ocsp_vfy.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444
  1. /* ocsp_vfy.c */
  2. /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
  3. * project 2000.
  4. */
  5. /* ====================================================================
  6. * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. *
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in
  17. * the documentation and/or other materials provided with the
  18. * distribution.
  19. *
  20. * 3. All advertising materials mentioning features or use of this
  21. * software must display the following acknowledgment:
  22. * "This product includes software developed by the OpenSSL Project
  23. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24. *
  25. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. * endorse or promote products derived from this software without
  27. * prior written permission. For written permission, please contact
  28. * licensing@OpenSSL.org.
  29. *
  30. * 5. Products derived from this software may not be called "OpenSSL"
  31. * nor may "OpenSSL" appear in their names without prior written
  32. * permission of the OpenSSL Project.
  33. *
  34. * 6. Redistributions of any form whatsoever must retain the following
  35. * acknowledgment:
  36. * "This product includes software developed by the OpenSSL Project
  37. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38. *
  39. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. * OF THE POSSIBILITY OF SUCH DAMAGE.
  51. * ====================================================================
  52. *
  53. * This product includes cryptographic software written by Eric Young
  54. * (eay@cryptsoft.com). This product includes software written by Tim
  55. * Hudson (tjh@cryptsoft.com).
  56. *
  57. */
  58. #include <openssl/ocsp.h>
  59. #include <openssl/err.h>
  60. #include <string.h>
  61. static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
  62. X509_STORE *st, unsigned long flags);
  63. static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
  64. static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);
  65. static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
  66. static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);
  67. static int ocsp_check_delegated(X509 *x, int flags);
  68. static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
  69. X509_STORE *st, unsigned long flags);
  70. /* Verify a basic response message */
  71. int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
  72. X509_STORE *st, unsigned long flags)
  73. {
  74. X509 *signer, *x;
  75. STACK_OF(X509) *chain = NULL;
  76. X509_STORE_CTX ctx;
  77. int i, ret = 0;
  78. ret = ocsp_find_signer(&signer, bs, certs, st, flags);
  79. if (!ret)
  80. {
  81. OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
  82. goto end;
  83. }
  84. if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
  85. flags |= OCSP_NOVERIFY;
  86. if (!(flags & OCSP_NOSIGS))
  87. {
  88. EVP_PKEY *skey;
  89. skey = X509_get_pubkey(signer);
  90. ret = OCSP_BASICRESP_verify(bs, skey, 0);
  91. EVP_PKEY_free(skey);
  92. if(ret <= 0)
  93. {
  94. OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
  95. goto end;
  96. }
  97. }
  98. if (!(flags & OCSP_NOVERIFY))
  99. {
  100. int init_res;
  101. if(flags & OCSP_NOCHAIN)
  102. init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
  103. else
  104. init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
  105. if(!init_res)
  106. {
  107. OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
  108. goto end;
  109. }
  110. X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
  111. ret = X509_verify_cert(&ctx);
  112. chain = X509_STORE_CTX_get1_chain(&ctx);
  113. X509_STORE_CTX_cleanup(&ctx);
  114. if (ret <= 0)
  115. {
  116. i = X509_STORE_CTX_get_error(&ctx);
  117. OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
  118. ERR_add_error_data(2, "Verify error:",
  119. X509_verify_cert_error_string(i));
  120. goto end;
  121. }
  122. if(flags & OCSP_NOCHECKS)
  123. {
  124. ret = 1;
  125. goto end;
  126. }
  127. /* At this point we have a valid certificate chain
  128. * need to verify it against the OCSP issuer criteria.
  129. */
  130. ret = ocsp_check_issuer(bs, chain, flags);
  131. /* If fatal error or valid match then finish */
  132. if (ret != 0) goto end;
  133. /* Easy case: explicitly trusted. Get root CA and
  134. * check for explicit trust
  135. */
  136. if(flags & OCSP_NOEXPLICIT) goto end;
  137. x = sk_X509_value(chain, sk_X509_num(chain) - 1);
  138. if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED)
  139. {
  140. OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED);
  141. goto end;
  142. }
  143. ret = 1;
  144. }
  145. end:
  146. if(chain) sk_X509_pop_free(chain, X509_free);
  147. return ret;
  148. }
  149. static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
  150. X509_STORE *st, unsigned long flags)
  151. {
  152. X509 *signer;
  153. OCSP_RESPID *rid = bs->tbsResponseData->responderId;
  154. if ((signer = ocsp_find_signer_sk(certs, rid)))
  155. {
  156. *psigner = signer;
  157. return 2;
  158. }
  159. if(!(flags & OCSP_NOINTERN) &&
  160. (signer = ocsp_find_signer_sk(bs->certs, rid)))
  161. {
  162. *psigner = signer;
  163. return 1;
  164. }
  165. /* Maybe lookup from store if by subject name */
  166. *psigner = NULL;
  167. return 0;
  168. }
  169. static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
  170. {
  171. int i;
  172. unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
  173. X509 *x;
  174. /* Easy if lookup by name */
  175. if (id->type == V_OCSP_RESPID_NAME)
  176. return X509_find_by_subject(certs, id->value.byName);
  177. /* Lookup by key hash */
  178. /* If key hash isn't SHA1 length then forget it */
  179. if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
  180. keyhash = id->value.byKey->data;
  181. /* Calculate hash of each key and compare */
  182. for (i = 0; i < sk_X509_num(certs); i++)
  183. {
  184. x = sk_X509_value(certs, i);
  185. X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
  186. if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
  187. return x;
  188. }
  189. return NULL;
  190. }
  191. static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags)
  192. {
  193. STACK_OF(OCSP_SINGLERESP) *sresp;
  194. X509 *signer, *sca;
  195. OCSP_CERTID *caid = NULL;
  196. int i;
  197. sresp = bs->tbsResponseData->responses;
  198. if (sk_X509_num(chain) <= 0)
  199. {
  200. OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
  201. return -1;
  202. }
  203. /* See if the issuer IDs match. */
  204. i = ocsp_check_ids(sresp, &caid);
  205. /* If ID mismatch or other error then return */
  206. if (i <= 0) return i;
  207. signer = sk_X509_value(chain, 0);
  208. /* Check to see if OCSP responder CA matches request CA */
  209. if (sk_X509_num(chain) > 1)
  210. {
  211. sca = sk_X509_value(chain, 1);
  212. i = ocsp_match_issuerid(sca, caid, sresp);
  213. if (i < 0) return i;
  214. if (i)
  215. {
  216. /* We have a match, if extensions OK then success */
  217. if (ocsp_check_delegated(signer, flags)) return 1;
  218. return 0;
  219. }
  220. }
  221. /* Otherwise check if OCSP request signed directly by request CA */
  222. return ocsp_match_issuerid(signer, caid, sresp);
  223. }
  224. /* Check the issuer certificate IDs for equality. If there is a mismatch with the same
  225. * algorithm then there's no point trying to match any certificates against the issuer.
  226. * If the issuer IDs all match then we just need to check equality against one of them.
  227. */
  228. static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
  229. {
  230. OCSP_CERTID *tmpid, *cid;
  231. int i, idcount;
  232. idcount = sk_OCSP_SINGLERESP_num(sresp);
  233. if (idcount <= 0)
  234. {
  235. OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
  236. return -1;
  237. }
  238. cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
  239. *ret = NULL;
  240. for (i = 1; i < idcount; i++)
  241. {
  242. tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
  243. /* Check to see if IDs match */
  244. if (OCSP_id_issuer_cmp(cid, tmpid))
  245. {
  246. /* If algoritm mismatch let caller deal with it */
  247. if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
  248. cid->hashAlgorithm->algorithm))
  249. return 2;
  250. /* Else mismatch */
  251. return 0;
  252. }
  253. }
  254. /* All IDs match: only need to check one ID */
  255. *ret = cid;
  256. return 1;
  257. }
  258. static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
  259. STACK_OF(OCSP_SINGLERESP) *sresp)
  260. {
  261. /* If only one ID to match then do it */
  262. if(cid)
  263. {
  264. const EVP_MD *dgst;
  265. X509_NAME *iname;
  266. int mdlen;
  267. unsigned char md[EVP_MAX_MD_SIZE];
  268. if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
  269. {
  270. OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
  271. return -1;
  272. }
  273. mdlen = EVP_MD_size(dgst);
  274. if ((cid->issuerNameHash->length != mdlen) ||
  275. (cid->issuerKeyHash->length != mdlen))
  276. return 0;
  277. iname = X509_get_subject_name(cert);
  278. if (!X509_NAME_digest(iname, dgst, md, NULL))
  279. return -1;
  280. if (memcmp(md, cid->issuerNameHash->data, mdlen))
  281. return 0;
  282. X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
  283. if (memcmp(md, cid->issuerKeyHash->data, mdlen))
  284. return 0;
  285. return 1;
  286. }
  287. else
  288. {
  289. /* We have to match the whole lot */
  290. int i, ret;
  291. OCSP_CERTID *tmpid;
  292. for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
  293. {
  294. tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
  295. ret = ocsp_match_issuerid(cert, tmpid, NULL);
  296. if (ret <= 0) return ret;
  297. }
  298. return 1;
  299. }
  300. }
  301. static int ocsp_check_delegated(X509 *x, int flags)
  302. {
  303. X509_check_purpose(x, -1, 0);
  304. if ((x->ex_flags & EXFLAG_XKUSAGE) &&
  305. (x->ex_xkusage & XKU_OCSP_SIGN))
  306. return 1;
  307. OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
  308. return 0;
  309. }
  310. /* Verify an OCSP request. This is fortunately much easier than OCSP
  311. * response verify. Just find the signers certificate and verify it
  312. * against a given trust value.
  313. */
  314. int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags)
  315. {
  316. X509 *signer;
  317. X509_NAME *nm;
  318. GENERAL_NAME *gen;
  319. int ret;
  320. X509_STORE_CTX ctx;
  321. if (!req->optionalSignature)
  322. {
  323. OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
  324. return 0;
  325. }
  326. gen = req->tbsRequest->requestorName;
  327. if (gen->type != GEN_DIRNAME)
  328. {
  329. OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
  330. return 0;
  331. }
  332. nm = gen->d.directoryName;
  333. ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
  334. if (ret <= 0)
  335. {
  336. OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
  337. return 0;
  338. }
  339. if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
  340. flags |= OCSP_NOVERIFY;
  341. if (!(flags & OCSP_NOSIGS))
  342. {
  343. EVP_PKEY *skey;
  344. skey = X509_get_pubkey(signer);
  345. ret = OCSP_REQUEST_verify(req, skey);
  346. EVP_PKEY_free(skey);
  347. if(ret <= 0)
  348. {
  349. OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
  350. return 0;
  351. }
  352. }
  353. if (!(flags & OCSP_NOVERIFY))
  354. {
  355. int init_res;
  356. if(flags & OCSP_NOCHAIN)
  357. init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
  358. else
  359. init_res = X509_STORE_CTX_init(&ctx, store, signer,
  360. req->optionalSignature->certs);
  361. if(!init_res)
  362. {
  363. OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
  364. return 0;
  365. }
  366. X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
  367. X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
  368. ret = X509_verify_cert(&ctx);
  369. X509_STORE_CTX_cleanup(&ctx);
  370. if (ret <= 0)
  371. {
  372. ret = X509_STORE_CTX_get_error(&ctx);
  373. OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
  374. ERR_add_error_data(2, "Verify error:",
  375. X509_verify_cert_error_string(ret));
  376. return 0;
  377. }
  378. }
  379. return 1;
  380. }
  381. static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
  382. X509_STORE *st, unsigned long flags)
  383. {
  384. X509 *signer;
  385. if(!(flags & OCSP_NOINTERN))
  386. {
  387. signer = X509_find_by_subject(req->optionalSignature->certs, nm);
  388. *psigner = signer;
  389. return 1;
  390. }
  391. signer = X509_find_by_subject(certs, nm);
  392. if (signer)
  393. {
  394. *psigner = signer;
  395. return 2;
  396. }
  397. return 0;
  398. }