RSA-PSS signed OCSP responses

certs/ocsp/include.am

@@ -34,4 +34,5 @@ EXTRA_DIST += \
         certs/ocsp/root-ca-key.pem \
         certs/ocsp/root-ca-cert.pem \
         certs/ocsp/test-response.der \
+        certs/ocsp/test-response-rsapss.der \
         certs/ocsp/test-response-nointern.der

certs/ocsp/renewcerts.sh

@@ -68,6 +68,7 @@ update_cert() {
     cat "$3"-cert.pem >> "$1"-cert.pem
 }
 
+SIGOPT=""
 update_cert intermediate1-ca "wolfSSL intermediate CA 1"       root-ca          v3_ca   01
 update_cert intermediate2-ca "wolfSSL intermediate CA 2"       root-ca          v3_ca   02
 update_cert intermediate3-ca "wolfSSL REVOKED intermediate CA" root-ca          v3_ca   03 # REVOKED
@@ -87,6 +88,15 @@ PID=$!
 
 openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -url http://localhost:22221/ -respout test-response.der
 openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -url http://localhost:22221/ -respout test-response-nointern.der -no_intern
+kill $PID
+wait $PID
+
+
+# now start up a responder that signs using rsa-pss
+openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem -rsigopt rsa_padding_mode:pss &
+PID=$!
+
+openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate4-ca-rsapss-cert.pem -url http://localhost:22221/ -rsigopt rsa_mode:pss -rsigopt rsa_padding_mode:pss -rsigopt rsa_pss_saltlen:-1 -respout test-response-rsapss.der
 # can verify with the following command
 # openssl ocsp -respin test-response-nointern.der -CAfile root-ca-cert.pem -issuer intermediate1-ca-cert.pem
 

tests/api.c

@@ -1403,12 +1403,15 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
     return 0;
 }
 
-static void test_wolfSSL_CheckOCSPResponse(void)
+static int test_wolfSSL_CheckOCSPResponse(void)
 {
 #if defined(HAVE_OCSP) && !defined(NO_RSA) && defined(OPENSSL_ALL)
     const char* responseFile = "./certs/ocsp/test-response.der";
     const char* responseNoInternFile = "./certs/ocsp/test-response-nointern.der";
     const char* caFile = "./certs/ocsp/root-ca-cert.pem";
+#if defined(WC_RSA_PSS)
+    const char* responsePssFile = "./certs/ocsp/test-response-rsapss.der";
+#endif
     OcspResponse* res = NULL;
     byte data[4096];
     const unsigned char* pt;
@@ -1455,8 +1458,23 @@ static void test_wolfSSL_CheckOCSPResponse(void)
     AssertNotNull(res);
     wolfSSL_OCSP_RESPONSE_free(res);
 
+#if defined(WC_RSA_PSS)
+    /* check loading a response with RSA-PSS signature */
+    f = XFOPEN(responsePssFile, "rb");
+    AssertTrue(f != XBADFILE);
+    dataSz = (word32)XFREAD(data, 1, sizeof(data), f);
+    AssertIntGT(dataSz, 0);
+    XFCLOSE(f);
+
+    pt = data;
+    res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz);
+    AssertNotNull(res);
+    wolfSSL_OCSP_RESPONSE_free(res);
+#endif
+
     printf(resultFmt, passed);
 #endif /* HAVE_OCSP */
+    return 0;
 }
 
 static int test_wolfSSL_CertManagerLoadCABuffer(void)

wolfcrypt/src/asn.c

@@ -33446,6 +33446,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     #endif
     int    ret;
     int    sigLength;
+    const byte*   sigParams = NULL;
+    word32        sigParamsSz = 0;
 
     WOLFSSL_ENTER("DecodeBasicOcspResponse");
     (void)heap;
@@ -33463,8 +33465,26 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
         return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */
 
     /* Get the signature algorithm */
-    if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0)
+    if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0) {
         return ASN_PARSE_E;
+    }
+#ifdef WC_RSA_PSS
+    else if (resp->sigOID == CTC_RSASSAPSS) {
+        word32 sz;
+        int len;
+        const byte* params;
+
+        sz = idx;
+        params = source + idx;
+        if (GetSequence(source, &idx, &len, size) < 0)
+            ret = ASN_PARSE_E;
+        if (ret == 0) {
+            idx += len;
+            sigParams = params;
+            sigParamsSz = idx - sz;
+        }
+    }
+#endif
 
     ret = CheckBitString(source, &idx, &sigLength, size, 1, NULL);
     if (ret != 0)
@@ -33532,7 +33552,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
                 &cert->sigCtx,
                 resp->response, resp->responseSz,
                 cert->publicKey, cert->pubKeySize, cert->keyOID,
-                resp->sig, resp->sigSz, resp->sigOID, NULL, 0, NULL);
+                resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
+                NULL);
 
             if (ret != 0) {
                 WOLFSSL_MSG("\tOCSP Confirm signature failed");
@@ -33569,7 +33590,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
             /* ConfirmSignature is blocking here */
             sigValid = ConfirmSignature(&sigCtx, resp->response,
                 resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
-                resp->sig, resp->sigSz, resp->sigOID, NULL, 0, NULL);
+                resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
+                NULL);
         }
         if (ca == NULL || sigValid != 0) {
             WOLFSSL_MSG("\tOCSP Confirm signature failed");