331 #endif
332
333 (void) mutex_lock(&init_lock);
334 if (!ssl_initialized) {
335 /*
336 * Add support for extension OIDs that are not yet in the
337 * openssl default set.
338 */
339 (void) OBJ_create("2.5.29.30", "nameConstraints",
340 "X509v3 Name Constraints");
341 (void) OBJ_create("2.5.29.33", "policyMappings",
342 "X509v3 Policy Mappings");
343 (void) OBJ_create("2.5.29.36", "policyConstraints",
344 "X509v3 Policy Constraints");
345 (void) OBJ_create("2.5.29.46", "freshestCRL",
346 "X509v3 Freshest CRL");
347 (void) OBJ_create("2.5.29.54", "inhibitAnyPolicy",
348 "X509v3 Inhibit Any-Policy");
349
350 #if OPENSSL_VERSION_NUMBER < 0x10100000L
351 /*
352 * Set up for thread-safe operation.
353 * This is not required for OpenSSL 1.1
354 */
355 lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (mutex_t));
356 if (lock_cs == NULL) {
357 (void) mutex_unlock(&init_lock);
358 return (NULL);
359 }
360
361 lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (long));
362 if (lock_count == NULL) {
363 OPENSSL_free(lock_cs);
364 (void) mutex_unlock(&init_lock);
365 return (NULL);
366 }
367
368 for (i = 0; i < CRYPTO_num_locks(); i++) {
369 lock_count[i] = 0;
370 (void) mutex_init(&lock_cs[i], USYNC_THREAD, NULL);
371 }
372
373 CRYPTO_set_id_callback((unsigned long (*)())thread_id);
374 if (CRYPTO_get_locking_callback() == NULL)
375 CRYPTO_set_locking_callback((void (*)())locking_cb);
376
377 (void) OpenSSL_add_all_algorithms();
378
379 /* Enable error strings for reporting */
380 (void) ERR_load_crypto_strings();
381 #endif
382
383 ssl_initialized = 1;
384 }
385 (void) mutex_unlock(&init_lock);
386
387 return (&openssl_plugin_table);
388 }
389
390 /*
391 * Convert an SSL DN to a KMF DN.
392 */
393 static KMF_RETURN
394 get_x509_dn(X509_NAME *sslDN, KMF_X509_NAME *kmfDN)
395 {
396 KMF_DATA derdata;
397 KMF_RETURN rv = KMF_OK;
398 uchar_t *tmp;
399
400 /* Convert to raw DER format */
401 derdata.Length = i2d_X509_NAME(sslDN, NULL);
402 if ((tmp = derdata.Data = (uchar_t *)OPENSSL_malloc(derdata.Length))
403 == NULL) {
404 return (KMF_ERR_MEMORY);
405 }
406 (void) i2d_X509_NAME(sslDN, &tmp);
407
408 /* Decode to KMF format */
409 rv = DerDecodeName(&derdata, kmfDN);
484 boolean_t findSubject = FALSE;
485 boolean_t findSerial = FALSE;
486 KMF_X509_NAME issuerDN, subjectDN;
487 KMF_X509_NAME certIssuerDN, certSubjectDN;
488
489 *match = FALSE;
490 if (xcert == NULL) {
491 return (KMF_ERR_BAD_PARAMETER);
492 }
493
494 (void) memset(&issuerDN, 0, sizeof (KMF_X509_NAME));
495 (void) memset(&subjectDN, 0, sizeof (KMF_X509_NAME));
496 (void) memset(&certIssuerDN, 0, sizeof (KMF_X509_NAME));
497 (void) memset(&certSubjectDN, 0, sizeof (KMF_X509_NAME));
498
499 if (issuer != NULL && strlen(issuer)) {
500 rv = kmf_dn_parser(issuer, &issuerDN);
501 if (rv != KMF_OK)
502 return (KMF_ERR_BAD_PARAMETER);
503
504 rv = get_x509_dn(X509_get_issuer_name(xcert), &certIssuerDN);
505 if (rv != KMF_OK) {
506 kmf_free_dn(&issuerDN);
507 return (KMF_ERR_BAD_PARAMETER);
508 }
509
510 findIssuer = TRUE;
511 }
512 if (subject != NULL && strlen(subject)) {
513 rv = kmf_dn_parser(subject, &subjectDN);
514 if (rv != KMF_OK) {
515 rv = KMF_ERR_BAD_PARAMETER;
516 goto cleanup;
517 }
518
519 rv = get_x509_dn(X509_get_subject_name(xcert), &certSubjectDN);
520 if (rv != KMF_OK) {
521 rv = KMF_ERR_BAD_PARAMETER;
522 goto cleanup;
523 }
524 findSubject = TRUE;
525 }
526 if (serial != NULL && serial->val != NULL)
527 findSerial = TRUE;
528
529 if (findSerial) {
530 BIGNUM *bn;
531
532 /* Comparing BIGNUMs is a pain! */
533 bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(xcert), NULL);
534 if (bn != NULL) {
535 int bnlen = BN_num_bytes(bn);
536
537 if (bnlen == serial->len) {
538 uchar_t *a = malloc(bnlen);
539 if (a == NULL) {
540 rv = KMF_ERR_MEMORY;
541 BN_free(bn);
542 goto cleanup;
543 }
544 bnlen = BN_bn2bin(bn, a);
545 *match = (memcmp(a, serial->val, serial->len) ==
546 0);
547 rv = KMF_OK;
548 free(a);
549 }
550 BN_free(bn);
551 if (!(*match))
552 goto cleanup;
553 } else {
1419 }
1420
1421 return (rv);
1422 }
1423
1424 static KMF_RETURN
1425 ssl_write_key(KMF_HANDLE *kmfh, KMF_ENCODE_FORMAT format, BIO *out,
1426 KMF_CREDENTIAL *cred, EVP_PKEY *pkey, boolean_t private)
1427 {
1428 int rv = 0;
1429 RSA *rsa;
1430 DSA *dsa;
1431
1432 if (pkey == NULL || out == NULL)
1433 return (KMF_ERR_BAD_PARAMETER);
1434
1435 switch (format) {
1436 case KMF_FORMAT_RAWKEY:
1437 /* same as ASN.1 */
1438 case KMF_FORMAT_ASN1:
1439 if ((rsa = EVP_PKEY_get0_RSA(pkey)) != NULL) {
1440 if (private)
1441 rv = i2d_RSAPrivateKey_bio(out, rsa);
1442 else
1443 rv = i2d_RSAPublicKey_bio(out, rsa);
1444 } else if ((dsa = EVP_PKEY_get0_DSA(pkey)) != NULL) {
1445 rv = i2d_DSAPrivateKey_bio(out, dsa);
1446 }
1447 if (rv == 1) {
1448 rv = KMF_OK;
1449 } else {
1450 SET_ERROR(kmfh, rv);
1451 }
1452 break;
1453 case KMF_FORMAT_PEM:
1454 if ((rsa = EVP_PKEY_get0_RSA(pkey)) != NULL) {
1455 if (private)
1456 rv = PEM_write_bio_RSAPrivateKey(out,
1457 rsa, NULL, NULL, 0, NULL,
1458 (cred != NULL ? cred->cred : NULL));
1459 else
1460 rv = PEM_write_bio_RSAPublicKey(out,
1461 rsa);
1462 } else if ((dsa = EVP_PKEY_get0_DSA(pkey)) != NULL) {
1463 rv = PEM_write_bio_DSAPrivateKey(out,
1464 dsa, NULL, NULL, 0, NULL,
1465 (cred != NULL ? cred->cred : NULL));
1466 }
1467
1468 if (rv == 1) {
1469 rv = KMF_OK;
1470 } else {
1471 SET_ERROR(kmfh, rv);
1472 }
1473 break;
1474
1475 default:
1476 rv = KMF_ERR_BAD_PARAMETER;
1477 }
1478
1479 return (rv);
1480 }
1481
1482 KMF_RETURN
1483 OpenSSL_CreateKeypair(KMF_HANDLE_T handle, int numattr,
1484 KMF_ATTRIBUTE *attrlist)
1485 {
1486 KMF_RETURN rv = KMF_OK;
1487 KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
1488 uint32_t eValue = RSA_F4;
1489 BIGNUM *eValue_bn = NULL;
1490 RSA *sslPrivKey = NULL;
1491 DSA *sslDSAKey = NULL;
1492 EVP_PKEY *eprikey = NULL;
1493 EVP_PKEY *epubkey = NULL;
1494 BIO *out = NULL;
1495 KMF_KEY_HANDLE *pubkey = NULL, *privkey = NULL;
1496 uint32_t keylen = 1024;
1497 uint32_t keylen_size = sizeof (uint32_t);
1498 boolean_t storekey = TRUE;
1499 KMF_KEY_ALG keytype = KMF_RSA;
1500
1501 eValue_bn = BN_new();
1502 if (eValue_bn == NULL)
1503 return (KMF_ERR_MEMORY);
1504 if (BN_set_word(eValue_bn, eValue) == 0) {
1505 rv = KMF_ERR_KEYGEN_FAILED;
1506 goto cleanup;
1507 }
1508
