xref: /dragonfly/contrib/wpa_supplicant/src/crypto/tls_openssl_ocsp.c (revision 3a84a4273475ed07d0ab1c2dfeffdfedef35d9cd)
1 /*
2  * SSL/TLS interface functions for OpenSSL - BoringSSL OCSP
3  * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include <openssl/ssl.h>
12 #include <openssl/err.h>
13 #include <openssl/x509v3.h>
14 #ifdef OPENSSL_IS_BORINGSSL
15 #include <openssl/asn1.h>
16 #include <openssl/asn1t.h>
17 #endif /* OPENSSL_IS_BORINGSSL */
18 
19 #include "common.h"
20 #include "tls_openssl.h"
21 
22 
23 #ifdef OPENSSL_IS_BORINGSSL
24 
tls_show_errors(int level,const char * func,const char * txt)25 static void tls_show_errors(int level, const char *func, const char *txt)
26 {
27           unsigned long err;
28 
29           wpa_printf(level, "OpenSSL: %s - %s %s",
30                        func, txt, ERR_error_string(ERR_get_error(), NULL));
31 
32           while ((err = ERR_get_error())) {
33                     wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
34                                  ERR_error_string(err, NULL));
35           }
36 }
37 
38 
39 /*
40  * CertID ::= SEQUENCE {
41  *     hashAlgorithm      AlgorithmIdentifier,
42  *     issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
43  *     issuerKeyHash      OCTET STRING, -- Hash of Issuer's public key
44  *     serialNumber       CertificateSerialNumber }
45  */
46 typedef struct {
47           X509_ALGOR *hashAlgorithm;
48           ASN1_OCTET_STRING *issuerNameHash;
49           ASN1_OCTET_STRING *issuerKeyHash;
50           ASN1_INTEGER *serialNumber;
51 } CertID;
52 
53 /*
54  * ResponseBytes ::=       SEQUENCE {
55  *     responseType   OBJECT IDENTIFIER,
56  *     response       OCTET STRING }
57  */
58 typedef struct {
59           ASN1_OBJECT *responseType;
60           ASN1_OCTET_STRING *response;
61 } ResponseBytes;
62 
63 /*
64  * OCSPResponse ::= SEQUENCE {
65  *    responseStatus         OCSPResponseStatus,
66  *    responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
67  */
68 typedef struct {
69           ASN1_ENUMERATED *responseStatus;
70           ResponseBytes *responseBytes;
71 } OCSPResponse;
72 
73 ASN1_SEQUENCE(ResponseBytes) = {
74           ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
75           ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
76 } ASN1_SEQUENCE_END(ResponseBytes);
77 
78 ASN1_SEQUENCE(OCSPResponse) = {
79           ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
80           ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
81 } ASN1_SEQUENCE_END(OCSPResponse);
82 
83 IMPLEMENT_ASN1_FUNCTIONS(OCSPResponse);
84 
85 /*
86  * ResponderID ::= CHOICE {
87  *    byName               [1] Name,
88  *    byKey                [2] KeyHash }
89  */
90 typedef struct {
91           int type;
92           union {
93                     X509_NAME *byName;
94                     ASN1_OCTET_STRING *byKey;
95           } value;
96 } ResponderID;
97 
98 /*
99  * RevokedInfo ::= SEQUENCE {
100  *     revocationTime              GeneralizedTime,
101  *     revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
102  */
103 typedef struct {
104           ASN1_GENERALIZEDTIME *revocationTime;
105           ASN1_ENUMERATED *revocationReason;
106 } RevokedInfo;
107 
108 /*
109  * CertStatus ::= CHOICE {
110  *     good        [0]     IMPLICIT NULL,
111  *     revoked     [1]     IMPLICIT RevokedInfo,
112  *     unknown     [2]     IMPLICIT UnknownInfo }
113  */
114 typedef struct {
115           int type;
116           union {
117                     ASN1_NULL *good;
118                     RevokedInfo *revoked;
119                     ASN1_NULL *unknown;
120           } value;
121 } CertStatus;
122 
123 /*
124  * SingleResponse ::= SEQUENCE {
125  *    certID                       CertID,
126  *    certStatus                   CertStatus,
127  *    thisUpdate                   GeneralizedTime,
128  *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
129  *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
130  */
131 typedef struct {
132           CertID *certID;
133           CertStatus *certStatus;
134           ASN1_GENERALIZEDTIME *thisUpdate;
135           ASN1_GENERALIZEDTIME *nextUpdate;
136           STACK_OF(X509_EXTENSION) *singleExtensions;
137 } SingleResponse;
138 
139 /*
140  * ResponseData ::= SEQUENCE {
141  *   version              [0] EXPLICIT Version DEFAULT v1,
142  *   responderID              ResponderID,
143  *   producedAt               GeneralizedTime,
144  *   responses                SEQUENCE OF SingleResponse,
145  *   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
146  */
147 typedef struct {
148           ASN1_INTEGER *version;
149           ResponderID *responderID;
150           ASN1_GENERALIZEDTIME *producedAt;
151           STACK_OF(SingleResponse) *responses;
152           STACK_OF(X509_EXTENSION) *responseExtensions;
153 } ResponseData;
154 
155 /*
156  * BasicOCSPResponse       ::= SEQUENCE {
157  *   tbsResponseData      ResponseData,
158  *   signatureAlgorithm   AlgorithmIdentifier,
159  *   signature            BIT STRING,
160  *   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
161  */
162 typedef struct {
163           ResponseData *tbsResponseData;
164           X509_ALGOR *signatureAlgorithm;
165           ASN1_BIT_STRING *signature;
166           STACK_OF(X509) *certs;
167 } BasicOCSPResponse;
168 
169 ASN1_SEQUENCE(CertID) = {
170           ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
171           ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
172           ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
173           ASN1_SIMPLE(CertID, serialNumber, ASN1_INTEGER)
174 } ASN1_SEQUENCE_END(CertID);
175 
176 ASN1_CHOICE(ResponderID) = {
177           ASN1_EXP(ResponderID, value.byName, X509_NAME, 1),
178           ASN1_EXP(ResponderID, value.byKey, ASN1_OCTET_STRING, 2)
179 } ASN1_CHOICE_END(ResponderID);
180 
181 ASN1_SEQUENCE(RevokedInfo) = {
182           ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
183           ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
184 } ASN1_SEQUENCE_END(RevokedInfo);
185 
186 ASN1_CHOICE(CertStatus) = {
187           ASN1_IMP(CertStatus, value.good, ASN1_NULL, 0),
188           ASN1_IMP(CertStatus, value.revoked, RevokedInfo, 1),
189           ASN1_IMP(CertStatus, value.unknown, ASN1_NULL, 2)
190 } ASN1_CHOICE_END(CertStatus);
191 
192 ASN1_SEQUENCE(SingleResponse) = {
193           ASN1_SIMPLE(SingleResponse, certID, CertID),
194           ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
195           ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
196           ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
197           ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions,
198                                          X509_EXTENSION, 1)
199 } ASN1_SEQUENCE_END(SingleResponse);
200 
201 ASN1_SEQUENCE(ResponseData) = {
202           ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
203           ASN1_SIMPLE(ResponseData, responderID, ResponderID),
204           ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
205           ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
206           ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions,
207                                          X509_EXTENSION, 1)
208 } ASN1_SEQUENCE_END(ResponseData);
209 
210 ASN1_SEQUENCE(BasicOCSPResponse) = {
211           ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
212           ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
213           ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
214           ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
215 } ASN1_SEQUENCE_END(BasicOCSPResponse);
216 
217 IMPLEMENT_ASN1_FUNCTIONS(BasicOCSPResponse);
218 
219 #define sk_SingleResponse_num(sk) \
220 sk_num(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk))
221 
222 #define sk_SingleResponse_value(sk, i) \
223           ((SingleResponse *)                                                   \
224            sk_value(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk), (i)))
225 
226 
mem_bio_to_str(BIO * out)227 static char * mem_bio_to_str(BIO *out)
228 {
229           char *txt;
230           size_t rlen;
231           int res;
232 
233           rlen = BIO_ctrl_pending(out);
234           txt = os_malloc(rlen + 1);
235           if (!txt) {
236                     BIO_free(out);
237                     return NULL;
238           }
239 
240           res = BIO_read(out, txt, rlen);
241           BIO_free(out);
242           if (res < 0) {
243                     os_free(txt);
244                     return NULL;
245           }
246 
247           txt[res] = '\0';
248           return txt;
249 }
250 
251 
generalizedtime_str(ASN1_GENERALIZEDTIME * t)252 static char * generalizedtime_str(ASN1_GENERALIZEDTIME *t)
253 {
254           BIO *out;
255 
256           out = BIO_new(BIO_s_mem());
257           if (!out)
258                     return NULL;
259 
260           if (!ASN1_GENERALIZEDTIME_print(out, t)) {
261                     BIO_free(out);
262                     return NULL;
263           }
264 
265           return mem_bio_to_str(out);
266 }
267 
268 
responderid_str(ResponderID * rid)269 static char * responderid_str(ResponderID *rid)
270 {
271           BIO *out;
272 
273           out = BIO_new(BIO_s_mem());
274           if (!out)
275                     return NULL;
276 
277           switch (rid->type) {
278           case 0:
279                     X509_NAME_print_ex(out, rid->value.byName, 0, XN_FLAG_ONELINE);
280                     break;
281           case 1:
282                     i2a_ASN1_STRING(out, rid->value.byKey, V_ASN1_OCTET_STRING);
283                     break;
284           default:
285                     BIO_free(out);
286                     return NULL;
287           }
288 
289           return mem_bio_to_str(out);
290 }
291 
292 
octet_string_str(ASN1_OCTET_STRING * o)293 static char * octet_string_str(ASN1_OCTET_STRING *o)
294 {
295           BIO *out;
296 
297           out = BIO_new(BIO_s_mem());
298           if (!out)
299                     return NULL;
300 
301           i2a_ASN1_STRING(out, o, V_ASN1_OCTET_STRING);
302           return mem_bio_to_str(out);
303 }
304 
305 
integer_str(ASN1_INTEGER * i)306 static char * integer_str(ASN1_INTEGER *i)
307 {
308           BIO *out;
309 
310           out = BIO_new(BIO_s_mem());
311           if (!out)
312                     return NULL;
313 
314           i2a_ASN1_INTEGER(out, i);
315           return mem_bio_to_str(out);
316 }
317 
318 
algor_str(X509_ALGOR * alg)319 static char * algor_str(X509_ALGOR *alg)
320 {
321           BIO *out;
322 
323           out = BIO_new(BIO_s_mem());
324           if (!out)
325                     return NULL;
326 
327           i2a_ASN1_OBJECT(out, alg->algorithm);
328           return mem_bio_to_str(out);
329 }
330 
331 
extensions_str(const char * title,STACK_OF (X509_EXTENSION)* ext)332 static char * extensions_str(const char *title, STACK_OF(X509_EXTENSION) *ext)
333 {
334           BIO *out;
335 
336           if (!ext)
337                     return NULL;
338 
339           out = BIO_new(BIO_s_mem());
340           if (!out)
341                     return NULL;
342 
343           if (!X509V3_extensions_print(out, title, ext, 0, 0)) {
344                     BIO_free(out);
345                     return NULL;
346           }
347           return mem_bio_to_str(out);
348 }
349 
350 
ocsp_resp_valid(ASN1_GENERALIZEDTIME * thisupd,ASN1_GENERALIZEDTIME * nextupd)351 static int ocsp_resp_valid(ASN1_GENERALIZEDTIME *thisupd,
352                                  ASN1_GENERALIZEDTIME *nextupd)
353 {
354           time_t now, tmp;
355 
356           if (!ASN1_GENERALIZEDTIME_check(thisupd)) {
357                     wpa_printf(MSG_DEBUG,
358                                  "OpenSSL: Invalid OCSP response thisUpdate");
359                     return 0;
360           }
361 
362           time(&now);
363           tmp = now + 5 * 60; /* allow five minute clock difference */
364           if (X509_cmp_time(thisupd, &tmp) > 0) {
365                     wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response not yet valid");
366                     return 0;
367           }
368 
369           if (!nextupd)
370                     return 1; /* OK - no limit on response age */
371 
372           if (!ASN1_GENERALIZEDTIME_check(nextupd)) {
373                     wpa_printf(MSG_DEBUG,
374                                  "OpenSSL: Invalid OCSP response nextUpdate");
375                     return 0;
376           }
377 
378           tmp = now - 5 * 60; /* allow five minute clock difference */
379           if (X509_cmp_time(nextupd, &tmp) < 0) {
380                     wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response expired");
381                     return 0;
382           }
383 
384           if (ASN1_STRING_cmp(nextupd, thisupd) < 0) {
385                     wpa_printf(MSG_DEBUG,
386                                  "OpenSSL: OCSP response nextUpdate before thisUpdate");
387                     return 0;
388           }
389 
390           /* Both thisUpdate and nextUpdate are valid */
391           return -1;
392 }
393 
394 
issuer_match(X509 * cert,X509 * issuer,CertID * certid)395 static int issuer_match(X509 *cert, X509 *issuer, CertID *certid)
396 {
397           X509_NAME *iname;
398           ASN1_BIT_STRING *ikey;
399           const EVP_MD *dgst;
400           unsigned int len;
401           unsigned char md[EVP_MAX_MD_SIZE];
402           ASN1_OCTET_STRING *hash;
403           char *txt;
404 
405           dgst = EVP_get_digestbyobj(certid->hashAlgorithm->algorithm);
406           if (!dgst) {
407                     wpa_printf(MSG_DEBUG,
408                                  "OpenSSL: Could not find matching hash algorithm for OCSP");
409                     return -1;
410           }
411 
412           iname = X509_get_issuer_name(cert);
413           if (!X509_NAME_digest(iname, dgst, md, &len))
414                     return -1;
415           hash = ASN1_OCTET_STRING_new();
416           if (!hash)
417                     return -1;
418           if (!ASN1_OCTET_STRING_set(hash, md, len)) {
419                     ASN1_OCTET_STRING_free(hash);
420                     return -1;
421           }
422 
423           txt = octet_string_str(hash);
424           if (txt) {
425                     wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerNameHash: %s",
426                                  txt);
427                     os_free(txt);
428           }
429 
430           if (ASN1_OCTET_STRING_cmp(certid->issuerNameHash, hash)) {
431                     ASN1_OCTET_STRING_free(hash);
432                     return -1;
433           }
434 
435           ikey = X509_get0_pubkey_bitstr(issuer);
436           if (!ikey ||
437               !EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) ||
438               !ASN1_OCTET_STRING_set(hash, md, len)) {
439                     ASN1_OCTET_STRING_free(hash);
440                     return -1;
441           }
442 
443           txt = octet_string_str(hash);
444           if (txt) {
445                     wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerKeyHash: %s",
446                                  txt);
447                     os_free(txt);
448           }
449 
450           if (ASN1_OCTET_STRING_cmp(certid->issuerKeyHash, hash)) {
451                     ASN1_OCTET_STRING_free(hash);
452                     return -1;
453           }
454 
455           ASN1_OCTET_STRING_free(hash);
456           return 0;
457 }
458 
459 
ocsp_find_signer(STACK_OF (X509)* certs,ResponderID * rid)460 static X509 * ocsp_find_signer(STACK_OF(X509) *certs, ResponderID *rid)
461 {
462           unsigned int i;
463           unsigned char hash[SHA_DIGEST_LENGTH];
464 
465           if (rid->type == 0) {
466                     /* byName */
467                     return X509_find_by_subject(certs, rid->value.byName);
468           }
469 
470           /* byKey */
471           if (rid->value.byKey->length != SHA_DIGEST_LENGTH)
472                     return NULL;
473           for (i = 0; i < sk_X509_num(certs); i++) {
474                     X509 *x = sk_X509_value(certs, i);
475 
476                     X509_pubkey_digest(x, EVP_sha1(), hash, NULL);
477                     if (os_memcmp(rid->value.byKey->data, hash,
478                                     SHA_DIGEST_LENGTH) == 0)
479                               return x;
480           }
481 
482           return NULL;
483 }
484 
485 
check_ocsp_resp(SSL_CTX * ssl_ctx,SSL * ssl,X509 * cert,X509 * issuer,X509 * issuer_issuer)486 enum ocsp_result check_ocsp_resp(SSL_CTX *ssl_ctx, SSL *ssl, X509 *cert,
487                                          X509 *issuer, X509 *issuer_issuer)
488 {
489           const uint8_t *resp_data;
490           size_t resp_len;
491           OCSPResponse *resp;
492           int status;
493           ResponseBytes *bytes;
494           const u8 *basic_data;
495           size_t basic_len;
496           BasicOCSPResponse *basic;
497           ResponseData *rd;
498           char *txt;
499           int i, num;
500           unsigned int j, num_resp;
501           SingleResponse *matching_resp = NULL, *cmp_sresp;
502           enum ocsp_result result = OCSP_INVALID;
503           X509_STORE *store;
504           STACK_OF(X509) *untrusted = NULL, *certs = NULL, *chain = NULL;
505           X509_STORE_CTX ctx;
506           X509 *signer, *tmp_cert;
507           int signer_trusted = 0;
508           EVP_PKEY *skey;
509           int ret;
510           char buf[256];
511 
512           txt = integer_str(X509_get_serialNumber(cert));
513           if (txt) {
514                     wpa_printf(MSG_DEBUG,
515                                  "OpenSSL: Searching OCSP response for peer certificate serialNumber: %s", txt);
516                     os_free(txt);
517           }
518 
519           SSL_get0_ocsp_response(ssl, &resp_data, &resp_len);
520           if (resp_data == NULL || resp_len == 0) {
521                     wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
522                     return OCSP_NO_RESPONSE;
523           }
524 
525           wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", resp_data, resp_len);
526 
527           resp = d2i_OCSPResponse(NULL, &resp_data, resp_len);
528           if (!resp) {
529                     wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSPResponse");
530                     return OCSP_INVALID;
531           }
532 
533           status = ASN1_ENUMERATED_get(resp->responseStatus);
534           if (status != 0) {
535                     wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d",
536                                  status);
537                     return OCSP_INVALID;
538           }
539 
540           bytes = resp->responseBytes;
541 
542           if (!bytes ||
543               OBJ_obj2nid(bytes->responseType) != NID_id_pkix_OCSP_basic) {
544                     wpa_printf(MSG_INFO,
545                                  "OpenSSL: Could not find BasicOCSPResponse");
546                     return OCSP_INVALID;
547           }
548 
549           basic_data = ASN1_STRING_data(bytes->response);
550           basic_len = ASN1_STRING_length(bytes->response);
551           wpa_hexdump(MSG_DEBUG, "OpenSSL: BasicOCSPResponse",
552                         basic_data, basic_len);
553 
554           basic = d2i_BasicOCSPResponse(NULL, &basic_data, basic_len);
555           if (!basic) {
556                     wpa_printf(MSG_INFO,
557                                  "OpenSSL: Could not parse BasicOCSPResponse");
558                     OCSPResponse_free(resp);
559                     return OCSP_INVALID;
560           }
561 
562           rd = basic->tbsResponseData;
563 
564           if (basic->certs) {
565                     untrusted = sk_X509_dup(basic->certs);
566                     if (!untrusted)
567                               goto fail;
568 
569                     num = sk_X509_num(basic->certs);
570                     for (i = 0; i < num; i++) {
571                               X509 *extra_cert;
572 
573                               extra_cert = sk_X509_value(basic->certs, i);
574                               X509_NAME_oneline(X509_get_subject_name(extra_cert),
575                                                     buf, sizeof(buf));
576                               wpa_printf(MSG_DEBUG,
577                                            "OpenSSL: BasicOCSPResponse cert %s", buf);
578 
579                               if (!sk_X509_push(untrusted, extra_cert)) {
580                                         wpa_printf(MSG_DEBUG,
581                                                      "OpenSSL: Could not add certificate to the untrusted stack");
582                               }
583                     }
584           }
585 
586           store = SSL_CTX_get_cert_store(ssl_ctx);
587           if (issuer) {
588                     if (X509_STORE_add_cert(store, issuer) != 1) {
589                               tls_show_errors(MSG_INFO, __func__,
590                                                   "OpenSSL: Could not add issuer to certificate store");
591                     }
592                     certs = sk_X509_new_null();
593                     if (certs) {
594                               tmp_cert = X509_dup(issuer);
595                               if (tmp_cert && !sk_X509_push(certs, tmp_cert)) {
596                                         tls_show_errors(
597                                                   MSG_INFO, __func__,
598                                                   "OpenSSL: Could not add issuer to OCSP responder trust store");
599                                         X509_free(tmp_cert);
600                                         sk_X509_free(certs);
601                                         certs = NULL;
602                               }
603                               if (certs && issuer_issuer) {
604                                         tmp_cert = X509_dup(issuer_issuer);
605                                         if (tmp_cert &&
606                                             !sk_X509_push(certs, tmp_cert)) {
607                                                   tls_show_errors(
608                                                             MSG_INFO, __func__,
609                                                             "OpenSSL: Could not add issuer's issuer to OCSP responder trust store");
610                                                   X509_free(tmp_cert);
611                                         }
612                               }
613                     }
614           }
615 
616           signer = ocsp_find_signer(certs, rd->responderID);
617           if (!signer)
618                     signer = ocsp_find_signer(untrusted, rd->responderID);
619           else
620                     signer_trusted = 1;
621           if (!signer) {
622                     wpa_printf(MSG_DEBUG,
623                                  "OpenSSL: Could not find OCSP signer certificate");
624                     goto fail;
625           }
626 
627           skey = X509_get_pubkey(signer);
628           if (!skey) {
629                     wpa_printf(MSG_DEBUG,
630                                  "OpenSSL: Could not get OCSP signer public key");
631                     goto fail;
632           }
633           if (ASN1_item_verify(ASN1_ITEM_rptr(ResponseData),
634                                    basic->signatureAlgorithm, basic->signature,
635                                    basic->tbsResponseData, skey) <= 0) {
636                     wpa_printf(MSG_DEBUG,
637                                  "OpenSSL: BasicOCSPResponse signature is invalid");
638                     goto fail;
639           }
640 
641           X509_NAME_oneline(X509_get_subject_name(signer), buf, sizeof(buf));
642           wpa_printf(MSG_DEBUG,
643                        "OpenSSL: Found OCSP signer certificate %s and verified BasicOCSPResponse signature",
644                        buf);
645 
646           if (!X509_STORE_CTX_init(&ctx, store, signer, untrusted))
647                     goto fail;
648           X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
649           ret = X509_verify_cert(&ctx);
650           chain = X509_STORE_CTX_get1_chain(&ctx);
651           X509_STORE_CTX_cleanup(&ctx);
652           if (ret <= 0) {
653                     wpa_printf(MSG_DEBUG,
654                                  "OpenSSL: Could not validate OCSP signer certificate");
655                     goto fail;
656           }
657 
658           if (!chain || sk_X509_num(chain) <= 0) {
659                     wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP signer chain found");
660                     goto fail;
661           }
662 
663           if (!signer_trusted) {
664                     X509_check_purpose(signer, -1, 0);
665                     if ((signer->ex_flags & EXFLAG_XKUSAGE) &&
666                         (signer->ex_xkusage & XKU_OCSP_SIGN)) {
667                               wpa_printf(MSG_DEBUG,
668                                            "OpenSSL: OCSP signer certificate delegation OK");
669                     } else {
670                               tmp_cert = sk_X509_value(chain, sk_X509_num(chain) - 1);
671                               if (X509_check_trust(tmp_cert, NID_OCSP_sign, 0) !=
672                                   X509_TRUST_TRUSTED) {
673                                         wpa_printf(MSG_DEBUG,
674                                                      "OpenSSL: OCSP signer certificate not trusted");
675                                         result = OCSP_NO_RESPONSE;
676                                         goto fail;
677                               }
678                     }
679           }
680 
681           wpa_printf(MSG_DEBUG, "OpenSSL: OCSP version: %lu",
682                        ASN1_INTEGER_get(rd->version));
683 
684           txt = responderid_str(rd->responderID);
685           if (txt) {
686                     wpa_printf(MSG_DEBUG, "OpenSSL: OCSP responderID: %s",
687                                  txt);
688                     os_free(txt);
689           }
690 
691           txt = generalizedtime_str(rd->producedAt);
692           if (txt) {
693                     wpa_printf(MSG_DEBUG, "OpenSSL: OCSP producedAt: %s",
694                                  txt);
695                     os_free(txt);
696           }
697 
698           num_resp = sk_SingleResponse_num(rd->responses);
699           if (num_resp == 0) {
700                     wpa_printf(MSG_DEBUG,
701                                  "OpenSSL: No OCSP SingleResponse within BasicOCSPResponse");
702                     result = OCSP_NO_RESPONSE;
703                     goto fail;
704           }
705           cmp_sresp = sk_SingleResponse_value(rd->responses, 0);
706           for (j = 0; j < num_resp; j++) {
707                     SingleResponse *sresp;
708                     CertID *cid1, *cid2;
709 
710                     sresp = sk_SingleResponse_value(rd->responses, j);
711                     wpa_printf(MSG_DEBUG, "OpenSSL: OCSP SingleResponse %u/%u",
712                                  j + 1, num_resp);
713 
714                     txt = algor_str(sresp->certID->hashAlgorithm);
715                     if (txt) {
716                               wpa_printf(MSG_DEBUG,
717                                            "OpenSSL: certID hashAlgorithm: %s", txt);
718                               os_free(txt);
719                     }
720 
721                     txt = octet_string_str(sresp->certID->issuerNameHash);
722                     if (txt) {
723                               wpa_printf(MSG_DEBUG,
724                                            "OpenSSL: certID issuerNameHash: %s", txt);
725                               os_free(txt);
726                     }
727 
728                     txt = octet_string_str(sresp->certID->issuerKeyHash);
729                     if (txt) {
730                               wpa_printf(MSG_DEBUG,
731                                            "OpenSSL: certID issuerKeyHash: %s", txt);
732                               os_free(txt);
733                     }
734 
735                     txt = integer_str(sresp->certID->serialNumber);
736                     if (txt) {
737                               wpa_printf(MSG_DEBUG,
738                                            "OpenSSL: certID serialNumber: %s", txt);
739                               os_free(txt);
740                     }
741 
742                     switch (sresp->certStatus->type) {
743                     case 0:
744                               wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: good");
745                               break;
746                     case 1:
747                               wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: revoked");
748                               break;
749                     default:
750                               wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: unknown");
751                               break;
752                     }
753 
754                     txt = generalizedtime_str(sresp->thisUpdate);
755                     if (txt) {
756                               wpa_printf(MSG_DEBUG, "OpenSSL: thisUpdate: %s", txt);
757                               os_free(txt);
758                     }
759 
760                     if (sresp->nextUpdate) {
761                               txt = generalizedtime_str(sresp->nextUpdate);
762                               if (txt) {
763                                         wpa_printf(MSG_DEBUG, "OpenSSL: nextUpdate: %s",
764                                                      txt);
765                                         os_free(txt);
766                               }
767                     }
768 
769                     txt = extensions_str("singleExtensions",
770                                              sresp->singleExtensions);
771                     if (txt) {
772                               wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt);
773                               os_free(txt);
774                     }
775 
776                     cid1 = cmp_sresp->certID;
777                     cid2 = sresp->certID;
778                     if (j > 0 &&
779                         (OBJ_cmp(cid1->hashAlgorithm->algorithm,
780                                    cid2->hashAlgorithm->algorithm) != 0 ||
781                          ASN1_OCTET_STRING_cmp(cid1->issuerNameHash,
782                                                      cid2->issuerNameHash) != 0 ||
783                          ASN1_OCTET_STRING_cmp(cid1->issuerKeyHash,
784                                                      cid2->issuerKeyHash) != 0)) {
785                               wpa_printf(MSG_DEBUG,
786                                            "OpenSSL: Different OCSP response issuer information between SingleResponse values within BasicOCSPResponse");
787                               goto fail;
788                     }
789 
790                     if (!matching_resp && issuer &&
791                         ASN1_INTEGER_cmp(sresp->certID->serialNumber,
792                                              X509_get_serialNumber(cert)) == 0 &&
793                         issuer_match(cert, issuer, sresp->certID) == 0) {
794                               wpa_printf(MSG_DEBUG,
795                                            "OpenSSL: This response matches peer certificate");
796                               matching_resp = sresp;
797                     }
798           }
799 
800           txt = extensions_str("responseExtensions", rd->responseExtensions);
801           if (txt) {
802                     wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt);
803                     os_free(txt);
804           }
805 
806           if (!matching_resp) {
807                     wpa_printf(MSG_DEBUG,
808                                  "OpenSSL: Could not find OCSP response that matches the peer certificate");
809                     result = OCSP_NO_RESPONSE;
810                     goto fail;
811           }
812 
813           if (!ocsp_resp_valid(matching_resp->thisUpdate,
814                                    matching_resp->nextUpdate)) {
815                     wpa_printf(MSG_DEBUG,
816                                  "OpenSSL: OCSP response not valid at this time");
817                     goto fail;
818           }
819 
820           if (matching_resp->certStatus->type == 1) {
821                     wpa_printf(MSG_DEBUG,
822                                  "OpenSSL: OCSP response indicated that the peer certificate has been revoked");
823                     result = OCSP_REVOKED;
824                     goto fail;
825           }
826 
827           if (matching_resp->certStatus->type != 0) {
828                     wpa_printf(MSG_DEBUG,
829                                  "OpenSSL: OCSP response did not indicate good status");
830                     result = OCSP_NO_RESPONSE;
831                     goto fail;
832           }
833 
834           /* OCSP response indicated the certificate is good. */
835           result = OCSP_GOOD;
836 fail:
837           sk_X509_pop_free(chain, X509_free);
838           sk_X509_free(untrusted);
839           sk_X509_pop_free(certs, X509_free);
840           BasicOCSPResponse_free(basic);
841           OCSPResponse_free(resp);
842 
843           return result;
844 }
845 
846 #endif /* OPENSSL_IS_BORINGSSL */
847