1 /* 2 * SSL/TLS interface functions for OpenSSL - BoringSSL OCSP 3 * Copyright (c) 2004-2015, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include <openssl/ssl.h> 12 #include <openssl/err.h> 13 #include <openssl/x509v3.h> 14 #ifdef OPENSSL_IS_BORINGSSL 15 #include <openssl/asn1.h> 16 #include <openssl/asn1t.h> 17 #endif /* OPENSSL_IS_BORINGSSL */ 18 19 #include "common.h" 20 #include "tls_openssl.h" 21 22 23 #ifdef OPENSSL_IS_BORINGSSL 24 25 static void tls_show_errors(int level, const char *func, const char *txt) 26 { 27 unsigned long err; 28 29 wpa_printf(level, "OpenSSL: %s - %s %s", 30 func, txt, ERR_error_string(ERR_get_error(), NULL)); 31 32 while ((err = ERR_get_error())) { 33 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", 34 ERR_error_string(err, NULL)); 35 } 36 } 37 38 39 /* 40 * CertID ::= SEQUENCE { 41 * hashAlgorithm AlgorithmIdentifier, 42 * issuerNameHash OCTET STRING, -- Hash of Issuer's DN 43 * issuerKeyHash OCTET STRING, -- Hash of Issuer's public key 44 * serialNumber CertificateSerialNumber } 45 */ 46 typedef struct { 47 X509_ALGOR *hashAlgorithm; 48 ASN1_OCTET_STRING *issuerNameHash; 49 ASN1_OCTET_STRING *issuerKeyHash; 50 ASN1_INTEGER *serialNumber; 51 } CertID; 52 53 /* 54 * ResponseBytes ::= SEQUENCE { 55 * responseType OBJECT IDENTIFIER, 56 * response OCTET STRING } 57 */ 58 typedef struct { 59 ASN1_OBJECT *responseType; 60 ASN1_OCTET_STRING *response; 61 } ResponseBytes; 62 63 /* 64 * OCSPResponse ::= SEQUENCE { 65 * responseStatus OCSPResponseStatus, 66 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 67 */ 68 typedef struct { 69 ASN1_ENUMERATED *responseStatus; 70 ResponseBytes *responseBytes; 71 } OCSPResponse; 72 73 ASN1_SEQUENCE(ResponseBytes) = { 74 ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT), 75 ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING) 76 } ASN1_SEQUENCE_END(ResponseBytes); 77 78 ASN1_SEQUENCE(OCSPResponse) = { 79 ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED), 80 ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0) 81 } ASN1_SEQUENCE_END(OCSPResponse); 82 83 IMPLEMENT_ASN1_FUNCTIONS(OCSPResponse); 84 85 /* 86 * ResponderID ::= CHOICE { 87 * byName [1] Name, 88 * byKey [2] KeyHash } 89 */ 90 typedef struct { 91 int type; 92 union { 93 X509_NAME *byName; 94 ASN1_OCTET_STRING *byKey; 95 } value; 96 } ResponderID; 97 98 /* 99 * RevokedInfo ::= SEQUENCE { 100 * revocationTime GeneralizedTime, 101 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 102 */ 103 typedef struct { 104 ASN1_GENERALIZEDTIME *revocationTime; 105 ASN1_ENUMERATED *revocationReason; 106 } RevokedInfo; 107 108 /* 109 * CertStatus ::= CHOICE { 110 * good [0] IMPLICIT NULL, 111 * revoked [1] IMPLICIT RevokedInfo, 112 * unknown [2] IMPLICIT UnknownInfo } 113 */ 114 typedef struct { 115 int type; 116 union { 117 ASN1_NULL *good; 118 RevokedInfo *revoked; 119 ASN1_NULL *unknown; 120 } value; 121 } CertStatus; 122 123 /* 124 * SingleResponse ::= SEQUENCE { 125 * certID CertID, 126 * certStatus CertStatus, 127 * thisUpdate GeneralizedTime, 128 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 129 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 130 */ 131 typedef struct { 132 CertID *certID; 133 CertStatus *certStatus; 134 ASN1_GENERALIZEDTIME *thisUpdate; 135 ASN1_GENERALIZEDTIME *nextUpdate; 136 STACK_OF(X509_EXTENSION) *singleExtensions; 137 } SingleResponse; 138 139 /* 140 * ResponseData ::= SEQUENCE { 141 * version [0] EXPLICIT Version DEFAULT v1, 142 * responderID ResponderID, 143 * producedAt GeneralizedTime, 144 * responses SEQUENCE OF SingleResponse, 145 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 146 */ 147 typedef struct { 148 ASN1_INTEGER *version; 149 ResponderID *responderID; 150 ASN1_GENERALIZEDTIME *producedAt; 151 STACK_OF(SingleResponse) *responses; 152 STACK_OF(X509_EXTENSION) *responseExtensions; 153 } ResponseData; 154 155 /* 156 * BasicOCSPResponse ::= SEQUENCE { 157 * tbsResponseData ResponseData, 158 * signatureAlgorithm AlgorithmIdentifier, 159 * signature BIT STRING, 160 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 161 */ 162 typedef struct { 163 ResponseData *tbsResponseData; 164 X509_ALGOR *signatureAlgorithm; 165 ASN1_BIT_STRING *signature; 166 STACK_OF(X509) *certs; 167 } BasicOCSPResponse; 168 169 ASN1_SEQUENCE(CertID) = { 170 ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR), 171 ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING), 172 ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING), 173 ASN1_SIMPLE(CertID, serialNumber, ASN1_INTEGER) 174 } ASN1_SEQUENCE_END(CertID); 175 176 ASN1_CHOICE(ResponderID) = { 177 ASN1_EXP(ResponderID, value.byName, X509_NAME, 1), 178 ASN1_EXP(ResponderID, value.byKey, ASN1_OCTET_STRING, 2) 179 } ASN1_CHOICE_END(ResponderID); 180 181 ASN1_SEQUENCE(RevokedInfo) = { 182 ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME), 183 ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0) 184 } ASN1_SEQUENCE_END(RevokedInfo); 185 186 ASN1_CHOICE(CertStatus) = { 187 ASN1_IMP(CertStatus, value.good, ASN1_NULL, 0), 188 ASN1_IMP(CertStatus, value.revoked, RevokedInfo, 1), 189 ASN1_IMP(CertStatus, value.unknown, ASN1_NULL, 2) 190 } ASN1_CHOICE_END(CertStatus); 191 192 ASN1_SEQUENCE(SingleResponse) = { 193 ASN1_SIMPLE(SingleResponse, certID, CertID), 194 ASN1_SIMPLE(SingleResponse, certStatus, CertStatus), 195 ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME), 196 ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0), 197 ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, 198 X509_EXTENSION, 1) 199 } ASN1_SEQUENCE_END(SingleResponse); 200 201 ASN1_SEQUENCE(ResponseData) = { 202 ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0), 203 ASN1_SIMPLE(ResponseData, responderID, ResponderID), 204 ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME), 205 ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse), 206 ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, 207 X509_EXTENSION, 1) 208 } ASN1_SEQUENCE_END(ResponseData); 209 210 ASN1_SEQUENCE(BasicOCSPResponse) = { 211 ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData), 212 ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR), 213 ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING), 214 ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0) 215 } ASN1_SEQUENCE_END(BasicOCSPResponse); 216 217 IMPLEMENT_ASN1_FUNCTIONS(BasicOCSPResponse); 218 219 #define sk_SingleResponse_num(sk) \ 220 sk_num(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk)) 221 222 #define sk_SingleResponse_value(sk, i) \ 223 ((SingleResponse *) \ 224 sk_value(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk), (i))) 225 226 227 static char * mem_bio_to_str(BIO *out) 228 { 229 char *txt; 230 size_t rlen; 231 int res; 232 233 rlen = BIO_ctrl_pending(out); 234 txt = os_malloc(rlen + 1); 235 if (!txt) { 236 BIO_free(out); 237 return NULL; 238 } 239 240 res = BIO_read(out, txt, rlen); 241 BIO_free(out); 242 if (res < 0) { 243 os_free(txt); 244 return NULL; 245 } 246 247 txt[res] = '\0'; 248 return txt; 249 } 250 251 252 static char * generalizedtime_str(ASN1_GENERALIZEDTIME *t) 253 { 254 BIO *out; 255 256 out = BIO_new(BIO_s_mem()); 257 if (!out) 258 return NULL; 259 260 if (!ASN1_GENERALIZEDTIME_print(out, t)) { 261 BIO_free(out); 262 return NULL; 263 } 264 265 return mem_bio_to_str(out); 266 } 267 268 269 static char * responderid_str(ResponderID *rid) 270 { 271 BIO *out; 272 273 out = BIO_new(BIO_s_mem()); 274 if (!out) 275 return NULL; 276 277 switch (rid->type) { 278 case 0: 279 X509_NAME_print_ex(out, rid->value.byName, 0, XN_FLAG_ONELINE); 280 break; 281 case 1: 282 i2a_ASN1_STRING(out, rid->value.byKey, V_ASN1_OCTET_STRING); 283 break; 284 default: 285 BIO_free(out); 286 return NULL; 287 } 288 289 return mem_bio_to_str(out); 290 } 291 292 293 static char * octet_string_str(ASN1_OCTET_STRING *o) 294 { 295 BIO *out; 296 297 out = BIO_new(BIO_s_mem()); 298 if (!out) 299 return NULL; 300 301 i2a_ASN1_STRING(out, o, V_ASN1_OCTET_STRING); 302 return mem_bio_to_str(out); 303 } 304 305 306 static char * integer_str(ASN1_INTEGER *i) 307 { 308 BIO *out; 309 310 out = BIO_new(BIO_s_mem()); 311 if (!out) 312 return NULL; 313 314 i2a_ASN1_INTEGER(out, i); 315 return mem_bio_to_str(out); 316 } 317 318 319 static char * algor_str(X509_ALGOR *alg) 320 { 321 BIO *out; 322 323 out = BIO_new(BIO_s_mem()); 324 if (!out) 325 return NULL; 326 327 i2a_ASN1_OBJECT(out, alg->algorithm); 328 return mem_bio_to_str(out); 329 } 330 331 332 static char * extensions_str(const char *title, STACK_OF(X509_EXTENSION) *ext) 333 { 334 BIO *out; 335 336 if (!ext) 337 return NULL; 338 339 out = BIO_new(BIO_s_mem()); 340 if (!out) 341 return NULL; 342 343 if (!X509V3_extensions_print(out, title, ext, 0, 0)) { 344 BIO_free(out); 345 return NULL; 346 } 347 return mem_bio_to_str(out); 348 } 349 350 351 static int ocsp_resp_valid(ASN1_GENERALIZEDTIME *thisupd, 352 ASN1_GENERALIZEDTIME *nextupd) 353 { 354 time_t now, tmp; 355 356 if (!ASN1_GENERALIZEDTIME_check(thisupd)) { 357 wpa_printf(MSG_DEBUG, 358 "OpenSSL: Invalid OCSP response thisUpdate"); 359 return 0; 360 } 361 362 time(&now); 363 tmp = now + 5 * 60; /* allow five minute clock difference */ 364 if (X509_cmp_time(thisupd, &tmp) > 0) { 365 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response not yet valid"); 366 return 0; 367 } 368 369 if (!nextupd) 370 return 1; /* OK - no limit on response age */ 371 372 if (!ASN1_GENERALIZEDTIME_check(nextupd)) { 373 wpa_printf(MSG_DEBUG, 374 "OpenSSL: Invalid OCSP response nextUpdate"); 375 return 0; 376 } 377 378 tmp = now - 5 * 60; /* allow five minute clock difference */ 379 if (X509_cmp_time(nextupd, &tmp) < 0) { 380 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response expired"); 381 return 0; 382 } 383 384 if (ASN1_STRING_cmp(nextupd, thisupd) < 0) { 385 wpa_printf(MSG_DEBUG, 386 "OpenSSL: OCSP response nextUpdate before thisUpdate"); 387 return 0; 388 } 389 390 /* Both thisUpdate and nextUpdate are valid */ 391 return -1; 392 } 393 394 395 static int issuer_match(X509 *cert, X509 *issuer, CertID *certid) 396 { 397 X509_NAME *iname; 398 ASN1_BIT_STRING *ikey; 399 const EVP_MD *dgst; 400 unsigned int len; 401 unsigned char md[EVP_MAX_MD_SIZE]; 402 ASN1_OCTET_STRING *hash; 403 char *txt; 404 405 dgst = EVP_get_digestbyobj(certid->hashAlgorithm->algorithm); 406 if (!dgst) { 407 wpa_printf(MSG_DEBUG, 408 "OpenSSL: Could not find matching hash algorithm for OCSP"); 409 return -1; 410 } 411 412 iname = X509_get_issuer_name(cert); 413 if (!X509_NAME_digest(iname, dgst, md, &len)) 414 return -1; 415 hash = ASN1_OCTET_STRING_new(); 416 if (!hash) 417 return -1; 418 if (!ASN1_OCTET_STRING_set(hash, md, len)) { 419 ASN1_OCTET_STRING_free(hash); 420 return -1; 421 } 422 423 txt = octet_string_str(hash); 424 if (txt) { 425 wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerNameHash: %s", 426 txt); 427 os_free(txt); 428 } 429 430 if (ASN1_OCTET_STRING_cmp(certid->issuerNameHash, hash)) { 431 ASN1_OCTET_STRING_free(hash); 432 return -1; 433 } 434 435 ikey = X509_get0_pubkey_bitstr(issuer); 436 if (!ikey || 437 !EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) || 438 !ASN1_OCTET_STRING_set(hash, md, len)) { 439 ASN1_OCTET_STRING_free(hash); 440 return -1; 441 } 442 443 txt = octet_string_str(hash); 444 if (txt) { 445 wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerKeyHash: %s", 446 txt); 447 os_free(txt); 448 } 449 450 if (ASN1_OCTET_STRING_cmp(certid->issuerKeyHash, hash)) { 451 ASN1_OCTET_STRING_free(hash); 452 return -1; 453 } 454 455 ASN1_OCTET_STRING_free(hash); 456 return 0; 457 } 458 459 460 static X509 * ocsp_find_signer(STACK_OF(X509) *certs, ResponderID *rid) 461 { 462 unsigned int i; 463 unsigned char hash[SHA_DIGEST_LENGTH]; 464 465 if (rid->type == 0) { 466 /* byName */ 467 return X509_find_by_subject(certs, rid->value.byName); 468 } 469 470 /* byKey */ 471 if (rid->value.byKey->length != SHA_DIGEST_LENGTH) 472 return NULL; 473 for (i = 0; i < sk_X509_num(certs); i++) { 474 X509 *x = sk_X509_value(certs, i); 475 476 X509_pubkey_digest(x, EVP_sha1(), hash, NULL); 477 if (os_memcmp(rid->value.byKey->data, hash, 478 SHA_DIGEST_LENGTH) == 0) 479 return x; 480 } 481 482 return NULL; 483 } 484 485 486 enum ocsp_result check_ocsp_resp(SSL_CTX *ssl_ctx, SSL *ssl, X509 *cert, 487 X509 *issuer, X509 *issuer_issuer) 488 { 489 const uint8_t *resp_data; 490 size_t resp_len; 491 OCSPResponse *resp; 492 int status; 493 ResponseBytes *bytes; 494 const u8 *basic_data; 495 size_t basic_len; 496 BasicOCSPResponse *basic; 497 ResponseData *rd; 498 char *txt; 499 int i, num; 500 unsigned int j, num_resp; 501 SingleResponse *matching_resp = NULL, *cmp_sresp; 502 enum ocsp_result result = OCSP_INVALID; 503 X509_STORE *store; 504 STACK_OF(X509) *untrusted = NULL, *certs = NULL, *chain = NULL; 505 X509_STORE_CTX ctx; 506 X509 *signer, *tmp_cert; 507 int signer_trusted = 0; 508 EVP_PKEY *skey; 509 int ret; 510 char buf[256]; 511 512 txt = integer_str(X509_get_serialNumber(cert)); 513 if (txt) { 514 wpa_printf(MSG_DEBUG, 515 "OpenSSL: Searching OCSP response for peer certificate serialNumber: %s", txt); 516 os_free(txt); 517 } 518 519 SSL_get0_ocsp_response(ssl, &resp_data, &resp_len); 520 if (resp_data == NULL || resp_len == 0) { 521 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received"); 522 return OCSP_NO_RESPONSE; 523 } 524 525 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", resp_data, resp_len); 526 527 resp = d2i_OCSPResponse(NULL, &resp_data, resp_len); 528 if (!resp) { 529 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSPResponse"); 530 return OCSP_INVALID; 531 } 532 533 status = ASN1_ENUMERATED_get(resp->responseStatus); 534 if (status != 0) { 535 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d", 536 status); 537 return OCSP_INVALID; 538 } 539 540 bytes = resp->responseBytes; 541 542 if (!bytes || 543 OBJ_obj2nid(bytes->responseType) != NID_id_pkix_OCSP_basic) { 544 wpa_printf(MSG_INFO, 545 "OpenSSL: Could not find BasicOCSPResponse"); 546 return OCSP_INVALID; 547 } 548 549 basic_data = ASN1_STRING_data(bytes->response); 550 basic_len = ASN1_STRING_length(bytes->response); 551 wpa_hexdump(MSG_DEBUG, "OpenSSL: BasicOCSPResponse", 552 basic_data, basic_len); 553 554 basic = d2i_BasicOCSPResponse(NULL, &basic_data, basic_len); 555 if (!basic) { 556 wpa_printf(MSG_INFO, 557 "OpenSSL: Could not parse BasicOCSPResponse"); 558 OCSPResponse_free(resp); 559 return OCSP_INVALID; 560 } 561 562 rd = basic->tbsResponseData; 563 564 if (basic->certs) { 565 untrusted = sk_X509_dup(basic->certs); 566 if (!untrusted) 567 goto fail; 568 569 num = sk_X509_num(basic->certs); 570 for (i = 0; i < num; i++) { 571 X509 *extra_cert; 572 573 extra_cert = sk_X509_value(basic->certs, i); 574 X509_NAME_oneline(X509_get_subject_name(extra_cert), 575 buf, sizeof(buf)); 576 wpa_printf(MSG_DEBUG, 577 "OpenSSL: BasicOCSPResponse cert %s", buf); 578 579 if (!sk_X509_push(untrusted, extra_cert)) { 580 wpa_printf(MSG_DEBUG, 581 "OpenSSL: Could not add certificate to the untrusted stack"); 582 } 583 } 584 } 585 586 store = SSL_CTX_get_cert_store(ssl_ctx); 587 if (issuer) { 588 if (X509_STORE_add_cert(store, issuer) != 1) { 589 tls_show_errors(MSG_INFO, __func__, 590 "OpenSSL: Could not add issuer to certificate store"); 591 } 592 certs = sk_X509_new_null(); 593 if (certs) { 594 tmp_cert = X509_dup(issuer); 595 if (tmp_cert && !sk_X509_push(certs, tmp_cert)) { 596 tls_show_errors( 597 MSG_INFO, __func__, 598 "OpenSSL: Could not add issuer to OCSP responder trust store"); 599 X509_free(tmp_cert); 600 sk_X509_free(certs); 601 certs = NULL; 602 } 603 if (certs && issuer_issuer) { 604 tmp_cert = X509_dup(issuer_issuer); 605 if (tmp_cert && 606 !sk_X509_push(certs, tmp_cert)) { 607 tls_show_errors( 608 MSG_INFO, __func__, 609 "OpenSSL: Could not add issuer's issuer to OCSP responder trust store"); 610 X509_free(tmp_cert); 611 } 612 } 613 } 614 } 615 616 signer = ocsp_find_signer(certs, rd->responderID); 617 if (!signer) 618 signer = ocsp_find_signer(untrusted, rd->responderID); 619 else 620 signer_trusted = 1; 