aws · samuel40791765 · Apr 10, 2024 · Mar 21, 2024 · Mar 28, 2024 · Mar 28, 2024
@@ -39,6 +39,7 @@ X509,137,SIGNATURE_ALGORITHM_MISMATCH
 X509,128,UNKNOWN_KEY_TYPE
 X509,129,UNKNOWN_NID
 X509,130,UNKNOWN_PURPOSE_ID
+X509,145,UNKNOWN_SIGID_ALGS
 X509,131,UNKNOWN_TRUST_ID
 X509,132,UNSUPPORTED_ALGORITHM
 X509,133,WRONG_LOOKUP_TYPE

@@ -139,10 +139,21 @@ typedef struct {
 // an |X509_NAME|.
 DECLARE_ASN1_FUNCTIONS(X509_CINF)
 
+struct x509_sig_info_st {
+  // NID of message digest.
+  int digest_nid;
+  // NID of public key algorithm.
+  int pubkey_nid;
+  // Security bits.
+  int sec_bits;
+  uint32_t flags;
+} /* X509_SIG_INFO */;
+
 struct x509_st {
   X509_CINF *cert_info;
   X509_ALGOR *sig_alg;
   ASN1_BIT_STRING *signature;
+  X509_SIG_INFO sig_info;
   CRYPTO_refcount_t references;
   CRYPTO_EX_DATA ex_data;
   // These contain copies of various extension values
@@ -341,9 +352,9 @@ struct x509_store_ctx_st {
   X509_STORE_CTX_cleanup_fn cleanup;
 
   // The following is built up
-  int valid;               // if 0, rebuild chain
-  int last_untrusted;      // index of last untrusted cert
-  STACK_OF(X509) *chain;   // chain of X509s - built up and trusted
+  int valid;              // if 0, rebuild chain
+  int last_untrusted;     // index of last untrusted cert
+  STACK_OF(X509) *chain;  // chain of X509s - built up and trusted
 
   // When something goes wrong, this is why
   int error_depth;
@@ -409,6 +420,9 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor);
 int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
                             EVP_PKEY *pkey);
 
+// x509_init_signature_info initializes the signature info for |x509|.
+int x509_init_signature_info(X509 *x509);
+
 
 // Path-building functions.
 

@@ -60,7 +60,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
+#include "../x509v3/internal.h"
 #include "internal.h"
+#include "openssl/x509v3.h"
 
 
 long X509_get_version(const X509 *x509) {
@@ -238,3 +240,72 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) {
 X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509) {
   return x509->cert_info->key;
 }
+
+static int X509_SIG_INFO_get(const X509_SIG_INFO *sig_info, int *digest_nid,
+                             int *pubkey_nid, int *sec_bits, uint32_t *flags) {
+  if (digest_nid != NULL) {
+    *digest_nid = sig_info->digest_nid;
+  }
+  if (pubkey_nid != NULL) {
+    *pubkey_nid = sig_info->pubkey_nid;
+  }
+  if (sec_bits != NULL) {
+    *sec_bits = sig_info->sec_bits;
+  }
+  if (flags != NULL) {
+    *flags = sig_info->flags;
+  }
+  return (sig_info->flags & X509_SIG_INFO_VALID) != 0;
+}
+
+int X509_get_signature_info(X509 *x509, int *digest_nid, int *pubkey_nid,
+                            int *sec_bits, uint32_t *flags) {
+  if (x509 == NULL) {
+    OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
+  // The return value of |x509v3_cache_extensions| is not checked because
+  // |X509_get_signature_info|'s function contract does not encapsulate failures
+  // if any invalid extensions do exist.
+  x509v3_cache_extensions(x509);
+  return X509_SIG_INFO_get(&x509->sig_info, digest_nid, pubkey_nid, sec_bits,
+                           flags);
+}
+
+int x509_init_signature_info(X509 *x509) {
+  int pubkey_nid, digest_nid;
+  const EVP_MD *md;
+
+  x509->sig_info.digest_nid = NID_undef;
+  x509->sig_info.pubkey_nid = NID_undef;
+  x509->sig_info.sec_bits = -1;
+  x509->sig_info.flags = 0;
+  if (!OBJ_find_sigid_algs(OBJ_obj2nid(x509->sig_alg->algorithm), &digest_nid,
+                           &pubkey_nid) ||
+      pubkey_nid == NID_undef) {
+    OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_SIGID_ALGS);
+    return 0;
+  }
+  x509->sig_info.pubkey_nid = pubkey_nid;
+  x509->sig_info.digest_nid = digest_nid;
+  x509->sig_info.flags |= X509_SIG_INFO_VALID;
+
+  md = EVP_get_digestbynid(digest_nid);
+  if (md == NULL) {
+    // Some valid signature algorithms have an undefined digest. See
+    // crypto/obj/obj_xref.c.
+    return 1;
+  }
+  // Security bits: half number of bits in digest.
+  x509->sig_info.sec_bits = (int)EVP_MD_size(md) * 4;
+
+  switch (digest_nid) {
+    case NID_sha1:
+    case NID_sha256:
+    case NID_sha384:
+    case NID_sha512:
+      x509->sig_info.flags |= X509_SIG_INFO_TLS;
+  }
+  return 1;
+}
@@ -7049,3 +7049,34 @@ TEST(X509Test, GetTextByOBJ) {
     }
   }
 }
+
+TEST(X509Test, GetSigInfo) {
+  bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
+  ASSERT_TRUE(cert);
+
+  int digest_nid, pubkey_nid, sec_bits;
+  uint32_t flags;
+  EXPECT_TRUE(X509_get_signature_info(cert.get(), &digest_nid, &pubkey_nid,
+                                      &sec_bits, &flags));
+
+  EXPECT_EQ(digest_nid, NID_sha256);
+  EXPECT_EQ(pubkey_nid, NID_rsaEncryption);
+  EXPECT_EQ(sec_bits, (int)EVP_MD_size(EVP_sha256()) * 4);
+  EXPECT_TRUE(flags & (X509_SIG_INFO_VALID | X509_SIG_INFO_TLS));
+
+  cert = CertFromPEM(kEd25519Cert);
+  EXPECT_TRUE(X509_get_signature_info(cert.get(), &digest_nid, &pubkey_nid,
+                                      &sec_bits, &flags));
+  EXPECT_EQ(digest_nid, NID_undef);
+  EXPECT_EQ(pubkey_nid, NID_ED25519);
+  EXPECT_EQ(sec_bits, -1);
+  EXPECT_TRUE(flags & X509_SIG_INFO_VALID);
+
+  cert = CertFromPEM(kExampleRsassaPssCert);
+  EXPECT_TRUE(X509_get_signature_info(cert.get(), &digest_nid, &pubkey_nid,
+                                      &sec_bits, &flags));
+  EXPECT_EQ(digest_nid, NID_undef);
+  EXPECT_EQ(pubkey_nid, NID_rsaEncryption);
+  EXPECT_EQ(sec_bits, -1);
+  EXPECT_TRUE(flags & X509_SIG_INFO_VALID);
+}
@@ -132,7 +132,9 @@ static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) {
 
 // As much as I'd like to make X509_check_purpose use a "const" X509* I
 // really can't because it does recalculate hashes and do other non-const
-// things.
+// things. If |id| is -1 it just calls |x509v3_cache_extensions| for its
+// side-effect.
+// Returns 1 on success, 0 if x does not allow purpose, -1 on (internal) error.
 int X509_check_purpose(X509 *x, int id, int ca) {
   int idx;
   const X509_PURPOSE *pt;
@@ -565,6 +567,9 @@ int x509v3_cache_extensions(X509 *x) {
       break;
     }
   }
+  if (!x509_init_signature_info(x)) {
+    x->ex_flags |= EXFLAG_INVALID;
+  }
   x->ex_flags |= EXFLAG_SET;
 
   CRYPTO_MUTEX_unlock_write(&x->lock);

