ocsp_vfy.c@ 91772

Last change on this file since 91772 was 91772, checked in by vboxsync, 3 years ago
openssl-1.1.1l: Applied and adjusted our OpenSSL changes to 1.1.1l. bugref:10126
File size: 13.0 KB

Line
1	/*
2	* Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <openssl/ocsp.h>
11	#include "ocsp_local.h"
12	#include <openssl/err.h>
13	#include <string.h>
14
15	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
16	STACK_OF(X509) *certs, unsigned long flags);
17	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id);
18	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain);
19	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
20	OCSP_CERTID **ret);
21	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
22	STACK_OF(OCSP_SINGLERESP) *sresp);
23	static int ocsp_check_delegated(X509 *x);
24	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
25	X509_NAME nm, STACK_OF(X509) certs,
26	unsigned long flags);
27
28	/* Verify a basic response message */
29
30	int OCSP_basic_verify(OCSP_BASICRESP bs, STACK_OF(X509) certs,
31	X509_STORE *st, unsigned long flags)
32	{
33	X509 signer, x;
34	STACK_OF(X509) *chain = NULL;
35	STACK_OF(X509) *untrusted = NULL;
36	X509_STORE_CTX *ctx = NULL;
37	int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
38
39	if (!ret) {
40	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
41	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
42	goto end;
43	}
44	ctx = X509_STORE_CTX_new();
45	if (ctx == NULL) {
46	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
47	goto f_err;
48	}
49	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
50	flags \|= OCSP_NOVERIFY;
51	if (!(flags & OCSP_NOSIGS)) {
52	EVP_PKEY *skey;
53	skey = X509_get0_pubkey(signer);
54	if (skey == NULL) {
55	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);
56	goto err;
57	}
58	ret = OCSP_BASICRESP_verify(bs, skey, 0);
59	if (ret <= 0) {
60	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
61	goto end;
62	}
63	}
64	if (!(flags & OCSP_NOVERIFY)) {
65	int init_res;
66	if (flags & OCSP_NOCHAIN) {
67	untrusted = NULL;
68	} else if (bs->certs && certs) {
69	untrusted = sk_X509_dup(bs->certs);
70	for (i = 0; i < sk_X509_num(certs); i++) {
71	if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
72	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
73	goto f_err;
74	}
75	}
76	} else if (certs != NULL) {
77	untrusted = certs;
78	} else {
79	untrusted = bs->certs;
80	}
81	init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);
82	if (!init_res) {
83	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
84	goto f_err;
85	}
86
87	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
88	ret = X509_verify_cert(ctx);
89	chain = X509_STORE_CTX_get1_chain(ctx);
90	if (ret <= 0) {
91	i = X509_STORE_CTX_get_error(ctx);
92	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
93	OCSP_R_CERTIFICATE_VERIFY_ERROR);
94	ERR_add_error_data(2, "Verify error:",
95	X509_verify_cert_error_string(i));
96	goto end;
97	}
98	if (flags & OCSP_NOCHECKS) {
99	ret = 1;
100	goto end;
101	}
102	/*
103	* At this point we have a valid certificate chain need to verify it
104	* against the OCSP issuer criteria.