1509 rv = kmf_get_attr(KMF_STOREKEY_BOOL_ATTR, attrlist, numattr,
1510 &storekey, NULL);
1511 if (rv != KMF_OK) {
1512 /* "storekey" is optional. Default is TRUE */
1513 rv = KMF_OK;
1514 }
1515
1516 rv = kmf_get_attr(KMF_KEYALG_ATTR, attrlist, numattr,
1517 (void *)&keytype, NULL);
1518 if (rv != KMF_OK)
1519 /* keytype is optional. KMF_RSA is default */
1520 rv = KMF_OK;
1521
1522 pubkey = kmf_get_attr_ptr(KMF_PUBKEY_HANDLE_ATTR, attrlist, numattr);
1523 if (pubkey == NULL) {
1524 rv = KMF_ERR_BAD_PARAMETER;
1525 goto cleanup;
1526 }
1527
1528 privkey = kmf_get_attr_ptr(KMF_PRIVKEY_HANDLE_ATTR, attrlist, numattr);
1529 if (privkey == NULL) {
1530 rv = KMF_ERR_BAD_PARAMETER;
1531 goto cleanup;
1532 }
1533
1534 (void) memset(pubkey, 0, sizeof (KMF_KEY_HANDLE));
1535 (void) memset(privkey, 0, sizeof (KMF_KEY_HANDLE));
1536
1537 eprikey = EVP_PKEY_new();
1538 if (eprikey == NULL) {
1539 SET_ERROR(kmfh, ERR_get_error());
1540 rv = KMF_ERR_KEYGEN_FAILED;
1541 goto cleanup;
1542 }
1543 epubkey = EVP_PKEY_new();
1544 if (epubkey == NULL) {
1545 SET_ERROR(kmfh, ERR_get_error());
1546 rv = KMF_ERR_KEYGEN_FAILED;
1547 goto cleanup;
1548 }
1549 if (keytype == KMF_RSA) {
1550 KMF_BIGINT *rsaexp = NULL;
1551
1552 rsaexp = kmf_get_attr_ptr(KMF_RSAEXP_ATTR, attrlist, numattr);
1553 if (rsaexp != NULL) {
1554 if (rsaexp->len > 0 &&
1555 rsaexp->len <= sizeof (eValue) &&
1556 rsaexp->val != NULL) {
1557 /* LINTED E_BAD_PTR_CAST_ALIGN */
1558 eValue = *(uint32_t *)rsaexp->val;
1559 if (BN_set_word(eValue_bn, eValue) == 0) {
1560 rv = KMF_ERR_BAD_PARAMETER;
1561 goto cleanup;
1562 }
1563 } else {
1564 rv = KMF_ERR_BAD_PARAMETER;
1565 goto cleanup;
1566 }
1567 } else {
1568 /* RSA Exponent is optional. Default is 0x10001 */
1569 rv = KMF_OK;
1570 }
1571
1572 rv = kmf_get_attr(KMF_KEYLENGTH_ATTR, attrlist, numattr,
1573 &keylen, &keylen_size);
1574 if (rv == KMF_ERR_ATTR_NOT_FOUND)
1575 /* keylen is optional, default is 1024 */
1576 rv = KMF_OK;
1577 if (rv != KMF_OK) {
1578 rv = KMF_ERR_BAD_PARAMETER;
1579 goto cleanup;
1580 }
1581
1582 sslPrivKey = RSA_new();
1583 if (sslPrivKey == NULL ||
1584 RSA_generate_key_ex(sslPrivKey, keylen, eValue_bn, NULL)
1585 == 0) {
1586 SET_ERROR(kmfh, ERR_get_error());
1587 rv = KMF_ERR_KEYGEN_FAILED;
1588 } else {
1589 (void) EVP_PKEY_set1_RSA(eprikey, sslPrivKey);
1590 privkey->kstype = KMF_KEYSTORE_OPENSSL;
1591 privkey->keyalg = KMF_RSA;
1592 privkey->keyclass = KMF_ASYM_PRI;
1593 privkey->israw = FALSE;
1594 privkey->keyp = (void *)eprikey;
1595
1596 /* OpenSSL derives the public key from the private */
1597 (void) EVP_PKEY_set1_RSA(epubkey, sslPrivKey);
1598 pubkey->kstype = KMF_KEYSTORE_OPENSSL;
1599 pubkey->keyalg = KMF_RSA;
1600 pubkey->israw = FALSE;
1601 pubkey->keyclass = KMF_ASYM_PUB;
1602 pubkey->keyp = (void *)epubkey;
1603 }
1604 } else if (keytype == KMF_DSA) {
1605 BIGNUM *p, *q, *g;
1606
1607 sslDSAKey = DSA_new();
1608 if (sslDSAKey == NULL) {
1609 SET_ERROR(kmfh, ERR_get_error());
1610 return (KMF_ERR_MEMORY);
1611 }
1612
1613 p = BN_bin2bn(P, sizeof (P), NULL);
1614 q = BN_bin2bn(Q, sizeof (Q), NULL);
1615 g = BN_bin2bn(G, sizeof (G), NULL);
1616 if (p == NULL || q == NULL || g == NULL) {
1617 BN_free(p);
1618 BN_free(q);
1619 BN_free(g);
1620 SET_ERROR(kmfh, ERR_get_error());
1621 rv = KMF_ERR_KEYGEN_FAILED;
1622 goto cleanup;
1623 }
1624
1625 if (DSA_set0_pqg(sslDSAKey, p, q, g) == 0) {
1626 SET_ERROR(kmfh, ERR_get_error());
1627 rv = KMF_ERR_KEYGEN_FAILED;
1628 goto cleanup;
1629 }
1630
1631 if (!DSA_generate_key(sslDSAKey)) {
1632 SET_ERROR(kmfh, ERR_get_error());
1633 rv = KMF_ERR_KEYGEN_FAILED;
1634 goto cleanup;
1635 }
1636
1637 privkey->kstype = KMF_KEYSTORE_OPENSSL;
1638 privkey->keyalg = KMF_DSA;
1639 privkey->keyclass = KMF_ASYM_PRI;
1640 privkey->israw = FALSE;
1641 if (EVP_PKEY_set1_DSA(eprikey, sslDSAKey)) {
1642 privkey->keyp = (void *)eprikey;
1643 } else {
1644 SET_ERROR(kmfh, ERR_get_error());
1645 rv = KMF_ERR_KEYGEN_FAILED;
1646 goto cleanup;
1647 }
1648
1649 pubkey->kstype = KMF_KEYSTORE_OPENSSL;
1650 pubkey->keyalg = KMF_DSA;
1651 pubkey->keyclass = KMF_ASYM_PUB;
1652 pubkey->israw = FALSE;
1653
1654 if (EVP_PKEY_set1_DSA(epubkey, sslDSAKey)) {
1655 pubkey->keyp = (void *)epubkey;
1656 } else {
1657 SET_ERROR(kmfh, ERR_get_error());
1658 rv = KMF_ERR_KEYGEN_FAILED;
1659 goto cleanup;
1660 }
1661 }
1662
1663 if (rv != KMF_OK) {
1664 goto cleanup;
1665 }
1666
1667 if (storekey) {
1668 KMF_ATTRIBUTE storeattrs[4]; /* max. 4 attributes needed */
1669 int i = 0;
1670 char *keyfile = NULL, *dirpath = NULL;
1671 KMF_ENCODE_FORMAT format;
1672 /*
1673 * Construct a new attribute arrray and call openssl_store_key
1674 */
1675 kmf_set_attr_at_index(storeattrs, i, KMF_PRIVKEY_HANDLE_ATTR,
1676 privkey, sizeof (privkey));
1677 i++;
1678
1679 dirpath = kmf_get_attr_ptr(KMF_DIRPATH_ATTR, attrlist, numattr);
1680 if (dirpath != NULL) {
1681 storeattrs[i].type = KMF_DIRPATH_ATTR;
1691 storeattrs[i].type = KMF_KEY_FILENAME_ATTR;
1692 storeattrs[i].pValue = keyfile;
1693 storeattrs[i].valueLen = strlen(keyfile);
1694 i++;
1695 } else {
1696 goto cleanup; /* KEYFILE is required */
1697 }
1698 rv = kmf_get_attr(KMF_ENCODE_FORMAT_ATTR, attrlist, numattr,
1699 (void *)&format, NULL);
1700 if (rv == KMF_OK) {
1701 storeattrs[i].type = KMF_ENCODE_FORMAT_ATTR;
1702 storeattrs[i].pValue = &format;
1703 storeattrs[i].valueLen = sizeof (format);
1704 i++;
1705 }
1706
1707 rv = OpenSSL_StoreKey(handle, i, storeattrs);
1708 }
1709
1710 cleanup:
1711 if (eValue_bn != NULL)
1712 BN_free(eValue_bn);
1713
1714 if (rv != KMF_OK) {
1715 if (eprikey != NULL)
1716 EVP_PKEY_free(eprikey);
1717
1718 if (epubkey != NULL)
1719 EVP_PKEY_free(epubkey);
1720
1721 if (pubkey->keylabel) {
1722 free(pubkey->keylabel);
1723 pubkey->keylabel = NULL;
1724 }
1725
1726 if (privkey->keylabel) {
1727 free(privkey->keylabel);
1728 privkey->keylabel = NULL;
1729 }
1730
1731 pubkey->keyp = NULL;
1732 privkey->keyp = NULL;
1733 }
1734
1735 if (sslPrivKey)
1736 RSA_free(sslPrivKey);
1737
1738 if (sslDSAKey)
1739 DSA_free(sslDSAKey);
1740
1741 if (out != NULL)
1742 (void) BIO_free(out);
1743
1744 return (rv);
1745 }
1746
1747 /*
1748 * Make sure the BN conversion is properly padded with 0x00
1749 * bytes. If not, signature verification for DSA signatures
1750 * may fail in the case where the bignum value does not use
1751 * all of the bits.
1752 */
1753 static int
1754 fixbnlen(const BIGNUM *bn, unsigned char *buf, int len) {
1755 int bytes = len - BN_num_bytes(bn);
1756
1757 /* prepend with leading 0x00 if necessary */
1758 while (bytes-- > 0)
1759 *buf++ = 0;
1760
1761 (void) BN_bn2bin(bn, buf);
1762 /*
1763 * Return the desired length since we prepended it
1764 * with the necessary 0x00 padding.
1765 */
1766 return (len);
1767 }
1768
1769 KMF_RETURN
1770 OpenSSL_SignData(KMF_HANDLE_T handle, KMF_KEY_HANDLE *key,
1771 KMF_OID *AlgOID, KMF_DATA *tobesigned, KMF_DATA *output)
1772 {
1773 KMF_RETURN ret = KMF_OK;
1774 KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
1775 KMF_ALGORITHM_INDEX AlgId;
1776 EVP_MD_CTX *ctx;
1777 const EVP_MD *md;
1778
1779 if (key == NULL || AlgOID == NULL ||
1780 tobesigned == NULL || output == NULL ||
1781 tobesigned->Data == NULL ||
1782 output->Data == NULL)
1783 return (KMF_ERR_BAD_PARAMETER);
1784
1785 /* Map the OID to an OpenSSL algorithm */
1786 AlgId = x509_algoid_to_algid(AlgOID);
1787 if (AlgId == KMF_ALGID_NONE)
1788 return (KMF_ERR_BAD_ALGORITHM);
1789
1790 if (key->keyalg == KMF_RSA) {
1791 EVP_PKEY *pkey = (EVP_PKEY *)key->keyp;
1792 uchar_t *p;
1793 int len;
1794 if (AlgId == KMF_ALGID_MD5WithRSA)
1795 md = EVP_md5();
1796 else if (AlgId == KMF_ALGID_SHA1WithRSA)
1801 md = EVP_sha384();
1802 else if (AlgId == KMF_ALGID_SHA512WithRSA)
1803 md = EVP_sha512();
1804 else if (AlgId == KMF_ALGID_RSA)
1805 md = NULL;
1806 else
1807 return (KMF_ERR_BAD_ALGORITHM);
1808
1809 if ((md == NULL) && (AlgId == KMF_ALGID_RSA)) {
1810 RSA *rsa = EVP_PKEY_get1_RSA((EVP_PKEY *)pkey);
1811
1812 p = output->Data;
1813 if ((len = RSA_private_encrypt(tobesigned->Length,
1814 tobesigned->Data, p, rsa,
1815 RSA_PKCS1_PADDING)) <= 0) {
1816 SET_ERROR(kmfh, ERR_get_error());
1817 ret = KMF_ERR_INTERNAL;
1818 }
1819 output->Length = len;
1820 } else {
1821 if ((ctx = EVP_MD_CTX_new()) == NULL)
1822 return (KMF_ERR_MEMORY);
1823 (void) EVP_SignInit_ex(ctx, md, NULL);
1824 (void) EVP_SignUpdate(ctx, tobesigned->Data,
1825 (uint32_t)tobesigned->Length);
1826 len = (uint32_t)output->Length;
1827 p = output->Data;
1828 if (!EVP_SignFinal(ctx, p, (uint32_t *)&len, pkey)) {
1829 SET_ERROR(kmfh, ERR_get_error());
1830 len = 0;
1831 ret = KMF_ERR_INTERNAL;
1832 }
1833 output->Length = len;
1834 EVP_MD_CTX_free(ctx);
1835 }
1836 } else if (key->keyalg == KMF_DSA) {
1837 DSA *dsa = EVP_PKEY_get1_DSA(key->keyp);
1838
1839 uchar_t hash[EVP_MAX_MD_SIZE];
1840 uint32_t hashlen;
1841 DSA_SIG *dsasig;
1842
1843 if (AlgId == KMF_ALGID_DSA ||
1844 AlgId == KMF_ALGID_SHA1WithDSA)
1845 md = EVP_sha1();
1846 else if (AlgId == KMF_ALGID_SHA256WithDSA)
1847 md = EVP_sha256();
1848 else /* Bad algorithm */
1849 return (KMF_ERR_BAD_ALGORITHM);
1850
1851 /*
1852 * OpenSSL EVP_Sign operation automatically converts to
1853 * ASN.1 output so we do the operations separately so we
1854 * are assured of NOT getting ASN.1 output returned.
1855 * KMF does not want ASN.1 encoded results because
1856 * not all mechanisms return ASN.1 encodings (PKCS#11
1857 * and NSS return raw signature data).
1858 */
1859 if ((ctx = EVP_MD_CTX_new()) == NULL)
1860 return (KMF_ERR_MEMORY);
1861 (void) EVP_DigestInit_ex(ctx, md, NULL);
1862 (void) EVP_DigestUpdate(ctx, tobesigned->Data,
1863 tobesigned->Length);
1864 (void) EVP_DigestFinal_ex(ctx, hash, &hashlen);
1865
1866 /* Only sign first 20 bytes for SHA2 */
1867 if (AlgId == KMF_ALGID_SHA256WithDSA)
1868 hashlen = 20;
1869 dsasig = DSA_do_sign(hash, hashlen, dsa);
1870 if (dsasig != NULL) {
1871 int i;
1872 const BIGNUM *r, *s;
1873
1874 DSA_SIG_get0(dsasig, &r, &s);
1875 output->Length = i = fixbnlen(r, output->Data,
1876 hashlen);
1877
1878 output->Length += fixbnlen(s, &output->Data[i],
1879 hashlen);
1880
1881 DSA_SIG_free(dsasig);
1882 } else {
1883 SET_ERROR(kmfh, ERR_get_error());
1884 }
1885 EVP_MD_CTX_free(ctx);
1886 } else {
1887 return (KMF_ERR_BAD_PARAMETER);
1888 }
1889 cleanup:
1890 return (ret);
1891 }
1892
1893 KMF_RETURN
1894 /*ARGSUSED*/
1895 OpenSSL_DeleteKey(KMF_HANDLE_T handle,
1896 int numattr, KMF_ATTRIBUTE *attrlist)
1897 {
1898 KMF_RETURN rv = KMF_OK;
1899 KMF_KEY_HANDLE *key;
1900 boolean_t destroy = B_TRUE;
1901
1902 key = kmf_get_attr_ptr(KMF_KEY_HANDLE_ATTR, attrlist, numattr);
1903 if (key == NULL || key->keyp == NULL)
1904 return (KMF_ERR_BAD_PARAMETER);
1905
2003 case KMF_X509_EXT_POLICY_CONSTRAINTS:
2004 return (OBJ_sn2nid("policyConstraints"));
2005 case KMF_X509_EXT_INHIBIT_ANY_POLICY:
2006 return (OBJ_sn2nid("inhibitAnyPolicy"));
2007 case KMF_X509_EXT_FRESHEST_CRL:
2008 return (OBJ_sn2nid("freshestCRL"));
2009 default:
2010 return (NID_undef);
2011 }
2012 }
2013
2014 KMF_RETURN
2015 OpenSSL_CertGetPrintable(KMF_HANDLE_T handle, const KMF_DATA *pcert,
2016 KMF_PRINTABLE_ITEM flag, char *resultStr)
2017 {
2018 KMF_RETURN ret = KMF_OK;
2019 KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
2020 X509 *xcert = NULL;
2021 unsigned char *outbuf = NULL;
2022 unsigned char *outbuf_p;
2023 int j;
2024 int ext_index, nid, len;
2025 BIO *mem = NULL;
2026 STACK_OF(OPENSSL_STRING) *emlst = NULL;
2027 X509_EXTENSION *ex;
2028
2029 if (pcert == NULL || pcert->Data == NULL || pcert->Length == 0) {
2030 return (KMF_ERR_BAD_PARAMETER);
2031 }
2032
2033 /* copy cert data to outbuf */
2034 outbuf = malloc(pcert->Length);
2035 if (outbuf == NULL) {
2036 return (KMF_ERR_MEMORY);
2037 }
2038 (void) memcpy(outbuf, pcert->Data, pcert->Length);
2039
2040 outbuf_p = outbuf; /* use a temp pointer; required by openssl */
2041 xcert = d2i_X509(NULL, (const uchar_t **)&outbuf_p, pcert->Length);
2042 if (xcert == NULL) {
2043 SET_ERROR(kmfh, ERR_get_error());
2044 ret = KMF_ERR_ENCODING;
2045 goto out;
2046 }
2047
2049 if (mem == NULL) {
2050 SET_ERROR(kmfh, ERR_get_error());
2051 ret = KMF_ERR_MEMORY;
2052 goto out;
2053 }
2054
2055 switch (flag) {
2056 case KMF_CERT_ISSUER:
2057 (void) X509_NAME_print_ex(mem, X509_get_issuer_name(xcert), 0,
2058 XN_FLAG_SEP_CPLUS_SPC);
2059 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2060 break;
2061
2062 case KMF_CERT_SUBJECT:
2063 (void) X509_NAME_print_ex(mem, X509_get_subject_name(xcert), 0,
2064 XN_FLAG_SEP_CPLUS_SPC);
2065 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2066 break;
2067
2068 case KMF_CERT_VERSION:
2069 (void) snprintf(resultStr, KMF_CERT_PRINTABLE_LEN,
2070 "%ld", X509_get_version(xcert));
2071 len = strlen(resultStr);
2072 break;
2073
2074 case KMF_CERT_SERIALNUM:
2075 if (i2a_ASN1_INTEGER(mem, X509_get_serialNumber(xcert)) > 0) {
2076 (void) strcpy(resultStr, "0x");
2077 len = BIO_gets(mem, &resultStr[2],
2078 KMF_CERT_PRINTABLE_LEN - 2);
2079 }
2080 break;
2081
2082 case KMF_CERT_NOTBEFORE:
2083 (void) ASN1_TIME_print(mem, X509_getm_notBefore(xcert));
2084 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2085 break;
2086
2087 case KMF_CERT_NOTAFTER:
2088 (void) ASN1_TIME_print(mem, X509_getm_notAfter(xcert));
2089 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2090 break;
2091
2092 case KMF_CERT_PUBKEY_DATA:
2093 {
2094 RSA *rsa;
2095 DSA *dsa;
2096
2097 EVP_PKEY *pkey = X509_get_pubkey(xcert);
2098 if (pkey == NULL) {
2099 SET_ERROR(kmfh, ERR_get_error());
2100 ret = KMF_ERR_ENCODING;
2101 goto out;
2102 }
2103
2104 if ((rsa = EVP_PKEY_get0_RSA(pkey)) != NULL) {
2105 (void) BIO_printf(mem,
2106 "RSA Public Key: (%d bit)\n",
2107 RSA_bits(rsa));
2108 (void) RSA_print(mem, rsa, 0);
2109
2110 } else if ((dsa = EVP_PKEY_get0_DSA(pkey)) != NULL) {
2111 (void) BIO_printf(mem,
2112 "%12sDSA Public Key:\n", "");
2113 (void) DSA_print(mem, dsa, 0);
2114 } else {
2115 (void) BIO_printf(mem,
2116 "%12sUnknown Public Key:\n", "");
2117 }
2118 (void) BIO_printf(mem, "\n");
2119 EVP_PKEY_free(pkey);
2120 }
2121 len = BIO_read(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2122 break;
2123 case KMF_CERT_SIGNATURE_ALG:
2124 case KMF_CERT_PUBKEY_ALG:
2125 {
2126 #if OPENSSL_VERSION_NUMBER < 0x10100000L
2127 ASN1_OBJECT *alg = NULL;
2128 #else
2129 const ASN1_OBJECT *alg = NULL;
2130 #endif
2131
2132 if (flag == KMF_CERT_SIGNATURE_ALG) {
2133 #if OPENSSL_VERSION_NUMBER < 0x10100000L
2134 alg = xcert->sig_alg->algorithm;
2135 #else
2136 const X509_ALGOR *sig_alg = NULL;
2137
2138 X509_get0_signature(NULL, &sig_alg, xcert);
2139 if (sig_alg != NULL)
2140 X509_ALGOR_get0(&alg, NULL, NULL,
2141 sig_alg);
2142 #endif
2143 } else {
2144 #if OPENSSL_VERSION_NUMBER < 0x10100000L
2145 alg = xcert->cert_info->key->algor->algorithm;
2146 #else
2147 X509_PUBKEY *key = X509_get_X509_PUBKEY(xcert);
2148
2149 if (key != NULL)
2150 (void) X509_PUBKEY_get0_param(
2151 (ASN1_OBJECT **)&alg, NULL, 0,
2152 NULL, key);
2153 #endif
2154 }
2155
2156 if (alg == NULL)
2157 len = -1;
2158 else if ((len = i2a_ASN1_OBJECT(mem, alg)) > 0)
2159 len = BIO_read(mem, resultStr,
2160 KMF_CERT_PRINTABLE_LEN);
2161 }
2162 break;
2163
2164 case KMF_CERT_EMAIL:
2165 emlst = X509_get1_email(xcert);
2166 for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
2167 (void) BIO_printf(mem, "%s\n",
2168 sk_OPENSSL_STRING_value(emlst, j));
2169
2170 len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2171 X509_email_free(emlst);
2172 break;
2173 case KMF_X509_EXT_ISSUER_ALTNAME:
2174 case KMF_X509_EXT_SUBJ_ALTNAME:
2175 case KMF_X509_EXT_KEY_USAGE:
2176 case KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD:
2177 case KMF_X509_EXT_CERT_POLICIES:
2178 case KMF_X509_EXT_BASIC_CONSTRAINTS:
2179 case KMF_X509_EXT_NAME_CONSTRAINTS:
2180 case KMF_X509_EXT_POLICY_CONSTRAINTS:
2181 case KMF_X509_EXT_EXT_KEY_USAGE:
2182 case KMF_X509_EXT_INHIBIT_ANY_POLICY:
2183 case KMF_X509_EXT_AUTH_KEY_ID:
2184 case KMF_X509_EXT_SUBJ_KEY_ID:
2185 case KMF_X509_EXT_POLICY_MAPPINGS:
2186 case KMF_X509_EXT_CRL_DIST_POINTS:
2187 case KMF_X509_EXT_FRESHEST_CRL:
2188 nid = ext2NID(flag);
2189 if (nid == NID_undef) {
2190 ret = KMF_ERR_EXTENSION_NOT_FOUND;
2191 goto out;
2192 }
2193
2194 ext_index = X509_get_ext_by_NID(xcert, nid, -1);
2195 if (ext_index == -1) {
2196 SET_ERROR(kmfh, ERR_get_error());
2197
2198 ret = KMF_ERR_EXTENSION_NOT_FOUND;
2199 goto out;
2200 }
2201 ex = X509_get_ext(xcert, ext_index);
2202
2203 (void) i2a_ASN1_OBJECT(mem, X509_EXTENSION_get_object(ex));
2204
2205 if (BIO_printf(mem, ": %s\n",
2206 X509_EXTENSION_get_critical(ex) ? "critical" : "") <= 0) {
2207 SET_ERROR(kmfh, ERR_get_error());
2208 ret = KMF_ERR_ENCODING;
2209 goto out;
2210 }
2211 if (!X509V3_EXT_print(mem, ex, X509V3_EXT_DUMP_UNKNOWN, 4)) {
2212 (void) BIO_printf(mem, "%*s", 4, "");
2213 (void) ASN1_STRING_print(mem,
2214 X509_EXTENSION_get_data(ex));
2215 }
2216 if (BIO_write(mem, "\n", 1) <= 0) {
2217 SET_ERROR(kmfh, ERR_get_error());
2218 ret = KMF_ERR_ENCODING;
2219 goto out;
2220 }
2221 len = BIO_read(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2222 }
2223 if (len <= 0) {
2224 SET_ERROR(kmfh, ERR_get_error());
2225 ret = KMF_ERR_ENCODING;
2226 }
2227
2228 out:
2229 if (outbuf != NULL) {
2230 free(outbuf);
2231 }
2232
2233 if (xcert != NULL) {
2234 X509_free(xcert);
2475 ret = KMF_ERR_ENCODING;
2476 }
2477
2478 end:
2479 /*
2480 * We don't need to free "id" explicitely, because OCSP_REQUEST_free()
2481 * will also deallocate certid's space.
2482 */
2483 if (req != NULL) {
2484 OCSP_REQUEST_free(req);
2485 }
2486
2487 if (derbio != NULL) {
2488 (void) BIO_free(derbio);
2489 }
2490
2491 return (ret);
2492 }
2493
2494 /* ocsp_find_signer_sk() is copied from openssl source */
2495 static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_BASICRESP *bs)
2496 {
2497 int i;
2498 unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
2499 const ASN1_OCTET_STRING *pid;
2500
2501 #if OPENSSL_VERSION_NUMBER < 0x10100000L
2502 OCSP_RESPID *id = bs->tbsResponseData->responderId;
2503
2504 if (id->type == V_OCSP_RESPID_NAME)
2505 return (X509_find_by_subject(certs, id->value.byName));
2506
2507 pid = id->value.byKey;
2508 #else
2509 const X509_NAME *pname;
2510
2511 if (OCSP_resp_get0_id(bs, &pid, &pname) == 0)
2512 return (NULL);
2513
2514 if (pname != NULL)
2515 return (X509_find_by_subject(certs, (X509_NAME *)pname));
2516 #endif
2517
2518 /* Lookup by key hash */
2519
2520 /* If key hash isn't SHA1 length then forget it */
2521 if (pid->length != SHA_DIGEST_LENGTH)
2522 return (NULL);
2523
2524 keyhash = pid->data;
2525 /* Calculate hash of each key and compare */
2526 for (i = 0; i < sk_X509_num(certs); i++) {
2527 /* LINTED E_BAD_PTR_CAST_ALIGN */
2528 X509 *x = sk_X509_value(certs, i);
2529 /* Use pubkey_digest to get the key ID value */
2530 (void) X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
2531 if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
2532 return (x);
2533 }
2534 return (NULL);
2535 }
2536
2537 /* ocsp_find_signer() is copied from openssl source */
2538 /* ARGSUSED2 */
2539 static int
2540 ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
2541 X509_STORE *st, unsigned long flags)
2542 {
2543 X509 *signer;
2544 if ((signer = ocsp_find_signer_sk(certs, bs))) {
2545 *psigner = signer;
2546 return (2);
2547 }
2548
2549 if (!(flags & OCSP_NOINTERN) &&
2550 (signer = ocsp_find_signer_sk(
2551 (STACK_OF(X509) *)OCSP_resp_get0_certs(bs), bs))) {
2552 *psigner = signer;
2553 return (1);
2554 }
2555 /* Maybe lookup from store if by subject name */
2556
2557 *psigner = NULL;
2558 return (0);
2559 }
2560
2561 /*
2562 * This function will verify the signature of a basic response, using
2563 * the public key from the OCSP responder certificate.
2564 */
2565 static KMF_RETURN
2566 check_response_signature(KMF_HANDLE_T handle, OCSP_BASICRESP *bs,
2567 KMF_DATA *signer_cert, KMF_DATA *issuer_cert)
2568 {
2569 KMF_RETURN ret = KMF_OK;
2570 KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
2571 STACK_OF(X509) *cert_stack = NULL;
2572 X509 *signer = NULL;
2573 X509 *issuer = NULL;
2574 #if OPENSSL_VERSION_NUMBER < 0x10100000L
2575 EVP_PKEY *skey = NULL;
2576 #else
2577 STACK_OF(X509) *cert_stack2 = NULL;
2578 #endif
2579 unsigned char *ptmp;
2580
2581 if (bs == NULL || issuer_cert == NULL)
2582 return (KMF_ERR_BAD_PARAMETER);
2583
2584 /*
2585 * Find the certificate that signed the basic response.
2586 *
2587 * If signer_cert is not NULL, we will use that as the signer cert.
2588 * Otherwise, we will check if the issuer cert is actually the signer.
2589 * If we still do not find a signer, we will look for it from the
2590 * certificate list came with the response file.
2591 */
2592 if (signer_cert != NULL) {
2593 ptmp = signer_cert->Data;
2594 signer = d2i_X509(NULL, (const uchar_t **)&ptmp,
2595 signer_cert->Length);
2596 if (signer == NULL) {
2597 SET_ERROR(kmfh, ERR_get_error());
2598 ret = KMF_ERR_OCSP_BAD_SIGNER;
2599 goto end;
2600 }
2614
2615 if ((cert_stack = sk_X509_new_null()) == NULL) {
2616 ret = KMF_ERR_INTERNAL;
2617 goto end;
2618 }
2619
2620 if (sk_X509_push(cert_stack, issuer) == NULL) {
2621 ret = KMF_ERR_INTERNAL;
2622 goto end;
2623 }
2624
2625 ret = ocsp_find_signer(&signer, bs, cert_stack, NULL, 0);
2626 if (!ret) {
2627 /* can not find the signer */
2628 ret = KMF_ERR_OCSP_BAD_SIGNER;
2629 goto end;
2630 }
2631 }
2632
2633 /* Verify the signature of the response */
2634 #if OPENSSL_VERSION_NUMBER < 0x10100000L
2635 skey = X509_get_pubkey(signer);
2636 if (skey == NULL) {
2637 ret = KMF_ERR_OCSP_BAD_SIGNER;
2638 goto end;
2639 }
2640
2641 ret = OCSP_BASICRESP_verify(bs, skey, 0);
2642 #else
2643 /*
2644 * Technique based on
2645 * https://mta.openssl.org/pipermail/openssl-users/
2646 * 2017-October/006814.html
2647 */
2648 if ((cert_stack2 = sk_X509_new_null()) == NULL) {
2649 ret = KMF_ERR_INTERNAL;
2650 goto end;
2651 }
2652
2653 if (sk_X509_push(cert_stack2, signer) == NULL) {
2654 ret = KMF_ERR_INTERNAL;
2655 goto end;
2656 }
2657
2658 ret = OCSP_basic_verify(bs, cert_stack2, NULL, OCSP_NOVERIFY);
2659 #endif
2660
2661 if (ret == 0) {
2662 ret = KMF_ERR_OCSP_RESPONSE_SIGNATURE;
2663 goto end;
2664 }
2665
2666 end:
2667 if (issuer != NULL) {
2668 X509_free(issuer);
2669 }
2670
2671 if (signer != NULL) {
2672 X509_free(signer);
2673 }
2674
2675 #if OPENSSL_VERSION_NUMBER < 0x10100000L
2676 if (skey != NULL) {
2677 EVP_PKEY_free(skey);
2678 }
2679 #else
2680 if (cert_stack2 != NULL) {
2681 sk_X509_free(cert_stack2);
2682 }
2683 #endif
2684
2685 if (cert_stack != NULL) {
2686 sk_X509_free(cert_stack);
2687 }
2688
2689 return (ret);
2690 }
2691
2692 KMF_RETURN
2693 OpenSSL_GetOCSPStatusForCert(KMF_HANDLE_T handle,
2694 int numattr, KMF_ATTRIBUTE *attrlist)
2695 {
2696 KMF_RETURN ret = KMF_OK;
2697 BIO *derbio = NULL;
2698 OCSP_RESPONSE *resp = NULL;
2699 OCSP_BASICRESP *bs = NULL;
2700 OCSP_CERTID *id = NULL;
2701 OCSP_SINGLERESP *single = NULL;
2702 ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
2703 int index, status, reason;
2704 KMF_DATA *issuer_cert;
2705 KMF_DATA *user_cert;
2706 KMF_DATA *signer_cert;
2707 KMF_DATA *response;
2708 int *response_reason, *response_status, *cert_status;
2709 boolean_t ignore_response_sign = B_FALSE; /* default is FALSE */
2710 uint32_t response_lifetime;
2711
2860 OCSP_CERTID_free(id);
2861
2862 return (ret);
2863 }
2864
2865 static KMF_RETURN
2866 fetch_key(KMF_HANDLE_T handle, char *path,
2867 KMF_KEY_CLASS keyclass, KMF_KEY_HANDLE *key)
2868 {
2869 KMF_RETURN rv = KMF_OK;
2870 EVP_PKEY *pkey = NULL;
2871 KMF_RAW_SYM_KEY *rkey = NULL;
2872
2873 if (keyclass == KMF_ASYM_PRI ||
2874 keyclass == KMF_ASYM_PUB) {
2875 pkey = openssl_load_key(handle, path);
2876 if (pkey == NULL) {
2877 return (KMF_ERR_KEY_NOT_FOUND);
2878 }
2879 if (key != NULL) {
2880 if (EVP_PKEY_get0_RSA(pkey) != NULL)
2881 key->keyalg = KMF_RSA;
2882 else if (EVP_PKEY_get0_DSA(pkey) != NULL)
2883 key->keyalg = KMF_DSA;
2884
2885 key->kstype = KMF_KEYSTORE_OPENSSL;
2886 key->keyclass = keyclass;
2887 key->keyp = (void *)pkey;
2888 key->israw = FALSE;
2889 if (path != NULL &&
2890 ((key->keylabel = strdup(path)) == NULL)) {
2891 EVP_PKEY_free(pkey);
2892 return (KMF_ERR_MEMORY);
2893 }
2894 } else {
2895 EVP_PKEY_free(pkey);
2896 pkey = NULL;
2897 }
2898 } else if (keyclass == KMF_SYMMETRIC) {
2899 KMF_ENCODE_FORMAT fmt;
2900 /*
2901 * If the file is a recognized format,
2902 * then it is NOT a symmetric key.
3059 }
3060 }
3061
3062 if (rv == KMF_OK && (*numkeys) == 0)
3063 rv = KMF_ERR_KEY_NOT_FOUND;
3064 else if (rv == KMF_ERR_KEY_NOT_FOUND && (*numkeys) > 0)
3065 rv = KMF_OK;
3066
3067 return (rv);
3068 }
3069
3070 #define HANDLE_PK12_ERROR { \
3071 SET_ERROR(kmfh, ERR_get_error()); \
3072 rv = KMF_ERR_ENCODING; \
3073 goto out; \
3074 }
3075
3076 static int
3077 add_alias_to_bag(PKCS12_SAFEBAG *bag, X509 *xcert)
3078 {
3079 unsigned char *alias;
3080 int len;
3081
3082 if (xcert != NULL && (alias = X509_alias_get0(xcert, &len)) != NULL) {
3083 if (PKCS12_add_friendlyname_asc(bag,
3084 (const char *)alias, len) == 0)
3085 return (0);
3086 }
3087 return (1);
3088 }
3089
3090 static PKCS7 *
3091 add_cert_to_safe(X509 *sslcert, KMF_CREDENTIAL *cred,
3092 uchar_t *keyid, unsigned int keyidlen)
3093 {
3094 PKCS12_SAFEBAG *bag = NULL;
3095 PKCS7 *cert_authsafe = NULL;
3096 STACK_OF(PKCS12_SAFEBAG) *bag_stack;
3097
3098 bag_stack = sk_PKCS12_SAFEBAG_new_null();
3099 if (bag_stack == NULL)
3100 return (NULL);
3101
3102 /* Convert cert from X509 struct to PKCS#12 bag */
3103 bag = PKCS12_SAFEBAG_create_cert(sslcert);
3104 if (bag == NULL) {
3105 goto out;
3106 }
3107
3108 /* Add the key id to the certificate bag. */
3109 if (keyidlen > 0 && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) {
3110 goto out;
3111 }
3112
3113 if (!add_alias_to_bag(bag, sslcert))
3114 goto out;
3115
3116 /* Pile it on the bag_stack. */
3117 if (!sk_PKCS12_SAFEBAG_push(bag_stack, bag)) {
3118 goto out;
3119 }
3120 /* Turn bag_stack of certs into encrypted authsafe. */
3121 cert_authsafe = PKCS12_pack_p7encdata(
3122 NID_pbe_WithSHA1And40BitRC2_CBC,
3123 cred->cred, cred->credlen, NULL, 0,
3128 sk_PKCS12_SAFEBAG_pop_free(bag_stack, PKCS12_SAFEBAG_free);
3129
3130 return (cert_authsafe);
3131 }
3132
3133 static PKCS7 *
3134 add_key_to_safe(EVP_PKEY *pkey, KMF_CREDENTIAL *cred,
3135 uchar_t *keyid, unsigned int keyidlen,
3136 char *label, int label_len)
3137 {
3138 PKCS8_PRIV_KEY_INFO *p8 = NULL;
3139 STACK_OF(PKCS12_SAFEBAG) *bag_stack = NULL;
3140 PKCS12_SAFEBAG *bag = NULL;
3141 PKCS7 *key_authsafe = NULL;
3142
3143 p8 = EVP_PKEY2PKCS8(pkey);
3144 if (p8 == NULL) {
3145 return (NULL);
3146 }
3147 /* Put the shrouded key into a PKCS#12 bag. */
3148 bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(
3149 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
3150 cred->cred, cred->credlen,
3151 NULL, 0, PKCS12_DEFAULT_ITER, p8);
3152
3153 /* Clean up the PKCS#8 shrouded key, don't need it now. */
3154 PKCS8_PRIV_KEY_INFO_free(p8);
3155 p8 = NULL;
3156
3157 if (bag == NULL) {
3158 return (NULL);
3159 }
3160 if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
3161 goto out;
3162 if (label != NULL && !PKCS12_add_friendlyname(bag, label, label_len))
3163 goto out;
3164
3165 /* Start a PKCS#12 safebag container for the private key. */
3166 bag_stack = sk_PKCS12_SAFEBAG_new_null();
3167 if (bag_stack == NULL)
3168 goto out;
3169
3170 /* Pile on the private key on the bag_stack. */
3171 if (!sk_PKCS12_SAFEBAG_push(bag_stack, bag))
3172 goto out;
3173
3174 key_authsafe = PKCS12_pack_p7data(bag_stack);
3175
3176 out:
3177 if (bag_stack != NULL)
3178 sk_PKCS12_SAFEBAG_pop_free(bag_stack, PKCS12_SAFEBAG_free);
3179 bag_stack = NULL;
3180 return (key_authsafe);
3181 }
3182
3183 static EVP_PKEY *
3184 ImportRawRSAKey(KMF_RAW_RSA_KEY *key)
3185 {
3186 RSA *rsa = NULL;
3187 EVP_PKEY *newkey = NULL;
3188 BIGNUM *n = NULL, *e = NULL, *d = NULL,
3189 *p = NULL, *q = NULL,
3190 *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
3191
3192 if ((rsa = RSA_new()) == NULL)
3193 goto cleanup;
3194
3195 if ((n = BN_bin2bn(key->mod.val, key->mod.len, NULL)) == NULL)
3196 goto cleanup;
3197
3198 if ((e = BN_bin2bn(key->pubexp.val, key->pubexp.len, NULL)) == NULL)
3199 goto cleanup;
3200
3201 if (key->priexp.val != NULL &&
3202 (d = BN_bin2bn(key->priexp.val, key->priexp.len, NULL)) == NULL)
3203 goto cleanup;
3204
3205 if (key->prime1.val != NULL &&
3206 (p = BN_bin2bn(key->prime1.val, key->prime1.len, NULL)) == NULL)
3207 goto cleanup;
3208
3209 if (key->prime2.val != NULL &&
3210 (q = BN_bin2bn(key->prime2.val, key->prime2.len, NULL)) == NULL)
3211 goto cleanup;
3212
3213 if (key->exp1.val != NULL &&
3214 (dmp1 = BN_bin2bn(key->exp1.val, key->exp1.len, NULL)) == NULL)
3215 goto cleanup;
3216
3217 if (key->exp2.val != NULL &&
3218 (dmq1 = BN_bin2bn(key->exp2.val, key->exp2.len, NULL)) == NULL)
3219 goto cleanup;
3220
3221 if (key->coef.val != NULL &&
3222 (iqmp = BN_bin2bn(key->coef.val, key->coef.len, NULL)) == NULL)
3223 goto cleanup;
3224
3225 if (RSA_set0_key(rsa, n, e, d) == 0)
3226 goto cleanup;
3227 n = e = d = NULL;
3228 if (RSA_set0_factors(rsa, p, q) == 0)
3229 goto cleanup;
3230 p = q = NULL;
3231 if (RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp) == 0)
3232 goto cleanup;
3233 dmp1 = dmq1 = iqmp = NULL;
3234
3235 if ((newkey = EVP_PKEY_new()) == NULL)
3236 goto cleanup;
3237
3238 (void) EVP_PKEY_set1_RSA(newkey, rsa);
3239
3240 cleanup:
3241 /* The original key must be freed once here or it leaks memory */
3242 if (rsa)
3243 RSA_free(rsa);
3244 BN_free(n);
3245 BN_free(e);
3246 BN_free(d);
3247 BN_free(p);
3248 BN_free(q);
3249 BN_free(dmp1);
3250 BN_free(dmq1);
3251 BN_free(iqmp);
3252
3253 return (newkey);
3254 }
3255
3256 static EVP_PKEY *
3257 ImportRawDSAKey(KMF_RAW_DSA_KEY *key)
3258 {
3259 DSA *dsa = NULL;
3260 EVP_PKEY *newkey = NULL;
3261 BIGNUM *p = NULL, *q = NULL, *g = NULL,
3262 *priv_key = NULL, *pub_key = NULL;
3263
3264 if ((dsa = DSA_new()) == NULL)
3265 goto cleanup;
3266
3267 if ((p = BN_bin2bn(key->prime.val, key->prime.len, NULL)) == NULL)
3268 goto cleanup;
3269
3270 if ((q = BN_bin2bn(key->subprime.val, key->subprime.len, NULL)) == NULL)
3271 goto cleanup;
3272
3273 if ((g = BN_bin2bn(key->base.val, key->base.len, NULL)) == NULL)
3274 goto cleanup;
3275
3276 if ((priv_key = BN_bin2bn(key->value.val, key->value.len,
3277 NULL)) == NULL)
3278 goto cleanup;
3279
3280 if (key->pubvalue.val != NULL && (pub_key =
3281 BN_bin2bn(key->pubvalue.val, key->pubvalue.len, NULL)) == NULL)
3282 goto cleanup;
3283
3284 if (DSA_set0_pqg(dsa, p, q, g) == 0)
3285 goto cleanup;
3286 p = q = g = NULL;
3287 if (DSA_set0_key(dsa, pub_key, priv_key) == 0)
3288 goto cleanup;
3289 pub_key = priv_key = 0;
3290
3291 if ((newkey = EVP_PKEY_new()) == NULL)
3292 goto cleanup;
3293
3294 (void) EVP_PKEY_set1_DSA(newkey, dsa);
3295
3296 cleanup:
3297 /* The original key must be freed once here or it leaks memory */
3298 if (dsa)
3299 DSA_free(dsa);
3300 BN_free(p);
3301 BN_free(q);
3302 BN_free(g);
3303 BN_free(priv_key);
3304 BN_free(pub_key);
3305
3306 return (newkey);
3307 }
3308
3309 static EVP_PKEY *
3310 raw_key_to_pkey(KMF_KEY_HANDLE *key)
3311 {
3312 EVP_PKEY *pkey = NULL;
3313 KMF_RAW_KEY_DATA *rawkey;
3314 ASN1_TYPE *attr = NULL;
3315 KMF_RETURN ret;
3316
3317 if (key == NULL || !key->israw)
3318 return (NULL);
3319
3320 rawkey = (KMF_RAW_KEY_DATA *)key->keyp;
3321 if (rawkey->keytype == KMF_RSA) {
3322 pkey = ImportRawRSAKey(&rawkey->rawdata.rsa);
3323 } else if (rawkey->keytype == KMF_DSA) {
3324 pkey = ImportRawDSAKey(&rawkey->rawdata.dsa);
3325 } else if (rawkey->keytype == KMF_ECDSA) {
3800 else if (priv_key != NULL && pkey != NULL)
3801 *priv_key = pkey;
3802
3803 err:
3804 /* Cleanup the stack of X509 info records */
3805 for (i = 0; i < sk_X509_INFO_num(x509_info_stack); i++) {
3806 /* LINTED E_BAD_PTR_CAST_ALIGN */
3807 info = (X509_INFO *)sk_X509_INFO_value(x509_info_stack, i);
3808 X509_INFO_free(info);
3809 }
3810 if (x509_info_stack)
3811 sk_X509_INFO_free(x509_info_stack);
3812
3813 if (cert_infos != NULL)
3814 free(cert_infos);
3815
3816 return (rv);
3817 }
3818
3819 static KMF_RETURN
3820 openssl_parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, char *pin,
3821 STACK_OF(EVP_PKEY) *keys, STACK_OF(X509) *certs)
3822 {
3823 KMF_RETURN ret;
3824 int i;
3825
3826 for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
3827 /* LINTED E_BAD_PTR_CAST_ALIGN */
3828 PKCS12_SAFEBAG *bag = sk_PKCS12_SAFEBAG_value(bags, i);
3829 ret = openssl_parse_bag(bag, pin, (pin ? strlen(pin) : 0),
3830 keys, certs);
3831
3832 if (ret != KMF_OK)
3833 return (ret);
3834 }
3835
3836 return (ret);
3837 }
3838
3839 static KMF_RETURN
3840 set_pkey_attrib(EVP_PKEY *pkey, ASN1_TYPE *attrib, int nid)
3841 {
3842 X509_ATTRIBUTE *attr = NULL;
3843
3844 if (pkey == NULL || attrib == NULL)
3845 return (KMF_ERR_BAD_PARAMETER);
3846
3847 attr = X509_ATTRIBUTE_create(nid, attrib->type, attrib->value.ptr);
3848 if (attr != NULL) {
3849 int i;
3850
3851 if ((i = EVP_PKEY_get_attr_by_NID(pkey, nid, -1)) != -1)
3852 (void) EVP_PKEY_delete_attr(pkey, i);
3853 if (EVP_PKEY_add1_attr(pkey, attr) == 0) {
3854 X509_ATTRIBUTE_free(attr);
3855 return (KMF_ERR_MEMORY);
3856 }
3857 } else {
3858 return (KMF_ERR_MEMORY);
3859 }
3860
3861 return (KMF_OK);
3862 }
3863
3864 static KMF_RETURN
3865 openssl_parse_bag(PKCS12_SAFEBAG *bag, char *pass, int passlen,
3866 STACK_OF(EVP_PKEY) *keylist, STACK_OF(X509) *certlist)
3867 {
3868 KMF_RETURN ret = KMF_OK;
3869 PKCS8_PRIV_KEY_INFO *p8 = NULL;
3870 EVP_PKEY *pkey = NULL;
3871 X509 *xcert = NULL;
3872 const ASN1_TYPE *keyid = NULL;
3873 const ASN1_TYPE *fname = NULL;
3874 uchar_t *data = NULL;
3875
3876 keyid = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID);
3877 fname = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName);
3878
3879 switch (PKCS12_SAFEBAG_get_nid(bag)) {
3880 case NID_keyBag:
3881 if (keylist == NULL)
3882 goto end;
3883 pkey = EVP_PKCS82PKEY(
3884 PKCS12_SAFEBAG_get0_p8inf(bag));
3885 if (pkey == NULL)
3886 ret = KMF_ERR_PKCS12_FORMAT;
3887
3888 break;
3889 case NID_pkcs8ShroudedKeyBag:
3890 if (keylist == NULL)
3891 goto end;
3892 p8 = PKCS12_decrypt_skey(bag, pass, passlen);
3893 if (p8 == NULL)
3894 return (KMF_ERR_AUTH_FAILED);
3895 pkey = EVP_PKCS82PKEY(p8);
3896 PKCS8_PRIV_KEY_INFO_free(p8);
3897 if (pkey == NULL)
3898 ret = KMF_ERR_PKCS12_FORMAT;
3899 break;
3900 case NID_certBag:
3901 if (certlist == NULL)
3902 goto end;
3903 if (PKCS12_SAFEBAG_get_bag_nid(bag) !=
3904 NID_x509Certificate)
3905 return (KMF_ERR_PKCS12_FORMAT);
3906 xcert = PKCS12_SAFEBAG_get1_cert(bag);
3907 if (xcert == NULL) {
3908 ret = KMF_ERR_PKCS12_FORMAT;
3909 goto end;
3910 }
3911 if (keyid != NULL) {
3912 if (X509_keyid_set1(xcert,
3913 keyid->value.octet_string->data,
3914 keyid->value.octet_string->length) == 0) {
3915 ret = KMF_ERR_PKCS12_FORMAT;
3916 goto end;
3917 }
3918 }
3919 if (fname != NULL) {
3920 int len, r;
3921 len = ASN1_STRING_to_UTF8(&data,
3922 fname->value.asn1_string);
3923 if (len > 0 && data != NULL) {
3924 r = X509_alias_set1(xcert, data, len);
3925 if (r == NULL) {
3926 ret = KMF_ERR_PKCS12_FORMAT;
3927 goto end;
3928 }
3929 } else {
3930 ret = KMF_ERR_PKCS12_FORMAT;
3931 goto end;
3932 }
3933 }
3934 if (sk_X509_push(certlist, xcert) == 0)
3935 ret = KMF_ERR_MEMORY;
3936 else
3937 xcert = NULL;
3938 break;
3939 case NID_safeContentsBag:
3940 return (openssl_parse_bags(
3941 PKCS12_SAFEBAG_get0_safes(bag),
3942 pass, keylist, certlist));
3943 default:
3944 ret = KMF_ERR_PKCS12_FORMAT;
3945 break;
3946 }
3947
3948 /*
3949 * Set the ID and/or FriendlyName attributes on the key.
3950 * If converting to PKCS11 objects, these can translate to CKA_ID
3951 * and CKA_LABEL values.
3952 */
3953 if (pkey != NULL && ret == KMF_OK) {
3954 ASN1_TYPE *attr = NULL;
3955 if (keyid != NULL && keyid->type == V_ASN1_OCTET_STRING) {
3956 if ((attr = ASN1_TYPE_new()) == NULL)
3957 return (KMF_ERR_MEMORY);
3958 attr->value.octet_string =
3959 ASN1_STRING_dup(keyid->value.octet_string);
3960 attr->type = V_ASN1_OCTET_STRING;
3961 attr->value.ptr = (char *)attr->value.octet_string;
3962 ret = set_pkey_attrib(pkey, attr, NID_localKeyID);
4132 to->val = (uchar_t *)malloc(sz);
4133 if (to->val == NULL)
4134 return (KMF_ERR_MEMORY);
4135
4136 if ((to->len = BN_bn2bin(from, to->val)) != sz) {
4137 free(to->val);
4138 to->val = NULL;
4139 to->len = 0;
4140 rv = KMF_ERR_MEMORY;
4141 }
4142
4143 return (rv);
4144 }
4145
4146 static KMF_RETURN
4147 exportRawRSAKey(RSA *rsa, KMF_RAW_KEY_DATA *key)
4148 {
4149 KMF_RETURN rv;
4150 KMF_RAW_RSA_KEY *kmfkey = &key->rawdata.rsa;
4151
4152 const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmpq, *iqmp;
4153
4154 RSA_get0_key(rsa, &n, &e, &d);
4155 RSA_get0_factors(rsa, &p, &q);
4156 RSA_get0_crt_params(rsa, &dmp1, &dmpq, &iqmp);
4157
4158 (void) memset(kmfkey, 0, sizeof (KMF_RAW_RSA_KEY));
4159 if ((rv = sslBN2KMFBN((BIGNUM *)n, &kmfkey->mod)) != KMF_OK)
4160 goto cleanup;
4161
4162 if ((rv = sslBN2KMFBN((BIGNUM *)e, &kmfkey->pubexp)) != KMF_OK)
4163 goto cleanup;
4164
4165 if (d != NULL)
4166 if ((rv = sslBN2KMFBN((BIGNUM *)d, &kmfkey->priexp)) != KMF_OK)
4167 goto cleanup;
4168
4169 if (p != NULL)
4170 if ((rv = sslBN2KMFBN((BIGNUM *)p, &kmfkey->prime1)) != KMF_OK)
4171 goto cleanup;
4172
4173 if (q != NULL)
4174 if ((rv = sslBN2KMFBN((BIGNUM *)q, &kmfkey->prime2)) != KMF_OK)
4175 goto cleanup;
4176
4177 if (dmp1 != NULL)
4178 if ((rv = sslBN2KMFBN((BIGNUM *)dmp1, &kmfkey->exp1)) != KMF_OK)
4179 goto cleanup;
4180
4181 if (dmpq != NULL)
4182 if ((rv = sslBN2KMFBN((BIGNUM *)dmpq, &kmfkey->exp2)) != KMF_OK)
4183 goto cleanup;
4184
4185 if (iqmp != NULL)
4186 if ((rv = sslBN2KMFBN((BIGNUM *)iqmp, &kmfkey->coef)) != KMF_OK)
4187 goto cleanup;
4188 cleanup:
4189 if (rv != KMF_OK)
4190 kmf_free_raw_key(key);
4191 else
4192 key->keytype = KMF_RSA;
4193
4194 /*
4195 * Free the reference to this key, SSL will not actually free
4196 * the memory until the refcount == 0, so this is safe.
4197 */
4198 RSA_free(rsa);
4199
4200 return (rv);
4201 }
4202
4203 static KMF_RETURN
4204 exportRawDSAKey(DSA *dsa, KMF_RAW_KEY_DATA *key)
4205 {
4206 KMF_RETURN rv;
4207 KMF_RAW_DSA_KEY *kmfkey = &key->rawdata.dsa;
4208 const BIGNUM *p, *q, *g, *priv_key;
4209
4210 DSA_get0_pqg(dsa, &p, &q, &g);
4211 DSA_get0_key(dsa, NULL, &priv_key);
4212
4213 (void) memset(kmfkey, 0, sizeof (KMF_RAW_DSA_KEY));
4214 if ((rv = sslBN2KMFBN((BIGNUM *)p, &kmfkey->prime)) != KMF_OK)
4215 goto cleanup;
4216
4217 if ((rv = sslBN2KMFBN((BIGNUM *)q, &kmfkey->subprime)) != KMF_OK)
4218 goto cleanup;
4219
4220 if ((rv = sslBN2KMFBN((BIGNUM *)g, &kmfkey->base)) != KMF_OK)
4221 goto cleanup;
4222
4223 if ((rv = sslBN2KMFBN((BIGNUM *)priv_key, &kmfkey->value)) != KMF_OK)
4224 goto cleanup;
4225
4226 cleanup:
4227 if (rv != KMF_OK)
4228 kmf_free_raw_key(key);
4229 else
4230 key->keytype = KMF_DSA;
4231
4232 /*
4233 * Free the reference to this key, SSL will not actually free
4234 * the memory until the refcount == 0, so this is safe.
4235 */
4236 DSA_free(dsa);
4237
4238 return (rv);
4239 }
4240
4241 static KMF_RETURN
4242 add_cert_to_list(KMF_HANDLE *kmfh, X509 *sslcert,
4243 KMF_X509_DER_CERT **certlist, int *ncerts)
4286 int n = (*nkeys);
4287
4288 if (list == NULL) {
4289 list = (KMF_RAW_KEY_DATA *)malloc(sizeof (KMF_RAW_KEY_DATA));
4290 } else {
4291 list = (KMF_RAW_KEY_DATA *)realloc(list,
4292 sizeof (KMF_RAW_KEY_DATA) * (n + 1));
4293 }
4294
4295 if (list == NULL)
4296 return (KMF_ERR_MEMORY);
4297
4298 list[n] = *newkey;
4299 (*nkeys) = n + 1;
4300
4301 *keylist = list;
4302
4303 return (KMF_OK);
4304 }
4305
4306 static KMF_RETURN
4307 convertToRawKey(EVP_PKEY *pkey, KMF_RAW_KEY_DATA *key)
4308 {
4309 KMF_RETURN rv = KMF_OK;
4310 X509_ATTRIBUTE *attr;
4311 RSA *rsa;
4312 DSA *dsa;
4313 int loc;
4314
4315 if (pkey == NULL || key == NULL)
4316 return (KMF_ERR_BAD_PARAMETER);
4317 /* Convert SSL key to raw key */
4318 if ((rsa = EVP_PKEY_get1_RSA(pkey)) != NULL) {
4319 rv = exportRawRSAKey(rsa, key);
4320 if (rv != KMF_OK)
4321 return (rv);
4322 } else if ((dsa = EVP_PKEY_get1_DSA(pkey)) != NULL) {
4323 rv = exportRawDSAKey(dsa, key);
4324 if (rv != KMF_OK)
4325 return (rv);
4326 } else
4327 return (KMF_ERR_BAD_PARAMETER);
4328
4329 /*
4330 * If friendlyName, add it to record.
4331 */
4332
4333 if ((loc = EVP_PKEY_get_attr_by_NID(pkey,
4334 NID_friendlyName, -1)) != -1 &&
4335 (attr = EVP_PKEY_get_attr(pkey, loc))) {
4336 ASN1_TYPE *ty = NULL;
4337 int numattr = X509_ATTRIBUTE_count(attr);
4338 if (numattr > 0) {
4339 ty = X509_ATTRIBUTE_get0_type(attr, 0);
4340 }
4341 if (ty != NULL) {
4342 key->label = OPENSSL_uni2asc(ty->value.bmpstring->data,
4343 ty->value.bmpstring->length);
4344 }
4345 } else {
4346 key->label = NULL;
4347 }
4348
4349 /*
4350 * If KeyID, add it to record as a KMF_DATA object.
4351 */
4352 if ((loc = EVP_PKEY_get_attr_by_NID(pkey,
4353 NID_localKeyID, -1)) != -1 &&
4354 (attr = EVP_PKEY_get_attr(pkey, loc)) != NULL) {
4355 ASN1_TYPE *ty = NULL;
4356 int numattr = X509_ATTRIBUTE_count(attr);
4357 if (numattr > 0)
4358 ty = X509_ATTRIBUTE_get0_type(attr, 0);
4359 key->id.Data = (uchar_t *)malloc(
4360 ty->value.octet_string->length);
4361 if (key->id.Data == NULL)
4362 return (KMF_ERR_MEMORY);
4363 (void) memcpy(key->id.Data, ty->value.octet_string->data,
4364 ty->value.octet_string->length);
4365 key->id.Length = ty->value.octet_string->length;
4366 } else {
4367 (void) memset(&key->id, 0, sizeof (KMF_DATA));
4368 }
4369
4370 return (rv);
4371 }
4372
4373 static KMF_RETURN
4374 convertPK12Objects(
4375 KMF_HANDLE *kmfh,
4376 STACK_OF(EVP_PKEY) *sslkeys,
4377 STACK_OF(X509) *sslcert,
4378 STACK_OF(X509) *sslcacerts,
5447 in = BIO_new_file(certfile, "rb");
5448 if (in == NULL) {
5449 SET_ERROR(kmfh, ERR_get_error());
5450 ret = KMF_ERR_OPEN_FILE;
5451 goto end;
5452 }
5453
5454 if (format == KMF_FORMAT_ASN1) {
5455 xcert = d2i_X509_bio(in, NULL);
5456 } else if (format == KMF_FORMAT_PEM) {
5457 xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
5458 }
5459
5460 if (xcert == NULL) {
5461 SET_ERROR(kmfh, ERR_get_error());
5462 ret = KMF_ERR_BAD_CERTFILE;
5463 goto end;
5464 }
5465
5466 /* Check if the certificate and the CRL have same issuer */
5467 if (X509_NAME_cmp(X509_get_issuer_name(xcert),
5468 X509_CRL_get_issuer(xcrl)) != 0) {
5469 ret = KMF_ERR_ISSUER;
5470 goto end;
5471 }
5472
5473 /* Check to see if the certificate serial number is revoked */
5474 revoke_stack = X509_CRL_get_REVOKED(xcrl);
5475 if (sk_X509_REVOKED_num(revoke_stack) <= 0) {
5476 /* No revoked certificates in the CRL file */
5477 SET_ERROR(kmfh, ERR_get_error());
5478 ret = KMF_ERR_EMPTY_CRL;
5479 goto end;
5480 }
5481
5482 for (i = 0; i < sk_X509_REVOKED_num(revoke_stack); i++) {
5483 /* LINTED E_BAD_PTR_CAST_ALIGN */
5484 revoke = sk_X509_REVOKED_value(revoke_stack, i);
5485 if (ASN1_INTEGER_cmp(X509_get_serialNumber(xcert),
5486 X509_REVOKED_get0_serialNumber(revoke)) == 0) {
5487 break;
5488 }
5489 }
5490
5491 if (i < sk_X509_REVOKED_num(revoke_stack)) {
5492 ret = KMF_OK;
5493 } else {
5494 ret = KMF_ERR_NOT_REVOKED;
5495 }
5496
5497 end:
5498 if (in != NULL)
5499 (void) BIO_free(in);
5500 if (xcrl != NULL)
5501 X509_CRL_free(xcrl);
5502 if (xcert != NULL)
5503 X509_free(xcert);
5504
5505 return (ret);
5506 }
5609 if (ret != KMF_OK)
5610 return (ret);
5611
5612 bcrl = BIO_new_file(crlname, "rb");
5613 if (bcrl == NULL) {
5614 SET_ERROR(kmfh, ERR_get_error());
5615 ret = KMF_ERR_OPEN_FILE;
5616 goto cleanup;
5617 }
5618
5619 if (crl_format == KMF_FORMAT_ASN1)
5620 xcrl = d2i_X509_CRL_bio(bcrl, NULL);
5621 else if (crl_format == KMF_FORMAT_PEM)
5622 xcrl = PEM_read_bio_X509_CRL(bcrl, NULL, NULL, NULL);
5623
5624 if (xcrl == NULL) {
5625 SET_ERROR(kmfh, ERR_get_error());
5626 ret = KMF_ERR_BAD_CRLFILE;
5627 goto cleanup;
5628 }
5629 i = X509_cmp_time(X509_CRL_get0_lastUpdate(xcrl), NULL);
5630 if (i >= 0) {
5631 ret = KMF_ERR_VALIDITY_PERIOD;
5632 goto cleanup;
5633 }
5634 if (X509_CRL_get0_nextUpdate(xcrl)) {
5635 i = X509_cmp_time(X509_CRL_get0_nextUpdate(xcrl), NULL);
5636
5637 if (i <= 0) {
5638 ret = KMF_ERR_VALIDITY_PERIOD;
5639 goto cleanup;
5640 }
5641 }
5642
5643 ret = KMF_OK;
5644
5645 cleanup:
5646 if (bcrl != NULL)
5647 (void) BIO_free(bcrl);
5648
5649 if (xcrl != NULL)
5650 X509_CRL_free(xcrl);
5651
5652 return (ret);
5653 }
|