@@ -233,9 +233,9 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x2c403998,
     0x2c4093a9,
     0x2c4139a9,
-    0x2c41b9bc,
+    0x2c41b9cf,
     0x2c42136f,
-    0x2c42b9cd,
+    0x2c42b9e0,
     0x2c43076d,
     0x2c43b8b3,
     0x2c4437fb,
@@ -247,6 +247,7 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x2c4738ea,
     0x2c47b923,
     0x2c48380d,
+    0x2c48b9bc,
     0x30320000,
     0x30328015,
     0x3033001f,
@@ -705,71 +706,71 @@ const uint32_t kOpenSSLReasonValues[] = {
     0x4c4197bc,
     0x4c421925,
     0x4c429704,
-    0x503239df,
-    0x5032b9ee,
-    0x503339f9,
-    0x5033ba09,
-    0x50343a22,
-    0x5034ba3c,
-    0x50353a4a,
-    0x5035ba60,
-    0x50363a72,
-    0x5036ba88,
-    0x50373aa1,
-    0x5037bab4,
-    0x50383acc,
-    0x5038badd,
-    0x50393af2,
-    0x5039bb06,
-    0x503a3b26,
-    0x503abb3c,
-    0x503b3b54,
-    0x503bbb66,
-    0x503c3b82,
-    0x503cbb99,
-    0x503d3bb2,
-    0x503dbbc8,
-    0x503e3bd5,
-    0x503ebbeb,
-    0x503f3bfd,
+    0x503239f2,
+    0x5032ba01,
+    0x50333a0c,
+    0x5033ba1c,
+    0x50343a35,
+    0x5034ba4f,
+    0x50353a5d,
+    0x5035ba73,
+    0x50363a85,
+    0x5036ba9b,
+    0x50373ab4,
+    0x5037bac7,
+    0x50383adf,
+    0x5038baf0,
+    0x50393b05,
+    0x5039bb19,
+    0x503a3b39,
+    0x503abb4f,
+    0x503b3b67,
+    0x503bbb79,
+    0x503c3b95,
+    0x503cbbac,
+    0x503d3bc5,
+    0x503dbbdb,
+    0x503e3be8,
+    0x503ebbfe,
+    0x503f3c10,
     0x503f83b3,
-    0x50403c10,
-    0x5040bc20,
-    0x50413c3a,
-    0x5041bc49,
-    0x50423c63,
-    0x5042bc80,
-    0x50433c90,
-    0x5043bca0,
-    0x50443cbd,
+    0x50403c23,
+    0x5040bc33,
+    0x50413c4d,
+    0x5041bc5c,
+    0x50423c76,
+    0x5042bc93,
+    0x50433ca3,
+    0x5043bcb3,
+    0x50443cd0,
     0x50448469,
-    0x50453cd1,
-    0x5045bcef,
-    0x50463d02,
-    0x5046bd18,
-    0x50473d2a,
-    0x5047bd3f,
-    0x50483d65,
-    0x5048bd73,
-    0x50493d86,
-    0x5049bd9b,
-    0x504a3db1,
-    0x504abdc1,
-    0x504b3de1,
-    0x504bbdf4,
-    0x504c3e17,
-    0x504cbe45,
-    0x504d3e72,
-    0x504dbe8f,
-    0x504e3eaa,
-    0x504ebec6,
-    0x504f3ed8,
-    0x504fbeef,
-    0x50503efe,
+    0x50453ce4,
+    0x5045bd02,
+    0x50463d15,
+    0x5046bd2b,
+    0x50473d3d,
+    0x5047bd52,
+    0x50483d78,
+    0x5048bd86,
+    0x50493d99,
+    0x5049bdae,
+    0x504a3dc4,
+    0x504abdd4,
+    0x504b3df4,
+    0x504bbe07,
+    0x504c3e2a,
+    0x504cbe58,
+    0x504d3e85,
+    0x504dbea2,
+    0x504e3ebd,
+    0x504ebed9,
+    0x504f3eeb,
+    0x504fbf02,
+    0x50503f11,
     0x50508729,
-    0x50513f11,
-    0x5051bcaf,
-    0x50523e57,
+    0x50513f24,
+    0x5051bcc2,
+    0x50523e6a,
     0x583210b7,
     0x5c3293b5,
     0x5c3313ce,
@@ -1534,6 +1535,7 @@ const char kOpenSSLReasonStringData[] =
     "SIGNATURE_ALGORITHM_MISMATCH\0"
     "UNKNOWN_KEY_TYPE\0"
     "UNKNOWN_PURPOSE_ID\0"
+    "UNKNOWN_SIGID_ALGS\0"
     "UNKNOWN_TRUST_ID\0"
     "WRONG_LOOKUP_TYPE\0"
     "BAD_IP_ADDRESS\0"

@@ -300,6 +300,7 @@ typedef struct X509_name_entry_st X509_NAME_ENTRY;
 typedef struct X509_name_st X509_NAME;
 typedef struct X509_pubkey_st X509_PUBKEY;
 typedef struct X509_req_st X509_REQ;
+typedef struct x509_sig_info_st X509_SIG_INFO;
 typedef struct X509_sig_st X509_SIG;
 typedef struct bignum_ctx BN_CTX;
 typedef struct bignum_st BIGNUM;