621 if (!signer) { 622 wpa_printf(MSG_DEBUG, 623 "OpenSSL: Could not find OCSP signer certificate"); 624 goto fail; 625 } 626 627 skey = X509_get_pubkey(signer); 628 if (!skey) { 629 wpa_printf(MSG_DEBUG, 630 "OpenSSL: Could not get OCSP signer public key"); 631 goto fail; 632 } 633 if (ASN1_item_verify(ASN1_ITEM_rptr(ResponseData), 634 basic->signatureAlgorithm, basic->signature, 635 basic->tbsResponseData, skey) <= 0) { 636 wpa_printf(MSG_DEBUG, 637 "OpenSSL: BasicOCSPResponse signature is invalid"); 638 goto fail; 639 } 640 641 X509_NAME_oneline(X509_get_subject_name(signer), buf, sizeof(buf)); 642 wpa_printf(MSG_DEBUG, 643 "OpenSSL: Found OCSP signer certificate %s and verified BasicOCSPResponse signature", 644 buf); 645 646 if (!X509_STORE_CTX_init(&ctx, store, signer, untrusted)) 647 goto fail; 648 X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); 649 ret = X509_verify_cert(&ctx); 650 chain = X509_STORE_CTX_get1_chain(&ctx); 651 X509_STORE_CTX_cleanup(&ctx); 652 if (ret <= 0) { 653 wpa_printf(MSG_DEBUG, 654 "OpenSSL: Could not validate OCSP signer certificate"); 655 goto fail; 656 } 657 658 if (!chain || sk_X509_num(chain) <= 0) { 659 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP signer chain found"); 660 goto fail; 661 } 662 663 if (!signer_trusted) { 664 X509_check_purpose(signer, -1, 0); 665 if ((signer->ex_flags & EXFLAG_XKUSAGE) && 666 (signer->ex_xkusage & XKU_OCSP_SIGN)) { 667 wpa_printf(MSG_DEBUG, 668 "OpenSSL: OCSP signer certificate delegation OK"); 669 } else { 670 tmp_cert = sk_X509_value(chain, sk_X509_num(chain) - 1); 671 if (X509_check_trust(tmp_cert, NID_OCSP_sign, 0) != 672 X509_TRUST_TRUSTED) { 673 wpa_printf(MSG_DEBUG, 674 "OpenSSL: OCSP signer certificate not trusted"); 675 result = OCSP_NO_RESPONSE; 676 goto fail; 677 } 678 } 679 } 680 681 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP version: %lu", 682 ASN1_INTEGER_get(rd->version)); 683 684 txt = responderid_str(rd->responderID); 685 if (txt) { 686 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP responderID: %s", 687 txt); 688 os_free(txt); 689 } 690 691 txt = generalizedtime_str(rd->producedAt); 692 if (txt) { 693 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP producedAt: %s", 694 txt); 695 os_free(txt); 696 } 697 698 num_resp = sk_SingleResponse_num(rd->responses); 699 if (num_resp == 0) { 700 wpa_printf(MSG_DEBUG, 701 "OpenSSL: No OCSP SingleResponse within BasicOCSPResponse"); 702 result = OCSP_NO_RESPONSE; 703 goto fail; 704 } 705 cmp_sresp = sk_SingleResponse_value(rd->responses, 0); 706 for (j = 0; j < num_resp; j++) { 707 SingleResponse *sresp; 708 CertID *cid1, *cid2; 709 710 sresp = sk_SingleResponse_value(rd->responses, j); 711 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP SingleResponse %u/%u", 712 j + 1, num_resp); 713 714 txt = algor_str(sresp->certID->hashAlgorithm); 715 if (txt) { 716 wpa_printf(MSG_DEBUG, 717 "OpenSSL: certID hashAlgorithm: %s", txt); 718 os_free(txt); 719 } 720 721 txt = octet_string_str(sresp->certID->issuerNameHash); 722 if (txt) { 723 wpa_printf(MSG_DEBUG, 724 "OpenSSL: certID issuerNameHash: %s", txt); 725 os_free(txt); 726 } 727 728 txt = octet_string_str(sresp->certID->issuerKeyHash); 729 if (txt) { 730 wpa_printf(MSG_DEBUG, 731 "OpenSSL: certID issuerKeyHash: %s", txt); 732 os_free(txt); 733 } 734 735 txt = integer_str(sresp->certID->serialNumber); 736 if (txt) { 737 wpa_printf(MSG_DEBUG, 738 "OpenSSL: certID serialNumber: %s", txt); 739 os_free(txt); 740 } 741 742 switch (sresp->certStatus->type) { 743 case 0: 744 wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: good"); 745 break; 746 case 1: 747 wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: revoked"); 748 break; 749 default: 750 wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: unknown"); 751 break; 752 } 753 754 txt = generalizedtime_str(sresp->thisUpdate); 755 if (txt) { 756 wpa_printf(MSG_DEBUG, "OpenSSL: thisUpdate: %s", txt); 757 os_free(txt); 758 } 759 760 if (sresp->nextUpdate) { 761 txt = generalizedtime_str(sresp->nextUpdate); 762 if (txt) { 763 wpa_printf(MSG_DEBUG, "OpenSSL: nextUpdate: %s", 764 txt); 765 os_free(txt); 766 } 767 } 768 769 txt = extensions_str("singleExtensions", 770 sresp->singleExtensions); 771 if (txt) { 772 wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt); 773 os_free(txt); 774 } 775 776 cid1 = cmp_sresp->certID; 777 cid2 = sresp->certID; 778 if (j > 0 && 779 (OBJ_cmp(cid1->hashAlgorithm->algorithm, 780 cid2->hashAlgorithm->algorithm) != 0 || 781 ASN1_OCTET_STRING_cmp(cid1->issuerNameHash, 782 cid2->issuerNameHash) != 0 || 783 ASN1_OCTET_STRING_cmp(cid1->issuerKeyHash, 784 cid2->issuerKeyHash) != 0)) { 785 wpa_printf(MSG_DEBUG, 786 "OpenSSL: Different OCSP response issuer information between SingleResponse values within BasicOCSPResponse"); 787 goto fail; 788 } 789 790 if (!matching_resp && issuer && 791 ASN1_INTEGER_cmp(sresp->certID->serialNumber, 792 X509_get_serialNumber(cert)) == 0 && 793 issuer_match(cert, issuer, sresp->certID) == 0) { 794 wpa_printf(MSG_DEBUG, 795 "OpenSSL: This response matches peer certificate"); 796 matching_resp = sresp; 797 } 798 } 799 800 txt = extensions_str("responseExtensions", rd->responseExtensions); 801 if (txt) { 802 wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt); 803 os_free(txt); 804 } 805 806 if (!matching_resp) { 807 wpa_printf(MSG_DEBUG, 808 "OpenSSL: Could not find OCSP response that matches the peer certificate"); 809 result = OCSP_NO_RESPONSE; 810 goto fail; 811 } 812 813 if (!ocsp_resp_valid(matching_resp->thisUpdate, 814 matching_resp->nextUpdate)) { 815 wpa_printf(MSG_DEBUG, 816 "OpenSSL: OCSP response not valid at this time"); 817 goto fail; 818 } 819 820 if (matching_resp->certStatus->type == 1) { 821 wpa_printf(MSG_DEBUG, 822 "OpenSSL: OCSP response indicated that the peer certificate has been revoked"); 823 result = OCSP_REVOKED; 824 goto fail; 825 } 826 827 if (matching_resp->certStatus->type != 0) { 828 wpa_printf(MSG_DEBUG, 829 "OpenSSL: OCSP response did not indicate good status"); 830 result = OCSP_NO_RESPONSE; 831 goto fail; 832 } 833 834 /* OCSP response indicated the certificate is good. */ 835 result = OCSP_GOOD; 836 fail: 837 sk_X509_pop_free(chain, X509_free); 838 sk_X509_free(untrusted); 839 sk_X509_pop_free(certs, X509_free); 840 BasicOCSPResponse_free(basic); 841 OCSPResponse_free(resp); 842 843 return result; 844 } 845 846 #endif /* OPENSSL_IS_BORINGSSL */ 847