105	*/
106	ret = ocsp_check_issuer(bs, chain);
107
108	/* If fatal error or valid match then finish */
109	if (ret != 0)
110	goto end;
111
112	/*
113	* Easy case: explicitly trusted. Get root CA and check for explicit
114	* trust
115	*/
116	if (flags & OCSP_NOEXPLICIT)
117	goto end;
118
119	x = sk_X509_value(chain, sk_X509_num(chain) - 1);
120	if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
121	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
122	goto err;
123	}
124	ret = 1;
125	}
126	end:
127	X509_STORE_CTX_free(ctx);
128	sk_X509_pop_free(chain, X509_free);
129	if (bs->certs && certs)
130	sk_X509_free(untrusted);
131	return ret;
132
133	err:
134	ret = 0;
135	goto end;
136	f_err:
137	ret = -1;
138	goto end;
139	}
140
141	int OCSP_resp_get0_signer(OCSP_BASICRESP bs, X509 *signer,
142	STACK_OF(X509) *extra_certs)
143	{
144	int ret;
145
146	ret = ocsp_find_signer(signer, bs, extra_certs, 0);
147	return (ret > 0) ? 1 : 0;
148	}
149
150	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
151	STACK_OF(X509) *certs, unsigned long flags)
152	{
153	X509 *signer;
154	OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
155	if ((signer = ocsp_find_signer_sk(certs, rid))) {
156	*psigner = signer;
157	return 2;
158	}
159	if (!(flags & OCSP_NOINTERN) &&
160	(signer = ocsp_find_signer_sk(bs->certs, rid))) {
161	*psigner = signer;
162	return 1;
163	}
164	/* Maybe lookup from store if by subject name */
165
166	*psigner = NULL;
167	return 0;
168	}
169
170	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id)
171	{
172	int i;
173	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
174	X509 *x;
175
176	/* Easy if lookup by name */
177	if (id->type == V_OCSP_RESPID_NAME)
178	return X509_find_by_subject(certs, id->value.byName);
179
180	/* Lookup by key hash */
181
182	/* If key hash isn't SHA1 length then forget it */
183	if (id->value.byKey->length != SHA_DIGEST_LENGTH)
184	return NULL;
185	keyhash = id->value.byKey->data;
186	/* Calculate hash of each key and compare */
187	for (i = 0; i < sk_X509_num(certs); i++) {
188	x = sk_X509_value(certs, i);
189	X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
190	if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
191	return x;
192	}
193	return NULL;
194	}
195
196	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain)
197	{
198	STACK_OF(OCSP_SINGLERESP) *sresp;
199	X509 signer, sca;
200	OCSP_CERTID *caid = NULL;
201	int i;
202	sresp = bs->tbsResponseData.responses;
203
204	if (sk_X509_num(chain) <= 0) {
205	OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
206	return -1;
207	}
208
209	/* See if the issuer IDs match. */
210	i = ocsp_check_ids(sresp, &caid);
211
212	/* If ID mismatch or other error then return */
213	if (i <= 0)
214	return i;
215
216	signer = sk_X509_value(chain, 0);
217	/* Check to see if OCSP responder CA matches request CA */
218	if (sk_X509_num(chain) > 1) {
219	sca = sk_X509_value(chain, 1);
220	i = ocsp_match_issuerid(sca, caid, sresp);
221	if (i < 0)
222	return i;
223	if (i) {
224	/* We have a match, if extensions OK then success */
225	if (ocsp_check_delegated(signer))
226	return 1;
227	return 0;
228	}
229	}
230
231	/* Otherwise check if OCSP request signed directly by request CA */
232	return ocsp_match_issuerid(signer, caid, sresp);
233	}
234
235	/*
236	* Check the issuer certificate IDs for equality. If there is a mismatch with
237	* the same algorithm then there's no point trying to match any certificates
238	* against the issuer. If the issuer IDs all match then we just need to check
239	* equality against one of them.
240	*/
241
242	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) sresp, OCSP_CERTID *ret)
243	{
244	OCSP_CERTID tmpid, cid;
245	int i, idcount;
246
247	idcount = sk_OCSP_SINGLERESP_num(sresp);
248	if (idcount <= 0) {
249	OCSPerr(OCSP_F_OCSP_CHECK_IDS,
250	OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
251	return -1;
252	}
253
254	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
255
256	*ret = NULL;
257
258	for (i = 1; i < idcount; i++) {
259	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
260	/* Check to see if IDs match */
261	if (OCSP_id_issuer_cmp(cid, tmpid)) {
262	/* If algorithm mismatch let caller deal with it */
263	if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
264	cid->hashAlgorithm.algorithm))
265	return 2;
266	/* Else mismatch */
267	return 0;
268	}
269	}
270
271	/* All IDs match: only need to check one ID */
272	*ret = cid;
273	return 1;
