Coverage Report

Created: 2022-11-30 06:20

/src/openssl/crypto/ocsp/ocsp_vfy.c
Line
Count
Source (jump to first uncovered line)
1
/* ocsp_vfy.c */
2
/*
3
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4
 * 2000.
5
 */
6
/* ====================================================================
7
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
8
 *
9
 * Redistribution and use in source and binary forms, with or without
10
 * modification, are permitted provided that the following conditions
11
 * are met:
12
 *
13
 * 1. Redistributions of source code must retain the above copyright
14
 *    notice, this list of conditions and the following disclaimer.
15
 *
16
 * 2. Redistributions in binary form must reproduce the above copyright
17
 *    notice, this list of conditions and the following disclaimer in
18
 *    the documentation and/or other materials provided with the
19
 *    distribution.
20
 *
21
 * 3. All advertising materials mentioning features or use of this
22
 *    software must display the following acknowledgment:
23
 *    "This product includes software developed by the OpenSSL Project
24
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25
 *
26
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27
 *    endorse or promote products derived from this software without
28
 *    prior written permission. For written permission, please contact
29
 *    licensing@OpenSSL.org.
30
 *
31
 * 5. Products derived from this software may not be called "OpenSSL"
32
 *    nor may "OpenSSL" appear in their names without prior written
33
 *    permission of the OpenSSL Project.
34
 *
35
 * 6. Redistributions of any form whatsoever must retain the following
36
 *    acknowledgment:
37
 *    "This product includes software developed by the OpenSSL Project
38
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39
 *
40
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51
 * OF THE POSSIBILITY OF SUCH DAMAGE.
52
 * ====================================================================
53
 *
54
 * This product includes cryptographic software written by Eric Young
55
 * (eay@cryptsoft.com).  This product includes software written by Tim
56
 * Hudson (tjh@cryptsoft.com).
57
 *
58
 */
59
60
#include <openssl/ocsp.h>
61
#include <openssl/err.h>
62
#include <string.h>
63
64
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
65
                            STACK_OF(X509) *certs, X509_STORE *st,
66
                            unsigned long flags);
67
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
68
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
69
                             unsigned long flags);
70
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
71
                          OCSP_CERTID **ret);
72
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
73
                               STACK_OF(OCSP_SINGLERESP) *sresp);
74
static int ocsp_check_delegated(X509 *x, int flags);
75
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
76
                                X509_NAME *nm, STACK_OF(X509) *certs,
77
                                X509_STORE *st, unsigned long flags);
78
79
/* Verify a basic response message */
80
81
int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
82
                      X509_STORE *st, unsigned long flags)
83
0
{
84
0
    X509 *signer, *x;
85
0
    STACK_OF(X509) *chain = NULL;
86
0
    STACK_OF(X509) *untrusted = NULL;
87
0
    X509_STORE_CTX ctx;
88
0
    int i, ret = 0;
89
0
    ret = ocsp_find_signer(&signer, bs, certs, st, flags);
90
0
    if (!ret) {
91
0
        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
92
0
                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
93
0
        goto end;
94
0
    }
95
0
    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
96
0
        flags |= OCSP_NOVERIFY;
97
0
    if (!(flags & OCSP_NOSIGS)) {
98
0
        EVP_PKEY *skey;
99
0
        skey = X509_get_pubkey(signer);
100
0
        if (skey) {
101
0
            ret = OCSP_BASICRESP_verify(bs, skey, 0);
102
0
            EVP_PKEY_free(skey);
103
0
        }
104
0
        if (!skey || ret <= 0) {
105
0
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
106
0
            goto end;
107
0
        }
108
0
    }
109
0
    if (!(flags & OCSP_NOVERIFY)) {
110
0
        int init_res;
111
0
        if (flags & OCSP_NOCHAIN) {
112
0
            untrusted = NULL;
113
0
        } else if (bs->certs && certs) {
114
0
            untrusted = sk_X509_dup(bs->certs);
115
0
            for (i = 0; i < sk_X509_num(certs); i++) {
116
0
                if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
117
0
                    OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
118
0
                    goto end;
119
0
                }
120
0
            }
121
0
        } else if (certs != NULL) {
122
0
            untrusted = certs;
123
0
        } else {
124
0
            untrusted = bs->certs;
125
0
        }
126
0
        init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
127
0
        if (!init_res) {
128
0
            ret = -1;
129
0
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
130
0
            goto end;
131
0
        }
132
133
0
        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
134
0
        ret = X509_verify_cert(&ctx);
135
0
        chain = X509_STORE_CTX_get1_chain(&ctx);
136
0
        X509_STORE_CTX_cleanup(&ctx);
137
0
        if (ret <= 0) {
138
0
            i = X509_STORE_CTX_get_error(&ctx);
139
0
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
140
0
                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
141
0
            ERR_add_error_data(2, "Verify error:",
142
0
                               X509_verify_cert_error_string(i));
143
0
            goto end;
144
0
        }
145
0
        if (flags & OCSP_NOCHECKS) {
146
0
            ret = 1;
147
0
            goto end;
148
0
        }
149
        /*
150
         * At this point we have a valid certificate chain need to verify it
151
         * against the OCSP issuer criteria.
152
         */
153
0
        ret = ocsp_check_issuer(bs, chain, flags);
154
155
        /* If fatal error or valid match then finish */
156
0
        if (ret != 0)
157
0
            goto end;
158
159
        /*
160
         * Easy case: explicitly trusted. Get root CA and check for explicit
161
         * trust
162
         */
163
0
        if (flags & OCSP_NOEXPLICIT)
164
0
            goto end;
165
166
0
        x = sk_X509_value(chain, sk_X509_num(chain) - 1);
167
0
        if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
168
0
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
169
0
            goto end;
170
0
        }
171
0
        ret = 1;
172
0
    }
173
174
0
 end:
175
0
    if (chain)
176
0
        sk_X509_pop_free(chain, X509_free);
177
0
    if (bs->certs && certs)
178
0
        sk_X509_free(untrusted);
179
0
    return ret;
180
0
}
181
182
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
183
                            STACK_OF(X509) *certs, X509_STORE *st,
184
                            unsigned long flags)
185
0
{
186
0
    X509 *signer;
187
0
    OCSP_RESPID *rid = bs->tbsResponseData->responderId;
188
0
    if ((signer = ocsp_find_signer_sk(certs, rid))) {
189
0
        *psigner = signer;
190
0
        return 2;
191
0
    }
192
0
    if (!(flags & OCSP_NOINTERN) &&
193
0
        (signer = ocsp_find_signer_sk(bs->certs, rid))) {
194
0
        *psigner = signer;
195
0
        return 1;
196
0
    }
197
    /* Maybe lookup from store if by subject name */
198
199
0
    *psigner = NULL;
200
0
    return 0;
201
0
}
202
203
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
204
0
{
205
0
    int i;
206
0
    unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
207
0
    X509 *x;
208
209
    /* Easy if lookup by name */
210
0
    if (id->type == V_OCSP_RESPID_NAME)
211
0
        return X509_find_by_subject(certs, id->value.byName);
212
213
    /* Lookup by key hash */
214
215
    /* If key hash isn't SHA1 length then forget it */
216
0
    if (id->value.byKey->length != SHA_DIGEST_LENGTH)
217
0
        return NULL;
218
0
    keyhash = id->value.byKey->data;
219
    /* Calculate hash of each key and compare */
220
0
    for (i = 0; i < sk_X509_num(certs); i++) {
221
0
        x = sk_X509_value(certs, i);
222
0
        X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
223
0
        if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
224
0
            return x;
225
0
    }
226
0
    return NULL;
227
0
}
228
229
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
230
                             unsigned long flags)
231
0
{
232
0
    STACK_OF(OCSP_SINGLERESP) *sresp;
233
0
    X509 *signer, *sca;
234
0
    OCSP_CERTID *caid = NULL;
235
0
    int i;
236
0
    sresp = bs->tbsResponseData->responses;
237
238
0
    if (sk_X509_num(chain) <= 0) {
239
0
        OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
240
0
        return -1;
241
0
    }
242
243
    /* See if the issuer IDs match. */
244
0
    i = ocsp_check_ids(sresp, &caid);
245
246
    /* If ID mismatch or other error then return */
247
0
    if (i <= 0)
248
0
        return i;
249
250
0
    signer = sk_X509_value(chain, 0);
251
    /* Check to see if OCSP responder CA matches request CA */
252
0
    if (sk_X509_num(chain) > 1) {
253
0
        sca = sk_X509_value(chain, 1);
254
0
        i = ocsp_match_issuerid(sca, caid, sresp);
255
0
        if (i < 0)
256
0
            return i;
257
0
        if (i) {
258
            /* We have a match, if extensions OK then success */
259
0
            if (ocsp_check_delegated(signer, flags))
260
0
                return 1;
261
0
            return 0;
262
0
        }
263
0
    }
264
265
    /* Otherwise check if OCSP request signed directly by request CA */
266
0
    return ocsp_match_issuerid(signer, caid, sresp);
267
0
}
268
269
/*
270
 * Check the issuer certificate IDs for equality. If there is a mismatch with
271
 * the same algorithm then there's no point trying to match any certificates
272
 * against the issuer. If the issuer IDs all match then we just need to check
273
 * equality against one of them.
274
 */
275
276
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
277
0
{
278
0
    OCSP_CERTID *tmpid, *cid;
279
0
    int i, idcount;
280
281
0
    idcount = sk_OCSP_SINGLERESP_num(sresp);
282
0
    if (idcount <= 0) {
283
0
        OCSPerr(OCSP_F_OCSP_CHECK_IDS,
284
0
                OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
285
0
        return -1;
286
0
    }
287
288
0
    cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
289
290
0
    *ret = NULL;
291
292
0
    for (i = 1; i < idcount; i++) {
293
0
        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
294
        /* Check to see if IDs match */
295
0
        if (OCSP_id_issuer_cmp(cid, tmpid)) {
296
            /* If algoritm mismatch let caller deal with it */
297
0
            if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
298
0
                        cid->hashAlgorithm->algorithm))
299
0
                return 2;
300
            /* Else mismatch */
301
0
            return 0;
302
0
        }
303
0
    }
304
305
    /* All IDs match: only need to check one ID */
306
0
    *ret = cid;
307
0
    return 1;
308
0
}
309
310
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
311
                               STACK_OF(OCSP_SINGLERESP) *sresp)
312
0
{
313
    /* If only one ID to match then do it */
314
0
    if (cid) {
315
0
        const EVP_MD *dgst;
316
0
        X509_NAME *iname;
317
0
        int mdlen;
318
0
        unsigned char md[EVP_MAX_MD_SIZE];
319
0
        if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {
320
0
            OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
321
0
                    OCSP_R_UNKNOWN_MESSAGE_DIGEST);
322
0
            return -1;
323
0
        }
324
325
0
        mdlen = EVP_MD_size(dgst);
326
0
        if (mdlen < 0)
327
0
            return -1;
328
0
        if ((cid->issuerNameHash->length != mdlen) ||
329
0
            (cid->issuerKeyHash->length != mdlen))
330
0
            return 0;
331
0
        iname = X509_get_subject_name(cert);
332
0
        if (!X509_NAME_digest(iname, dgst, md, NULL))
333
0
            return -1;
334
0
        if (memcmp(md, cid->issuerNameHash->data, mdlen))
335
0
            return 0;
336
0
        X509_pubkey_digest(cert, dgst, md, NULL);
337
0
        if (memcmp(md, cid->issuerKeyHash->data, mdlen))
338
0
            return 0;
339
340
0
        return 1;
341
342
0
    } else {
343
        /* We have to match the whole lot */
344
0
        int i, ret;
345
0
        OCSP_CERTID *tmpid;
346
0
        for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
347
0
            tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
348
0
            ret = ocsp_match_issuerid(cert, tmpid, NULL);
349
0
            if (ret <= 0)
350
0
                return ret;
351
0
        }
352
0
        return 1;
353
0
    }
354
355
0
}
356
357
static int ocsp_check_delegated(X509 *x, int flags)
358
0
{
359
0
    X509_check_purpose(x, -1, 0);
360
0
    if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))
361
0
        return 1;
362
0
    OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
363
0
    return 0;
364
0
}
365
366
/*
367
 * Verify an OCSP request. This is fortunately much easier than OCSP response
368
 * verify. Just find the signers certificate and verify it against a given
369
 * trust value.
370
 */
371
372
int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
373
                        X509_STORE *store, unsigned long flags)
374
0
{
375
0
    X509 *signer;
376
0
    X509_NAME *nm;
377
0
    GENERAL_NAME *gen;
378
0
    int ret;
379
0
    X509_STORE_CTX ctx;
380
0
    if (!req->optionalSignature) {
381
0
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
382
0
        return 0;
383
0
    }
384
0
    gen = req->tbsRequest->requestorName;
385
0
    if (!gen || gen->type != GEN_DIRNAME) {
386
0
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
387
0
                OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
388
0
        return 0;
389
0
    }
390
0
    nm = gen->d.directoryName;
391
0
    ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
392
0
    if (ret <= 0) {
393
0
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
394
0
                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
395
0
        return 0;
396
0
    }
397
0
    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
398
0
        flags |= OCSP_NOVERIFY;
399
0
    if (!(flags & OCSP_NOSIGS)) {
400
0
        EVP_PKEY *skey;
401
0
        skey = X509_get_pubkey(signer);
402
0
        ret = OCSP_REQUEST_verify(req, skey);
403
0
        EVP_PKEY_free(skey);
404
0
        if (ret <= 0) {
405
0
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
406
0
            return 0;
407
0
        }
408
0
    }
409
0
    if (!(flags & OCSP_NOVERIFY)) {
410
0
        int init_res;
411
0
        if (flags & OCSP_NOCHAIN)
412
0
            init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
413
0
        else
414
0
            init_res = X509_STORE_CTX_init(&ctx, store, signer,
415
0
                                           req->optionalSignature->certs);
416
0
        if (!init_res) {
417
0
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
418
0
            return 0;
419
0
        }
420
421
0
        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
422
0
        X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
423
0
        ret = X509_verify_cert(&ctx);
424
0
        X509_STORE_CTX_cleanup(&ctx);
425
0
        if (ret <= 0) {
426
0
            ret = X509_STORE_CTX_get_error(&ctx);
427
0
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
428
0
                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
429
0
            ERR_add_error_data(2, "Verify error:",
430
0
                               X509_verify_cert_error_string(ret));
431
0
            return 0;
432
0
        }
433
0
    }
434
0
    return 1;
435
0
}
436
437
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
438
                                X509_NAME *nm, STACK_OF(X509) *certs,
439
                                X509_STORE *st, unsigned long flags)
440
0
{
441
0
    X509 *signer;
442
0
    if (!(flags & OCSP_NOINTERN)) {
443
0
        signer = X509_find_by_subject(req->optionalSignature->certs, nm);
444
0
        if (signer) {
445
0
            *psigner = signer;
446
0
            return 1;
447
0
        }
448
0
    }
449
450
0
    signer = X509_find_by_subject(certs, nm);
451
0
    if (signer) {
452
0
        *psigner = signer;
453
0
        return 2;
454
0
    }
455
0
    return 0;
456
0
}