ocsp_vfy.c@ 69890

Last change on this file since 69890 was 69890, checked in by vboxsync, 7 years ago
Added OpenSSL 1.1.0g with unneeded files removed, otherwise unmodified. bugref:8070: src/libs maintenance
Property svn:eol-style set to `native`
File size: 12.8 KB

Line
1	/*
2	* Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <openssl/ocsp.h>
11	#include "ocsp_lcl.h"
12	#include <openssl/err.h>
13	#include <string.h>
14
15	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
16	STACK_OF(X509) *certs, unsigned long flags);
17	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id);
18	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain);
19	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
20	OCSP_CERTID **ret);
21	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
22	STACK_OF(OCSP_SINGLERESP) *sresp);
23	static int ocsp_check_delegated(X509 *x);
24	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
25	X509_NAME nm, STACK_OF(X509) certs,
26	unsigned long flags);
27
28	/* Verify a basic response message */
29
30	int OCSP_basic_verify(OCSP_BASICRESP bs, STACK_OF(X509) certs,
31	X509_STORE *st, unsigned long flags)
32	{
33	X509 signer, x;
34	STACK_OF(X509) *chain = NULL;
35	STACK_OF(X509) *untrusted = NULL;
36	X509_STORE_CTX *ctx = NULL;
37	int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
38
39	if (!ret) {
40	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
41	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
42	goto end;
43	}
44	ctx = X509_STORE_CTX_new();
45	if (ctx == NULL) {
46	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
47	goto f_err;
48	}
49	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
50	flags \|= OCSP_NOVERIFY;
51	if (!(flags & OCSP_NOSIGS)) {
52	EVP_PKEY *skey;
53	skey = X509_get0_pubkey(signer);
54	if (skey == NULL) {
55	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);
56	goto err;
57	}
58	ret = OCSP_BASICRESP_verify(bs, skey, 0);
59	if (ret <= 0) {
60	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
61	goto end;
62	}
63	}
64	if (!(flags & OCSP_NOVERIFY)) {
65	int init_res;
66	if (flags & OCSP_NOCHAIN) {
67	untrusted = NULL;
68	} else if (bs->certs && certs) {
69	untrusted = sk_X509_dup(bs->certs);
70	for (i = 0; i < sk_X509_num(certs); i++) {
71	if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
72	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
73	goto f_err;
74	}
75	}
76	} else if (certs != NULL) {
77	untrusted = certs;
78	} else {
79	untrusted = bs->certs;
80	}
81	init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);
82	if (!init_res) {
83	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
84	goto f_err;
85	}
86
87	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
88	ret = X509_verify_cert(ctx);
89	chain = X509_STORE_CTX_get1_chain(ctx);
90	if (ret <= 0) {
91	i = X509_STORE_CTX_get_error(ctx);
92	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
93	OCSP_R_CERTIFICATE_VERIFY_ERROR);
94	ERR_add_error_data(2, "Verify error:",
95	X509_verify_cert_error_string(i));
96	goto end;
97	}
98	if (flags & OCSP_NOCHECKS) {
99	ret = 1;
100	goto end;
101	}
102	/*
103	* At this point we have a valid certificate chain need to verify it
104	* against the OCSP issuer criteria.
105	*/
106	ret = ocsp_check_issuer(bs, chain);
107
108	/* If fatal error or valid match then finish */
109	if (ret != 0)
110	goto end;
111
112	/*
113	* Easy case: explicitly trusted. Get root CA and check for explicit
114	* trust
115	*/
116	if (flags & OCSP_NOEXPLICIT)
117	goto end;
118
119	x = sk_X509_value(chain, sk_X509_num(chain) - 1);
120	if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
121	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
122	goto err;
123	}
124	ret = 1;
125	}
126	end:
127	X509_STORE_CTX_free(ctx);
128	sk_X509_pop_free(chain, X509_free);
129	if (bs->certs && certs)
130	sk_X509_free(untrusted);
131	return ret;
132
133	err:
134	ret = 0;
135	goto end;
136	f_err:
137	ret = -1;
138	goto end;
139	}
140
141	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
142	STACK_OF(X509) *certs, unsigned long flags)
143	{
144	X509 *signer;
145	OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
146	if ((signer = ocsp_find_signer_sk(certs, rid))) {
147	*psigner = signer;
148	return 2;
149	}
150	if (!(flags & OCSP_NOINTERN) &&
151	(signer = ocsp_find_signer_sk(bs->certs, rid))) {
152	*psigner = signer;
153	return 1;
154	}
155	/* Maybe lookup from store if by subject name */
156
157	*psigner = NULL;
158	return 0;
159	}
160
161	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id)
162	{
163	int i;
164	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
165	X509 *x;
166
167	/* Easy if lookup by name */
168	if (id->type == V_OCSP_RESPID_NAME)
169	return X509_find_by_subject(certs, id->value.byName);
170
171	/* Lookup by key hash */
172
173	/* If key hash isn't SHA1 length then forget it */
174	if (id->value.byKey->length != SHA_DIGEST_LENGTH)
175	return NULL;
176	keyhash = id->value.byKey->data;
177	/* Calculate hash of each key and compare */
178	for (i = 0; i < sk_X509_num(certs); i++) {
179	x = sk_X509_value(certs, i);
180	X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
181	if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
182	return x;
183	}
184	return NULL;
185	}
186
187	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain)
188	{
189	STACK_OF(OCSP_SINGLERESP) *sresp;
190	X509 signer, sca;
191	OCSP_CERTID *caid = NULL;
192	int i;
193	sresp = bs->tbsResponseData.responses;
194
195	if (sk_X509_num(chain) <= 0) {
196	OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
197	return -1;
198	}
199
200	/* See if the issuer IDs match. */
201	i = ocsp_check_ids(sresp, &caid);
202
203	/* If ID mismatch or other error then return */
204	if (i <= 0)
205	return i;
206
207	signer = sk_X509_value(chain, 0);
208	/* Check to see if OCSP responder CA matches request CA */
209	if (sk_X509_num(chain) > 1) {
210	sca = sk_X509_value(chain, 1);
211	i = ocsp_match_issuerid(sca, caid, sresp);
212	if (i < 0)
213	return i;
214	if (i) {
215	/* We have a match, if extensions OK then success */
216	if (ocsp_check_delegated(signer))
217	return 1;
218	return 0;
219	}
220	}
221
222	/* Otherwise check if OCSP request signed directly by request CA */
223	return ocsp_match_issuerid(signer, caid, sresp);
224	}
225
226	/*
227	* Check the issuer certificate IDs for equality. If there is a mismatch with
228	* the same algorithm then there's no point trying to match any certificates
229	* against the issuer. If the issuer IDs all match then we just need to check
230	* equality against one of them.
231	*/
232
233	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) sresp, OCSP_CERTID *ret)
234	{
235	OCSP_CERTID tmpid, cid;
236	int i, idcount;
237
238	idcount = sk_OCSP_SINGLERESP_num(sresp);
239	if (idcount <= 0) {
240	OCSPerr(OCSP_F_OCSP_CHECK_IDS,
241	OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
242	return -1;
243	}
244
245	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
246
247	*ret = NULL;
248
249	for (i = 1; i < idcount; i++) {
250	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
251	/* Check to see if IDs match */
252	if (OCSP_id_issuer_cmp(cid, tmpid)) {
253	/* If algorithm mismatch let caller deal with it */
254	if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
255	cid->hashAlgorithm.algorithm))
256	return 2;
257	/* Else mismatch */
258	return 0;
259	}
260	}
261
262	/* All IDs match: only need to check one ID */
263	*ret = cid;
264	return 1;
265	}
266
267	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
268	STACK_OF(OCSP_SINGLERESP) *sresp)
269	{
270	/* If only one ID to match then do it */
271	if (cid) {
272	const EVP_MD *dgst;
273	X509_NAME *iname;
274	int mdlen;
275	unsigned char md[EVP_MAX_MD_SIZE];
276	if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
277	== NULL) {
278	OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
279	OCSP_R_UNKNOWN_MESSAGE_DIGEST);
280	return -1;
281	}
282
283	mdlen = EVP_MD_size(dgst);
284	if (mdlen < 0)
285	return -1;
286	if ((cid->issuerNameHash.length != mdlen) \|\|
287	(cid->issuerKeyHash.length != mdlen))
288	return 0;
289	iname = X509_get_subject_name(cert);
290	if (!X509_NAME_digest(iname, dgst, md, NULL))
291	return -1;
292	if (memcmp(md, cid->issuerNameHash.data, mdlen))
293	return 0;
294	X509_pubkey_digest(cert, dgst, md, NULL);
295	if (memcmp(md, cid->issuerKeyHash.data, mdlen))
296	return 0;
297
298	return 1;
299
300	} else {
301	/* We have to match the whole lot */
302	int i, ret;
303	OCSP_CERTID *tmpid;
304	for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
305	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
306	ret = ocsp_match_issuerid(cert, tmpid, NULL);
307	if (ret <= 0)
308	return ret;
309	}
310	return 1;
311	}
312
313	}
314
315	static int ocsp_check_delegated(X509 *x)
316	{
317	if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
318	&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
319	return 1;
320	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
321	return 0;
322	}
323
324	/*
325	* Verify an OCSP request. This is fortunately much easier than OCSP response
326	* verify. Just find the signers certificate and verify it against a given
327	* trust value.
328	*/
329
330	int OCSP_request_verify(OCSP_REQUEST req, STACK_OF(X509) certs,
331	X509_STORE *store, unsigned long flags)
332	{
333	X509 *signer;
334	X509_NAME *nm;
335	GENERAL_NAME *gen;
336	int ret = 0;
337	X509_STORE_CTX *ctx = X509_STORE_CTX_new();
338
339	if (ctx == NULL) {
340	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE);
341	goto err;
342	}
343
344	if (!req->optionalSignature) {
345	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
346	goto err;
347	}
348	gen = req->tbsRequest.requestorName;
349	if (!gen \|\| gen->type != GEN_DIRNAME) {
350	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
351	OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
352	goto err;
353	}
354	nm = gen->d.directoryName;
355	ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
356	if (ret <= 0) {
357	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
358	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
359	goto err;
360	}
361	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
362	flags \|= OCSP_NOVERIFY;
363	if (!(flags & OCSP_NOSIGS)) {
364	EVP_PKEY *skey;
365	skey = X509_get0_pubkey(signer);
366	ret = OCSP_REQUEST_verify(req, skey);
367	if (ret <= 0) {
368	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
369	goto err;
370	}
371	}
372	if (!(flags & OCSP_NOVERIFY)) {
373	int init_res;
374	if (flags & OCSP_NOCHAIN)
375	init_res = X509_STORE_CTX_init(ctx, store, signer, NULL);
376	else
377	init_res = X509_STORE_CTX_init(ctx, store, signer,
378	req->optionalSignature->certs);
379	if (!init_res) {
380	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
381	goto err;
382	}
383
384	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
385	X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
386	ret = X509_verify_cert(ctx);
387	if (ret <= 0) {
388	ret = X509_STORE_CTX_get_error(ctx);
389	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
390	OCSP_R_CERTIFICATE_VERIFY_ERROR);
391	ERR_add_error_data(2, "Verify error:",
392	X509_verify_cert_error_string(ret));
393	goto err;
394	}
395	}
396	ret = 1;
397	goto end;
398
399	err:
400	ret = 0;
401	end:
402	X509_STORE_CTX_free(ctx);
403	return ret;
404
405	}
406
407	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
408	X509_NAME nm, STACK_OF(X509) certs,
409	unsigned long flags)
410	{
411	X509 *signer;
412	if (!(flags & OCSP_NOINTERN)) {
413	signer = X509_find_by_subject(req->optionalSignature->certs, nm);
414	if (signer) {
415	*psigner = signer;
416	return 1;
417	}
418	}
419
420	signer = X509_find_by_subject(certs, nm);
421	if (signer) {
422	*psigner = signer;
423	return 2;
424	}
425	return 0;
426	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-1.1.0g/crypto/ocsp/ocsp_vfy.c@ 69890

Download in other formats: