1 /* 2 * SSL/TLS interface functions for OpenSSL - BoringSSL OCSP 3 * Copyright (c) 2004-2015, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include <openssl/ssl.h> 12 #include <openssl/err.h> 13 #include <openssl/x509v3.h> 14 #ifdef OPENSSL_IS_BORINGSSL 15 #include <openssl/asn1.h> 16 #include <openssl/asn1t.h> 17 #endif /* OPENSSL_IS_BORINGSSL */ 18 19 #include "common.h" 20 #include "tls_openssl.h" 21 22 23 #ifdef OPENSSL_IS_BORINGSSL 24 25 static void tls_show_errors(int level, const char *func, const char *txt) 26 { 27 unsigned long err; 28 29 wpa_printf(level, "OpenSSL: %s - %s %s", 30 func, txt, ERR_error_string(ERR_get_error(), NULL)); 31 32 while ((err = ERR_get_error())) { 33 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", 34 ERR_error_string(err, NULL)); 35 } 36 } 37 38 39 /* 40 * CertID ::= SEQUENCE { 41 * hashAlgorithm AlgorithmIdentifier, 42 * issuerNameHash OCTET STRING, -- Hash of Issuer's DN 43 * issuerKeyHash OCTET STRING, -- Hash of Issuer's public key 44 * serialNumber CertificateSerialNumber } 45 */ 46 typedef struct { 47 X509_ALGOR *hashAlgorithm; 48 ASN1_OCTET_STRING *issuerNameHash; 49 ASN1_OCTET_STRING *issuerKeyHash; 50 ASN1_INTEGER *serialNumber; 51 } CertID; 52 53 /* 54 * ResponseBytes ::= SEQUENCE { 55 * responseType OBJECT IDENTIFIER, 56 * response OCTET STRING } 57 */ 58 typedef struct { 59 ASN1_OBJECT *responseType; 60 ASN1_OCTET_STRING *response; 61 } ResponseBytes; 62 63 /* 64 * OCSPResponse ::= SEQUENCE { 65 * responseStatus OCSPResponseStatus, 66 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 67 */ 68 typedef struct { 69 ASN1_ENUMERATED *responseStatus; 70 ResponseBytes *responseBytes; 71 } OCSPResponse; 72 73 ASN1_SEQUENCE(ResponseBytes) = { 74 ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT), 75 ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING) 76 } ASN1_SEQUENCE_END(ResponseBytes); 77 78 ASN1_SEQUENCE(OCSPResponse) = { 79 ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED), 80 ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0) 81 } ASN1_SEQUENCE_END(OCSPResponse); 82 83 IMPLEMENT_ASN1_FUNCTIONS(OCSPResponse); 84 85 /* 86 * ResponderID ::= CHOICE { 87 * byName [1] Name, 88 * byKey [2] KeyHash } 89 */ 90 typedef struct { 91 int type; 92 union { 93 X509_NAME *byName; 94 ASN1_OCTET_STRING *byKey; 95 } value; 96 } ResponderID; 97 98 /* 99 * RevokedInfo ::= SEQUENCE { 100 * revocationTime GeneralizedTime, 101 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 102 */ 103 typedef struct { 104 ASN1_GENERALIZEDTIME *revocationTime; 105 ASN1_ENUMERATED *revocationReason; 106 } RevokedInfo; 107 108 /* 109 * CertStatus ::= CHOICE { 110 * good [0] IMPLICIT NULL, 111 * revoked [1] IMPLICIT RevokedInfo, 112 * unknown [2] IMPLICIT UnknownInfo } 113 */ 114 typedef struct { 115 int type; 116 union { 117 ASN1_NULL *good; 118 RevokedInfo *revoked; 119 ASN1_NULL *unknown; 120 } value; 121 } CertStatus; 122 123 /* 124 * SingleResponse ::= SEQUENCE { 125 * certID CertID, 126 * certStatus CertStatus, 127 * thisUpdate GeneralizedTime, 128 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 129 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 130 */ 131 typedef struct { 132 CertID *certID; 133 CertStatus *certStatus; 134 ASN1_GENERALIZEDTIME *thisUpdate; 135 ASN1_GENERALIZEDTIME *nextUpdate; 136 STACK_OF(X509_EXTENSION) *singleExtensions; 137 } SingleResponse; 138 139 /* 140 * ResponseData ::= SEQUENCE { 141 * version [0] EXPLICIT Version DEFAULT v1, 142 * responderID ResponderID, 143 * producedAt GeneralizedTime, 144 * responses SEQUENCE OF SingleResponse, 145 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 146 */ 147 typedef struct { 148 ASN1_INTEGER *version; 149 ResponderID *responderID; 150 ASN1_GENERALIZEDTIME *producedAt; 151 STACK_OF(SingleResponse) *responses; 152 STACK_OF(X509_EXTENSION) *responseExtensions; 153 } ResponseData; 154 155 /* 156 * BasicOCSPResponse ::= SEQUENCE { 157 * tbsResponseData ResponseData, 158 * signatureAlgorithm AlgorithmIdentifier, 159 * signature BIT STRING, 160 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 161 */ 162 typedef struct { 163 ResponseData *tbsResponseData; 164 X509_ALGOR *signatureAlgorithm; 165 ASN1_BIT_STRING *signature; 166 STACK_OF(X509) *certs; 167 } BasicOCSPResponse; 168 169 ASN1_SEQUENCE(CertID) = { 170 ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR), 171 ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING), 172 ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING), 173 ASN1_SIMPLE(CertID, serialNumber, ASN1_INTEGER) 174 } ASN1_SEQUENCE_END(CertID); 175 176 ASN1_CHOICE(ResponderID) = { 177 ASN1_EXP(ResponderID, value.byName, X509_NAME, 1), 178 ASN1_EXP(ResponderID, value.byKey, ASN1_OCTET_STRING, 2) 179 } ASN1_CHOICE_END(ResponderID); 180 181 ASN1_SEQUENCE(RevokedInfo) = { 182 ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME), 183 ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0) 184 } ASN1_SEQUENCE_END(RevokedInfo); 185 186 ASN1_CHOICE(CertStatus) = { 187 ASN1_IMP(CertStatus, value.good, ASN1_NULL, 0), 188 ASN1_IMP(CertStatus, value.revoked, RevokedInfo, 1), 189 ASN1_IMP(CertStatus, value.unknown, ASN1_NULL, 2) 190 } ASN1_CHOICE_END(CertStatus); 191 192 ASN1_SEQUENCE(SingleResponse) = { 193 ASN1_SIMPLE(SingleResponse, certID, CertID), 194 ASN1_SIMPLE(SingleResponse, certStatus, CertStatus), 195 ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME), 196 ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0), 197 ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, 198 X509_EXTENSION, 1) 199 } ASN1_SEQUENCE_END(SingleResponse); 200 201 ASN1_SEQUENCE(ResponseData) = { 202 ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0), 203 ASN1_SIMPLE(ResponseData, responderID, ResponderID), 204 ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME), 205 ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse), 206 ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, 207 X509_EXTENSION, 1) 208 } ASN1_SEQUENCE_END(ResponseData); 209 210 ASN1_SEQUENCE(BasicOCSPResponse) = { 211 ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData), 212 ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR), 213 ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING), 214 ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0) 215 } ASN1_SEQUENCE_END(BasicOCSPResponse); 216 217 IMPLEMENT_ASN1_FUNCTIONS(BasicOCSPResponse); 218 219 DEFINE_STACK_OF(SingleResponse) 220 221 static char * mem_bio_to_str(BIO *out) 222 { 223 char *txt; 224 size_t rlen; 225 int res; 226 227 rlen = BIO_ctrl_pending(out); 228 txt = os_malloc(rlen + 1); 229 if (!txt) { 230 BIO_free(out); 231 return NULL; 232 } 233 234 res = BIO_read(out, txt, rlen); 235 BIO_free(out); 236 if (res < 0) { 237 os_free(txt); 238 return NULL; 239 } 240 241 txt[res] = '\0'; 242 return txt; 243 } 244 245 246 static char * generalizedtime_str(ASN1_GENERALIZEDTIME *t) 247 { 248 BIO *out; 249 250 out = BIO_new(BIO_s_mem()); 251 if (!out) 252 return NULL; 253 254 if (!ASN1_GENERALIZEDTIME_print(out, t)) { 255 BIO_free(out); 256 return NULL; 257 } 258 259 return mem_bio_to_str(out); 260 } 261 262 263 static char * responderid_str(ResponderID *rid) 264 { 265 BIO *out; 266 267 out = BIO_new(BIO_s_mem()); 268 if (!out) 269 return NULL; 270 271 switch (rid->type) { 272 case 0: 273 X509_NAME_print_ex(out, rid->value.byName, 0, XN_FLAG_ONELINE); 274 break; 275 case 1: 276 i2a_ASN1_STRING(out, rid->value.byKey, V_ASN1_OCTET_STRING); 277 break; 278 default: 279 BIO_free(out); 280 return NULL; 281 } 282 283 return mem_bio_to_str(out); 284 } 285 286 287 static char * octet_string_str(ASN1_OCTET_STRING *o) 288 { 289 BIO *out; 290 291 out = BIO_new(BIO_s_mem()); 292 if (!out) 293 return NULL; 294 295 i2a_ASN1_STRING(out, o, V_ASN1_OCTET_STRING); 296 return mem_bio_to_str(out); 297 } 298 299 300 static char * integer_str(ASN1_INTEGER *i) 301 { 302 BIO *out; 303 304 out = BIO_new(BIO_s_mem()); 305 if (!out) 306 return NULL; 307 308 i2a_ASN1_INTEGER(out, i); 309 return mem_bio_to_str(out); 310 } 311 312 313 static char * algor_str(X509_ALGOR *alg) 314 { 315 BIO *out; 316 317 out = BIO_new(BIO_s_mem()); 318 if (!out) 319 return NULL; 320 321 i2a_ASN1_OBJECT(out, alg->algorithm); 322 return mem_bio_to_str(out); 323 } 324 325 326 static char * extensions_str(const char *title, STACK_OF(X509_EXTENSION) *ext) 327 { 328 BIO *out; 329 330 if (!ext) 331 return NULL; 332 333 out = BIO_new(BIO_s_mem()); 334 if (!out) 335 return NULL; 336 337 if (!X509V3_extensions_print(out, title, ext, 0, 0)) { 338 BIO_free(out); 339 return NULL; 340 } 341 return mem_bio_to_str(out); 342 } 343 344 345 static int ocsp_resp_valid(ASN1_GENERALIZEDTIME *thisupd, 346 ASN1_GENERALIZEDTIME *nextupd) 347 { 348 time_t now, tmp; 349 350 if (!ASN1_GENERALIZEDTIME_check(thisupd)) { 351 wpa_printf(MSG_DEBUG, 352 "OpenSSL: Invalid OCSP response thisUpdate"); 353 return 0; 354 } 355 356 time(&now); 357 tmp = now + 5 * 60; /* allow five minute clock difference */ 358 if (X509_cmp_time(thisupd, &tmp) > 0) { 359 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response not yet valid"); 360 return 0; 361 } 362 363 if (!nextupd) 364 return 1; /* OK - no limit on response age */ 365 366 if (!ASN1_GENERALIZEDTIME_check(nextupd)) { 367 wpa_printf(MSG_DEBUG, 368 "OpenSSL: Invalid OCSP response nextUpdate"); 369 return 0; 370 } 371 372 tmp = now - 5 * 60; /* allow five minute clock difference */ 373 if (X509_cmp_time(nextupd, &tmp) < 0) { 374 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response expired"); 375 return 0; 376 } 377 378 if (ASN1_STRING_cmp(nextupd, thisupd) < 0) { 379 wpa_printf(MSG_DEBUG, 380 "OpenSSL: OCSP response nextUpdate before thisUpdate"); 381 return 0; 382 } 383 384 /* Both thisUpdate and nextUpdate are valid */ 385 return -1; 386 } 387 388 389 static int issuer_match(X509 *cert, X509 *issuer, CertID *certid) 390 { 391 X509_NAME *iname; 392 ASN1_BIT_STRING *ikey; 393 const EVP_MD *dgst; 394 unsigned int len; 395 unsigned char md[EVP_MAX_MD_SIZE]; 396 ASN1_OCTET_STRING *hash; 397 char *txt; 398 399 dgst = EVP_get_digestbyobj(certid->hashAlgorithm->algorithm); 400 if (!dgst) { 401 wpa_printf(MSG_DEBUG, 402 "OpenSSL: Could not find matching hash algorithm for OCSP"); 403 return -1; 404 } 405 406 iname = X509_get_issuer_name(cert); 407 if (!X509_NAME_digest(iname, dgst, md, &len)) 408 return -1; 409 hash = ASN1_OCTET_STRING_new(); 410 if (!hash) 411 return -1; 412 if (!ASN1_OCTET_STRING_set(hash, md, len)) { 413 ASN1_OCTET_STRING_free(hash); 414 return -1; 415 } 416 417 txt = octet_string_str(hash); 418 if (txt) { 419 wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerNameHash: %s", 420 txt); 421 os_free(txt); 422 } 423 424 if (ASN1_OCTET_STRING_cmp(certid->issuerNameHash, hash)) { 425 ASN1_OCTET_STRING_free(hash); 426 return -1; 427 } 428 429 ikey = X509_get0_pubkey_bitstr(issuer); 430 if (!ikey || 431 !EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) || 432 !ASN1_OCTET_STRING_set(hash, md, len)) { 433 ASN1_OCTET_STRING_free(hash); 434 return -1; 435 } 436 437 txt = octet_string_str(hash); 438 if (txt) { 439 wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerKeyHash: %s", 440 txt); 441 os_free(txt); 442 } 443 444 if (ASN1_OCTET_STRING_cmp(certid->issuerKeyHash, hash)) { 445 ASN1_OCTET_STRING_free(hash); 446 return -1; 447 } 448 449 ASN1_OCTET_STRING_free(hash); 450 return 0; 451 } 452 453 454 static X509 * ocsp_find_signer(STACK_OF(X509) *certs, ResponderID *rid) 455 { 456 unsigned int i; 457 unsigned char hash[SHA_DIGEST_LENGTH]; 458 459 if (rid->type == 0) { 460 /* byName */ 461 return X509_find_by_subject(certs, rid->value.byName); 462 } 463 464 /* byKey */ 465 if (rid->value.byKey->length != SHA_DIGEST_LENGTH) 466 return NULL; 467 for (i = 0; i < sk_X509_num(certs); i++) { 468 X509 *x = sk_X509_value(certs, i); 469 470 X509_pubkey_digest(x, EVP_sha1(), hash, NULL); 471 if (os_memcmp(rid->value.byKey->data, hash, 472 SHA_DIGEST_LENGTH) == 0) 473 return x; 474 } 475 476 return NULL; 477 } 478 479 480 enum ocsp_result check_ocsp_resp(SSL_CTX *ssl_ctx, SSL *ssl, X509 *cert, 481 X509 *issuer, X509 *issuer_issuer) 482 { 483 const uint8_t *resp_data; 484 size_t resp_len; 485 OCSPResponse *resp; 486 int status; 487 ResponseBytes *bytes; 488 const u8 *basic_data; 489 size_t basic_len; 490 BasicOCSPResponse *basic; 491 ResponseData *rd; 492 char *txt; 493 int i, num; 494 unsigned int j, num_resp; 495 SingleResponse *matching_resp = NULL, *cmp_sresp; 496 enum ocsp_result result = OCSP_INVALID; 497 X509_STORE *store; 498 STACK_OF(X509) *untrusted = NULL, *certs = NULL, *chain = NULL; 499 X509_STORE_CTX *ctx = NULL; 500 X509 *signer, *tmp_cert; 501 int signer_trusted = 0; 502 EVP_PKEY *skey; 503 int ret; 504 char buf[256]; 505 506 txt = integer_str(X509_get_serialNumber(cert)); 507 if (txt) { 508 wpa_printf(MSG_DEBUG, 509 "OpenSSL: Searching OCSP response for peer certificate serialNumber: %s", txt); 510 os_free(txt); 511 } 512 513 SSL_get0_ocsp_response(ssl, &resp_data, &resp_len); 514 if (resp_data == NULL || resp_len == 0) { 515 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received"); 516 return OCSP_NO_RESPONSE; 517 } 518 519 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", resp_data, resp_len); 520 521 resp = d2i_OCSPResponse(NULL, &resp_data, resp_len); 522 if (!resp) { 523 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSPResponse"); 524 return OCSP_INVALID; 525 } 526 527 status = ASN1_ENUMERATED_get(resp->responseStatus); 528 if (status != 0) { 529 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d", 530 status); 531 return OCSP_INVALID; 532 } 533 534 bytes = resp->responseBytes; 535 536 if (!bytes || 537 OBJ_obj2nid(bytes->responseType) != NID_id_pkix_OCSP_basic) { 538 wpa_printf(MSG_INFO, 539 "OpenSSL: Could not find BasicOCSPResponse"); 540 return OCSP_INVALID; 541 } 542 543 basic_data = ASN1_STRING_data(bytes->response); 544 basic_len = ASN1_STRING_length(bytes->response); 545 wpa_hexdump(MSG_DEBUG, "OpenSSL: BasicOCSPResponse", 546 basic_data, basic_len); 547 548 basic = d2i_BasicOCSPResponse(NULL, &basic_data, basic_len); 549 if (!basic) { 550 wpa_printf(MSG_INFO, 551 "OpenSSL: Could not parse BasicOCSPResponse"); 552 OCSPResponse_free(resp); 553 return OCSP_INVALID; 554 } 555 556 rd = basic->tbsResponseData; 557 558 if (basic->certs) { 559 untrusted = sk_X509_dup(basic->certs); 560 if (!untrusted) 561 goto fail; 562 563 num = sk_X509_num(basic->certs); 564 for (i = 0; i < num; i++) { 565 X509 *extra_cert; 566 567 extra_cert = sk_X509_value(basic->certs, i); 568 X509_NAME_oneline(X509_get_subject_name(extra_cert), 569 buf, sizeof(buf)); 570 wpa_printf(MSG_DEBUG, 571 "OpenSSL: BasicOCSPResponse cert %s", buf); 572 573 if (!sk_X509_push(untrusted, extra_cert)) { 574 wpa_printf(MSG_DEBUG, 575 "OpenSSL: Could not add certificate to the untrusted stack"); 576 } 577 } 578 } 579 580 store = SSL_CTX_get_cert_store(ssl_ctx); 581 if (issuer) { 582 if (X509_STORE_add_cert(store, issuer) != 1) { 583 tls_show_errors(MSG_INFO, __func__, 584 "OpenSSL: Could not add issuer to certificate store"); 585 } 586 certs = sk_X509_new_null(); 587 if (certs) { 588 tmp_cert = X509_dup(issuer); 589 if (tmp_cert && !sk_X509_push(certs, tmp_cert)) { 590 tls_show_errors( 591 MSG_INFO, __func__, 592 "OpenSSL: Could not add issuer to OCSP responder trust store"); 593 X509_free(tmp_cert); 594 sk_X509_free(certs); 595 certs = NULL; 596 } 597 if (certs && issuer_issuer) { 598 tmp_cert = X509_dup(issuer_issuer); 599 if (tmp_cert && 600 !sk_X509_push(certs, tmp_cert)) { 601 tls_show_errors( 602 MSG_INFO, __func__, 603 "OpenSSL: Could not add issuer's issuer to OCSP responder trust store"); 604 X509_free(tmp_cert); 605 } 606 } 607 } 608 } 609 610 signer = ocsp_find_signer(certs, rd->responderID); 611 if (!signer) 612 signer = ocsp_find_signer(untrusted, rd->responderID); 613 else 614 signer_trusted = 1; 615 if (!signer) { 616 wpa_printf(MSG_DEBUG, 617 "OpenSSL: Could not find OCSP signer certificate"); 618 goto fail; 619 } 620 621 skey = X509_get_pubkey(signer); 622 if (!skey) { 623 wpa_printf(MSG_DEBUG, 624 "OpenSSL: Could not get OCSP signer public key"); 625 goto fail; 626 } 627 if (ASN1_item_verify(ASN1_ITEM_rptr(ResponseData), 628 basic->signatureAlgorithm, basic->signature, 629 basic->tbsResponseData, skey) <= 0) { 630 wpa_printf(MSG_DEBUG, 631 "OpenSSL: BasicOCSPResponse signature is invalid"); 632 goto fail; 633 } 634 635 X509_NAME_oneline(X509_get_subject_name(signer), buf, sizeof(buf)); 636 wpa_printf(MSG_DEBUG, 637 "OpenSSL: Found OCSP signer certificate %s and verified BasicOCSPResponse signature", 638 buf); 639 640 ctx = X509_STORE_CTX_new(); 641 if (!ctx || !X509_STORE_CTX_init(ctx, store, signer, untrusted)) 642 goto fail; 643 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER); 644 ret = X509_verify_cert(ctx); 645 chain = X509_STORE_CTX_get1_chain(ctx); 646 X509_STORE_CTX_cleanup(ctx); 647 if (ret <= 0) { 648 wpa_printf(MSG_DEBUG, 649 "OpenSSL: Could not validate OCSP signer certificate"); 650 goto fail; 651 } 652 653 if (!chain || sk_X509_num(chain) <= 0) { 654 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP signer chain found"); 655 goto fail; 656 } 657 658 if (!signer_trusted) { 659 X509_check_purpose(signer, -1, 0); 660 if ((X509_get_extension_flags(signer) & EXFLAG_XKUSAGE) && 661 (X509_get_extended_key_usage(signer) & XKU_OCSP_SIGN)) { 662 wpa_printf(MSG_DEBUG, 663 "OpenSSL: OCSP signer certificate delegation OK"); 664 } else { 665 tmp_cert = sk_X509_value(chain, sk_X509_num(chain) - 1); 666 if (X509_check_trust(tmp_cert, NID_OCSP_sign, 0) != 667 X509_TRUST_TRUSTED) { 668 wpa_printf(MSG_DEBUG, 669 "OpenSSL: OCSP signer certificate not trusted"); 670 result = OCSP_NO_RESPONSE; 671 goto fail; 672 } 673 } 674 } 675 676 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP version: %lu", 677 ASN1_INTEGER_get(rd->version)); 678 679 txt = responderid_str(rd->responderID); 680 if (txt) { 681 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP responderID: %s", 682 txt); 683 os_free(txt); 684 } 685 686 txt = generalizedtime_str(rd->producedAt); 687 if (txt) { 688 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP producedAt: %s", 689 txt); 690 os_free(txt); 691 } 692 693 num_resp = sk_SingleResponse_num(rd->responses); 694 if (num_resp == 0) { 695 wpa_printf(MSG_DEBUG, 696 "OpenSSL: No OCSP SingleResponse within BasicOCSPResponse"); 697 result = OCSP_NO_RESPONSE; 698 goto fail; 699 } 700 cmp_sresp = sk_SingleResponse_value(rd->responses, 0); 701 for (j = 0; j < num_resp; j++) { 702 SingleResponse *sresp; 703 CertID *cid1, *cid2; 704 705 sresp = sk_SingleResponse_value(rd->responses, j); 706 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP SingleResponse %u/%u", 707 j + 1, num_resp); 708 709 txt = algor_str(sresp->certID->hashAlgorithm); 710 if (txt) { 711 wpa_printf(MSG_DEBUG, 712 "OpenSSL: certID hashAlgorithm: %s", txt); 713 os_free(txt); 714 } 715 716 txt = octet_string_str(sresp->certID->issuerNameHash); 717 if (txt) { 718 wpa_printf(MSG_DEBUG, 719 "OpenSSL: certID issuerNameHash: %s", txt); 720 os_free(txt); 721 } 722 723 txt = octet_string_str(sresp->certID->issuerKeyHash); 724 if (txt) { 725 wpa_printf(MSG_DEBUG, 726 "OpenSSL: certID issuerKeyHash: %s", txt); 727 os_free(txt); 728 } 729 730 txt = integer_str(sresp->certID->serialNumber); 731 if (txt) { 732 wpa_printf(MSG_DEBUG, 733 "OpenSSL: certID serialNumber: %s", txt); 734 os_free(txt); 735 } 736 737 switch (sresp->certStatus->type) { 738 case 0: 739 wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: good"); 740 break; 741 case 1: 742 wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: revoked"); 743 break; 744 default: 745 wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: unknown"); 746 break; 747 } 748 749 txt = generalizedtime_str(sresp->thisUpdate); 750 if (txt) { 751 wpa_printf(MSG_DEBUG, "OpenSSL: thisUpdate: %s", txt); 752 os_free(txt); 753 } 754 755 if (sresp->nextUpdate) { 756 txt = generalizedtime_str(sresp->nextUpdate); 757 if (txt) { 758 wpa_printf(MSG_DEBUG, "OpenSSL: nextUpdate: %s", 759 txt); 760 os_free(txt); 761 } 762 } 763 764 txt = extensions_str("singleExtensions", 765 sresp->singleExtensions); 766 if (txt) { 767 wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt); 768 os_free(txt); 769 } 770 771 cid1 = cmp_sresp->certID; 772 cid2 = sresp->certID; 773 if (j > 0 && 774 (OBJ_cmp(cid1->hashAlgorithm->algorithm, 775 cid2->hashAlgorithm->algorithm) != 0 || 776 ASN1_OCTET_STRING_cmp(cid1->issuerNameHash, 777 cid2->issuerNameHash) != 0 || 778 ASN1_OCTET_STRING_cmp(cid1->issuerKeyHash, 779 cid2->issuerKeyHash) != 0)) { 780 wpa_printf(MSG_DEBUG, 781 "OpenSSL: Different OCSP response issuer information between SingleResponse values within BasicOCSPResponse"); 782 goto fail; 783 } 784 785 if (!matching_resp && issuer && 786 ASN1_INTEGER_cmp(sresp->certID->serialNumber, 787 X509_get_serialNumber(cert)) == 0 && 788 issuer_match(cert, issuer, sresp->certID) == 0) { 789 wpa_printf(MSG_DEBUG, 790 "OpenSSL: This response matches peer certificate"); 791 matching_resp = sresp; 792 } 793 } 794 795 txt = extensions_str("responseExtensions", rd->responseExtensions); 796 if (txt) { 797 wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt); 798 os_free(txt); 799 } 800 801 if (!matching_resp) { 802 wpa_printf(MSG_DEBUG, 803 "OpenSSL: Could not find OCSP response that matches the peer certificate"); 804 result = OCSP_NO_RESPONSE; 805 goto fail; 806 } 807 808 if (!ocsp_resp_valid(matching_resp->thisUpdate, 809 matching_resp->nextUpdate)) { 810 wpa_printf(MSG_DEBUG, 811 "OpenSSL: OCSP response not valid at this time"); 812 goto fail; 813 } 814 815 if (matching_resp->certStatus->type == 1) { 816 wpa_printf(MSG_DEBUG, 817 "OpenSSL: OCSP response indicated that the peer certificate has been revoked"); 818 result = OCSP_REVOKED; 819 goto fail; 820 } 821 822 if (matching_resp->certStatus->type != 0) { 823 wpa_printf(MSG_DEBUG, 824 "OpenSSL: OCSP response did not indicate good status"); 825 result = OCSP_NO_RESPONSE; 826 goto fail; 827 } 828 829 /* OCSP response indicated the certificate is good. */ 830 result = OCSP_GOOD; 831 fail: 832 sk_X509_pop_free(chain, X509_free); 833 sk_X509_free(untrusted); 834 sk_X509_pop_free(certs, X509_free); 835 BasicOCSPResponse_free(basic); 836 OCSPResponse_free(resp); 837 X509_STORE_CTX_free(ctx); 838 839 return result; 840 } 841 842 #endif /* OPENSSL_IS_BORINGSSL */ 843
Indexes created Thu Jun 11 00:25:07 UTC 2026