274	}
275
276	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
277	STACK_OF(OCSP_SINGLERESP) *sresp)
278	{
279	/* If only one ID to match then do it */
280	if (cid) {
281	const EVP_MD *dgst;
282	X509_NAME *iname;
283	int mdlen;
284	unsigned char md[EVP_MAX_MD_SIZE];
285	if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
286	== NULL) {
287	OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
288	OCSP_R_UNKNOWN_MESSAGE_DIGEST);
289	return -1;
290	}
291
292	mdlen = EVP_MD_size(dgst);
293	if (mdlen < 0)
294	return -1;
295	if ((cid->issuerNameHash.length != mdlen) \|\|
296	(cid->issuerKeyHash.length != mdlen))
297	return 0;
298	iname = X509_get_subject_name(cert);
299	if (!X509_NAME_digest(iname, dgst, md, NULL))
300	return -1;
301	if (memcmp(md, cid->issuerNameHash.data, mdlen))
302	return 0;
303	X509_pubkey_digest(cert, dgst, md, NULL);
304	if (memcmp(md, cid->issuerKeyHash.data, mdlen))
305	return 0;
306
307	return 1;
308
309	} else {
310	/* We have to match the whole lot */
311	int i, ret;
312	OCSP_CERTID *tmpid;
313	for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
314	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
315	ret = ocsp_match_issuerid(cert, tmpid, NULL);
316	if (ret <= 0)
317	return ret;
318	}
319	return 1;
320	}
321
322	}
323
324	static int ocsp_check_delegated(X509 *x)
325	{
326	if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
327	&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
328	return 1;
329	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
330	return 0;
331	}
332
333	/*
334	* Verify an OCSP request. This is fortunately much easier than OCSP response
335	* verify. Just find the signers certificate and verify it against a given
336	* trust value.
337	*/
338
339	int OCSP_request_verify(OCSP_REQUEST req, STACK_OF(X509) certs,
340	X509_STORE *store, unsigned long flags)
341	{
342	X509 *signer;
343	X509_NAME *nm;
344	GENERAL_NAME *gen;
345	int ret = 0;
346	X509_STORE_CTX *ctx = X509_STORE_CTX_new();
347
348	if (ctx == NULL) {
349	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE);
350	goto err;
351	}
352
353	if (!req->optionalSignature) {
354	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
355	goto err;
356	}
357	gen = req->tbsRequest.requestorName;
358	if (!gen \|\| gen->type != GEN_DIRNAME) {
359	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
360	OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
361	goto err;
362	}
363	nm = gen->d.directoryName;
364	ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
365	if (ret <= 0) {
366	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
367	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
368	goto err;
369	}
370	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
371	flags \|= OCSP_NOVERIFY;
372	if (!(flags & OCSP_NOSIGS)) {
373	EVP_PKEY *skey;
374	skey = X509_get0_pubkey(signer);
375	ret = OCSP_REQUEST_verify(req, skey);
376	if (ret <= 0) {
377	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
378	goto err;
379	}
380	}
381	if (!(flags & OCSP_NOVERIFY)) {
382	int init_res;
383	if (flags & OCSP_NOCHAIN)
384	init_res = X509_STORE_CTX_init(ctx, store, signer, NULL);
385	else
386	init_res = X509_STORE_CTX_init(ctx, store, signer,
387	req->optionalSignature->certs);
388	if (!init_res) {
389	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
390	goto err;
391	}
392
393	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
394	X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
395	ret = X509_verify_cert(ctx);
396	if (ret <= 0) {
397	ret = X509_STORE_CTX_get_error(ctx);
398	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
399	OCSP_R_CERTIFICATE_VERIFY_ERROR);
400	ERR_add_error_data(2, "Verify error:",
401	X509_verify_cert_error_string(ret));
402	goto err;
403	}
404	}
405	ret = 1;
406	goto end;
407
408	err:
409	ret = 0;
410	end:
411	X509_STORE_CTX_free(ctx);
412	return ret;
413
414	}
415
416	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
417	X509_NAME nm, STACK_OF(X509) certs,
418	unsigned long flags)
419	{
420	X509 *signer;
421	if (!(flags & OCSP_NOINTERN)) {
422	signer = X509_find_by_subject(req->optionalSignature->certs, nm);
423	if (signer) {
424	*psigner = signer;
425	return 1;
426	}
427	}
428
429	signer = X509_find_by_subject(certs, nm);
430	if (signer) {
431	*psigner = signer;
432	return 2;
433	}
434	return 0;
435	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-1.1.1l/crypto/ocsp/ocsp_vfy.c@ 91772

Download in other formats: