[thirdparty/openssl.git] / crypto / ocsp / ocsp_vfy.c

/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <openssl/ocsp.h>
#include "ocsp_lcl.h"
#include <openssl/err.h>
#include <string.h>

static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
                            STACK_OF(X509) *certs, X509_STORE *st,
                            unsigned long flags);
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
                             unsigned long flags);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
                          OCSP_CERTID **ret);
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                               STACK_OF(OCSP_SINGLERESP) *sresp);
static int ocsp_check_delegated(X509 *x, int flags);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
                                X509_NAME *nm, STACK_OF(X509) *certs,
                                X509_STORE *st, unsigned long flags);

/* Verify a basic response message */

int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                      X509_STORE *st, unsigned long flags)
{
    X509 *signer, *x;
    STACK_OF(X509) *chain = NULL;
    STACK_OF(X509) *untrusted = NULL;
    X509_STORE_CTX ctx;
    int i, ret = 0;
    ret = ocsp_find_signer(&signer, bs, certs, st, flags);
    if (!ret) {
        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
        goto end;
    }
    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
        flags |= OCSP_NOVERIFY;
    if (!(flags & OCSP_NOSIGS)) {
        EVP_PKEY *skey;
        skey = X509_get0_pubkey(signer);
        if (skey)
            ret = OCSP_BASICRESP_verify(bs, skey, 0);
        if (!skey || ret <= 0) {
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
            goto end;
        }
    }
    if (!(flags & OCSP_NOVERIFY)) {
        int init_res;
        if (flags & OCSP_NOCHAIN) {
            untrusted = NULL;
        } else if (bs->certs && certs) {
            untrusted = sk_X509_dup(bs->certs);
            for (i = 0; i < sk_X509_num(certs); i++) {
                if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
                    OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
                    goto end;
                }
            }
        } else {
            untrusted = bs->certs;
        }
        init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
        if (!init_res) {
            ret = -1;
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
            goto end;
        }

        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
        ret = X509_verify_cert(&ctx);
        chain = X509_STORE_CTX_get1_chain(&ctx);
        X509_STORE_CTX_cleanup(&ctx);
        if (ret <= 0) {
            i = X509_STORE_CTX_get_error(&ctx);
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
            ERR_add_error_data(2, "Verify error:",
                               X509_verify_cert_error_string(i));
            goto end;
        }
        if (flags & OCSP_NOCHECKS) {
            ret = 1;
            goto end;
        }
        /*
         * At this point we have a valid certificate chain need to verify it
         * against the OCSP issuer criteria.
         */
        ret = ocsp_check_issuer(bs, chain, flags);

        /* If fatal error or valid match then finish */
        if (ret != 0)
            goto end;

        /*
         * Easy case: explicitly trusted. Get root CA and check for explicit
         * trust
         */
        if (flags & OCSP_NOEXPLICIT)
            goto end;

        x = sk_X509_value(chain, sk_X509_num(chain) - 1);
        if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
            goto end;
        }
        ret = 1;
    }

 end:
    sk_X509_pop_free(chain, X509_free);
    if (bs->certs && certs)
        sk_X509_free(untrusted);
    return ret;
}

static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
                            STACK_OF(X509) *certs, X509_STORE *st,
                            unsigned long flags)
{
    X509 *signer;
    OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
    if ((signer = ocsp_find_signer_sk(certs, rid))) {
        *psigner = signer;
        return 2;
    }
    if (!(flags & OCSP_NOINTERN) &&
        (signer = ocsp_find_signer_sk(bs->certs, rid))) {
        *psigner = signer;
        return 1;
    }
    /* Maybe lookup from store if by subject name */

    *psigner = NULL;
    return 0;
}

static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
{
    int i;
    unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
    X509 *x;

    /* Easy if lookup by name */
    if (id->type == V_OCSP_RESPID_NAME)
        return X509_find_by_subject(certs, id->value.byName);

    /* Lookup by key hash */

    /* If key hash isn't SHA1 length then forget it */
    if (id->value.byKey->length != SHA_DIGEST_LENGTH)
        return NULL;
    keyhash = id->value.byKey->data;
    /* Calculate hash of each key and compare */
    for (i = 0; i < sk_X509_num(certs); i++) {
        x = sk_X509_value(certs, i);
        X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
        if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
            return x;
    }
    return NULL;
}

static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
                             unsigned long flags)
{
    STACK_OF(OCSP_SINGLERESP) *sresp;
    X509 *signer, *sca;
    OCSP_CERTID *caid = NULL;
    int i;
    sresp = bs->tbsResponseData.responses;

    if (sk_X509_num(chain) <= 0) {
        OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
        return -1;
    }

    /* See if the issuer IDs match. */
    i = ocsp_check_ids(sresp, &caid);

    /* If ID mismatch or other error then return */
    if (i <= 0)
        return i;

    signer = sk_X509_value(chain, 0);
    /* Check to see if OCSP responder CA matches request CA */
    if (sk_X509_num(chain) > 1) {
        sca = sk_X509_value(chain, 1);
        i = ocsp_match_issuerid(sca, caid, sresp);
        if (i < 0)
            return i;
        if (i) {
            /* We have a match, if extensions OK then success */
            if (ocsp_check_delegated(signer, flags))
                return 1;
            return 0;
        }
    }

    /* Otherwise check if OCSP request signed directly by request CA */
    return ocsp_match_issuerid(signer, caid, sresp);
}

/*
 * Check the issuer certificate IDs for equality. If there is a mismatch with
 * the same algorithm then there's no point trying to match any certificates
 * against the issuer. If the issuer IDs all match then we just need to check
 * equality against one of them.
 */

static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
{
    OCSP_CERTID *tmpid, *cid;
    int i, idcount;

    idcount = sk_OCSP_SINGLERESP_num(sresp);
    if (idcount <= 0) {
        OCSPerr(OCSP_F_OCSP_CHECK_IDS,
                OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
        return -1;
    }

    cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;

    *ret = NULL;

    for (i = 1; i < idcount; i++) {
        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
        /* Check to see if IDs match */
        if (OCSP_id_issuer_cmp(cid, tmpid)) {
            /* If algoritm mismatch let caller deal with it */
            if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
                        cid->hashAlgorithm.algorithm))
                return 2;
            /* Else mismatch */
            return 0;
        }
    }

    /* All IDs match: only need to check one ID */
    *ret = cid;
    return 1;
}

static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                               STACK_OF(OCSP_SINGLERESP) *sresp)
{
    /* If only one ID to match then do it */
    if (cid) {
        const EVP_MD *dgst;
        X509_NAME *iname;
        int mdlen;
        unsigned char md[EVP_MAX_MD_SIZE];
        if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
                == NULL) {
            OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
                    OCSP_R_UNKNOWN_MESSAGE_DIGEST);
            return -1;
        }

        mdlen = EVP_MD_size(dgst);
        if (mdlen < 0)
            return -1;
        if ((cid->issuerNameHash.length != mdlen) ||
            (cid->issuerKeyHash.length != mdlen))
            return 0;
        iname = X509_get_subject_name(cert);
        if (!X509_NAME_digest(iname, dgst, md, NULL))
            return -1;
        if (memcmp(md, cid->issuerNameHash.data, mdlen))
            return 0;
        X509_pubkey_digest(cert, dgst, md, NULL);
        if (memcmp(md, cid->issuerKeyHash.data, mdlen))
            return 0;

        return 1;

    } else {
        /* We have to match the whole lot */
        int i, ret;
        OCSP_CERTID *tmpid;
        for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
            tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
            ret = ocsp_match_issuerid(cert, tmpid, NULL);
            if (ret <= 0)
                return ret;
        }
        return 1;
    }

}

static int ocsp_check_delegated(X509 *x, int flags)
{
    if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
        && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
        return 1;
    OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
    return 0;
}

/*
 * Verify an OCSP request. This is fortunately much easier than OCSP response
 * verify. Just find the signers certificate and verify it against a given
 * trust value.
 */

int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
                        X509_STORE *store, unsigned long flags)
{
    X509 *signer;
    X509_NAME *nm;
    GENERAL_NAME *gen;
    int ret;
    X509_STORE_CTX ctx;
    if (!req->optionalSignature) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
        return 0;
    }
    gen = req->tbsRequest.requestorName;
    if (!gen || gen->type != GEN_DIRNAME) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
        return 0;
    }
    nm = gen->d.directoryName;
    ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
    if (ret <= 0) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
        return 0;
    }
    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
        flags |= OCSP_NOVERIFY;
    if (!(flags & OCSP_NOSIGS)) {
        EVP_PKEY *skey;
        skey = X509_get0_pubkey(signer);
        ret = OCSP_REQUEST_verify(req, skey);
        if (ret <= 0) {
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
            return 0;
        }
    }
    if (!(flags & OCSP_NOVERIFY)) {
        int init_res;
        if (flags & OCSP_NOCHAIN)
            init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
        else
            init_res = X509_STORE_CTX_init(&ctx, store, signer,
                                           req->optionalSignature->certs);
        if (!init_res) {
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
            return 0;
        }

        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
        X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
        ret = X509_verify_cert(&ctx);
        X509_STORE_CTX_cleanup(&ctx);
        if (ret <= 0) {
            ret = X509_STORE_CTX_get_error(&ctx);
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
            ERR_add_error_data(2, "Verify error:",
                               X509_verify_cert_error_string(ret));
            return 0;
        }
    }
    return 1;
}

static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
                                X509_NAME *nm, STACK_OF(X509) *certs,
                                X509_STORE *st, unsigned long flags)
{
    X509 *signer;
    if (!(flags & OCSP_NOINTERN)) {
        signer = X509_find_by_subject(req->optionalSignature->certs, nm);
        if (signer) {
            *psigner = signer;
            return 1;
        }
    }

    signer = X509_find_by_subject(certs, nm);
    if (signer) {
        *psigner = signer;
        return 2;
    }
    return 0;
}
Commit	Line	Data
0f113f3e MC	1	/*
	2	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
	3	* 2000.
9b4dc830 DSH	4	*/
9b4dc830 DSH	5	/* ====================================================================
91180d45	6	* Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
9b4dc830 DSH	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
0f113f3e	13	* notice, this list of conditions and the following disclaimer.
9b4dc830 DSH	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
	59	#include <openssl/ocsp.h>
6ef869d7	60	#include "ocsp_lcl.h"
9b4dc830	61	#include <openssl/err.h>
3ebac273	62	#include <string.h>
9b4dc830	63
0f113f3e MC	64	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
	65	STACK_OF(X509) certs, X509_STORE st,
	66	unsigned long flags);
9b4dc830	67	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id);
0f113f3e MC	68	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain,
	69	unsigned long flags);
	70	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
	71	OCSP_CERTID **ret);
	72	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
	73	STACK_OF(OCSP_SINGLERESP) *sresp);
e8af92fc	74	static int ocsp_check_delegated(X509 *x, int flags);
0f113f3e MC	75	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
	76	X509_NAME nm, STACK_OF(X509) certs,
	77	X509_STORE *st, unsigned long flags);
9b4dc830 DSH	78
	79	/* Verify a basic response message */
	80
	81	int OCSP_basic_verify(OCSP_BASICRESP bs, STACK_OF(X509) certs,
0f113f3e MC	82	X509_STORE *st, unsigned long flags)
	83	{
	84	X509 signer, x;
	85	STACK_OF(X509) *chain = NULL;
4ca5efc2	86	STACK_OF(X509) *untrusted = NULL;
0f113f3e MC	87	X509_STORE_CTX ctx;
	88	int i, ret = 0;
	89	ret = ocsp_find_signer(&signer, bs, certs, st, flags);
	90	if (!ret) {
	91	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
	92	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
	93	goto end;
	94	}
	95	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
	96	flags \|= OCSP_NOVERIFY;
	97	if (!(flags & OCSP_NOSIGS)) {
	98	EVP_PKEY *skey;
8382fd3a DSH	99	skey = X509_get0_pubkey(signer);
8382fd3a DSH	100	if (skey)
0f113f3e	101	ret = OCSP_BASICRESP_verify(bs, skey, 0);
0f113f3e MC	102	if (!skey \|\| ret <= 0) {
	103	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
	104	goto end;
	105	}
	106	}
	107	if (!(flags & OCSP_NOVERIFY)) {
	108	int init_res;
4ca5efc2 DSH	109	if (flags & OCSP_NOCHAIN) {
	110	untrusted = NULL;
	111	} else if (bs->certs && certs) {
	112	untrusted = sk_X509_dup(bs->certs);
	113	for (i = 0; i < sk_X509_num(certs); i++) {
	114	if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
	115	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
	116	goto end;
	117	}
	118	}
	119	} else {
	120	untrusted = bs->certs;
	121	}
	122	init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
0f113f3e MC	123	if (!init_res) {
	124	ret = -1;
	125	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
	126	goto end;
	127	}
9b4dc830	128
0f113f3e MC	129	X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
	130	ret = X509_verify_cert(&ctx);
	131	chain = X509_STORE_CTX_get1_chain(&ctx);
	132	X509_STORE_CTX_cleanup(&ctx);
	133	if (ret <= 0) {
	134	i = X509_STORE_CTX_get_error(&ctx);
	135	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
	136	OCSP_R_CERTIFICATE_VERIFY_ERROR);
	137	ERR_add_error_data(2, "Verify error:",
	138	X509_verify_cert_error_string(i));
	139	goto end;
	140	}
	141	if (flags & OCSP_NOCHECKS) {
	142	ret = 1;
	143	goto end;
	144	}
	145	/*
	146	* At this point we have a valid certificate chain need to verify it
	147	* against the OCSP issuer criteria.
	148	*/
	149	ret = ocsp_check_issuer(bs, chain, flags);
	150
	151	/* If fatal error or valid match then finish */
	152	if (ret != 0)
	153	goto end;
	154
	155	/*
	156	* Easy case: explicitly trusted. Get root CA and check for explicit
	157	* trust
	158	*/
	159	if (flags & OCSP_NOEXPLICIT)
	160	goto end;
	161
	162	x = sk_X509_value(chain, sk_X509_num(chain) - 1);
	163	if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
	164	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
	165	goto end;
	166	}
	167	ret = 1;
	168	}
	169
	170	end:
222561fe	171	sk_X509_pop_free(chain, X509_free);
4ca5efc2 DSH	172	if (bs->certs && certs)
4ca5efc2 DSH	173	sk_X509_free(untrusted);
0f113f3e MC	174	return ret;
	175	}
	176
	177	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
	178	STACK_OF(X509) certs, X509_STORE st,
	179	unsigned long flags)
	180	{
	181	X509 *signer;
a332635e	182	OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
0f113f3e MC	183	if ((signer = ocsp_find_signer_sk(certs, rid))) {
	184	*psigner = signer;
	185	return 2;
	186	}
	187	if (!(flags & OCSP_NOINTERN) &&
	188	(signer = ocsp_find_signer_sk(bs->certs, rid))) {
	189	*psigner = signer;
	190	return 1;
	191	}
	192	/* Maybe lookup from store if by subject name */
	193
	194	*psigner = NULL;
	195	return 0;
	196	}
9b4dc830 DSH	197
9b4dc830 DSH	198	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id)
0f113f3e MC	199	{
	200	int i;
	201	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
	202	X509 *x;
	203
	204	/* Easy if lookup by name */
	205	if (id->type == V_OCSP_RESPID_NAME)
	206	return X509_find_by_subject(certs, id->value.byName);
	207
	208	/* Lookup by key hash */
	209
	210	/* If key hash isn't SHA1 length then forget it */
	211	if (id->value.byKey->length != SHA_DIGEST_LENGTH)
	212	return NULL;
	213	keyhash = id->value.byKey->data;
	214	/* Calculate hash of each key and compare */
	215	for (i = 0; i < sk_X509_num(certs); i++) {
	216	x = sk_X509_value(certs, i);
	217	X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
	218	if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
	219	return x;
	220	}
	221	return NULL;
	222	}
	223
	224	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain,
	225	unsigned long flags)
	226	{
	227	STACK_OF(OCSP_SINGLERESP) *sresp;
	228	X509 signer, sca;
	229	OCSP_CERTID *caid = NULL;
	230	int i;
a332635e	231	sresp = bs->tbsResponseData.responses;
0f113f3e MC	232
	233	if (sk_X509_num(chain) <= 0) {
	234	OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
	235	return -1;
	236	}
	237
	238	/* See if the issuer IDs match. */
	239	i = ocsp_check_ids(sresp, &caid);
	240
	241	/* If ID mismatch or other error then return */
	242	if (i <= 0)
	243	return i;
	244
	245	signer = sk_X509_value(chain, 0);
	246	/* Check to see if OCSP responder CA matches request CA */
	247	if (sk_X509_num(chain) > 1) {
	248	sca = sk_X509_value(chain, 1);
	249	i = ocsp_match_issuerid(sca, caid, sresp);
	250	if (i < 0)
	251	return i;
	252	if (i) {
	253	/* We have a match, if extensions OK then success */
	254	if (ocsp_check_delegated(signer, flags))
	255	return 1;
	256	return 0;
	257	}
	258	}
	259
	260	/* Otherwise check if OCSP request signed directly by request CA */
	261	return ocsp_match_issuerid(signer, caid, sresp);
	262	}
	263
	264	/*
	265	* Check the issuer certificate IDs for equality. If there is a mismatch with
	266	* the same algorithm then there's no point trying to match any certificates
	267	* against the issuer. If the issuer IDs all match then we just need to check
	268	* equality against one of them.
e8af92fc	269	*/
0f113f3e	270
e8af92fc	271	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) sresp, OCSP_CERTID *ret)
0f113f3e MC	272	{
	273	OCSP_CERTID tmpid, cid;
	274	int i, idcount;
	275
	276	idcount = sk_OCSP_SINGLERESP_num(sresp);
	277	if (idcount <= 0) {
	278	OCSPerr(OCSP_F_OCSP_CHECK_IDS,
	279	OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
	280	return -1;
	281	}
	282
	283	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
	284
	285	*ret = NULL;
	286
	287	for (i = 1; i < idcount; i++) {
	288	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
	289	/* Check to see if IDs match */
	290	if (OCSP_id_issuer_cmp(cid, tmpid)) {
	291	/* If algoritm mismatch let caller deal with it */
a332635e DSH	292	if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
a332635e DSH	293	cid->hashAlgorithm.algorithm))
0f113f3e MC	294	return 2;
	295	/* Else mismatch */
	296	return 0;
	297	}
	298	}
e8af92fc	299
0f113f3e MC	300	/* All IDs match: only need to check one ID */
	301	*ret = cid;
	302	return 1;
	303	}
e8af92fc DSH	304
e8af92fc DSH	305	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
0f113f3e MC	306	STACK_OF(OCSP_SINGLERESP) *sresp)
	307	{
	308	/* If only one ID to match then do it */
	309	if (cid) {
	310	const EVP_MD *dgst;
	311	X509_NAME *iname;
	312	int mdlen;
	313	unsigned char md[EVP_MAX_MD_SIZE];
a332635e	314	if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
75ebbd9a	315	== NULL) {
0f113f3e MC	316	OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
	317	OCSP_R_UNKNOWN_MESSAGE_DIGEST);
	318	return -1;
	319	}
	320
	321	mdlen = EVP_MD_size(dgst);
	322	if (mdlen < 0)
	323	return -1;
af170194 DSH	324	if ((cid->issuerNameHash.length != mdlen) \|\|
af170194 DSH	325	(cid->issuerKeyHash.length != mdlen))
0f113f3e MC	326	return 0;
	327	iname = X509_get_subject_name(cert);
	328	if (!X509_NAME_digest(iname, dgst, md, NULL))
	329	return -1;
af170194	330	if (memcmp(md, cid->issuerNameHash.data, mdlen))
0f113f3e MC	331	return 0;
0f113f3e MC	332	X509_pubkey_digest(cert, dgst, md, NULL);
af170194	333	if (memcmp(md, cid->issuerKeyHash.data, mdlen))
0f113f3e MC	334	return 0;
	335
	336	return 1;
	337
	338	} else {
	339	/* We have to match the whole lot */
	340	int i, ret;
	341	OCSP_CERTID *tmpid;
	342	for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
	343	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
	344	ret = ocsp_match_issuerid(cert, tmpid, NULL);
	345	if (ret <= 0)
	346	return ret;
	347	}
	348	return 1;
	349	}
	350
	351	}
e8af92fc DSH	352
e8af92fc DSH	353	static int ocsp_check_delegated(X509 *x, int flags)
0f113f3e	354	{
a8d8e06b DSH	355	if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
a8d8e06b DSH	356	&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
0f113f3e MC	357	return 1;
	358	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
	359	return 0;
	360	}
	361
	362	/*
	363	* Verify an OCSP request. This is fortunately much easier than OCSP response
	364	* verify. Just find the signers certificate and verify it against a given
	365	* trust value.
fafc7f98 DSH	366	*/
fafc7f98 DSH	367
0f113f3e MC	368	int OCSP_request_verify(OCSP_REQUEST req, STACK_OF(X509) certs,
	369	X509_STORE *store, unsigned long flags)
	370	{
	371	X509 *signer;
	372	X509_NAME *nm;
	373	GENERAL_NAME *gen;
	374	int ret;
	375	X509_STORE_CTX ctx;
	376	if (!req->optionalSignature) {
	377	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
	378	return 0;
	379	}
a332635e	380	gen = req->tbsRequest.requestorName;
0f113f3e MC	381	if (!gen \|\| gen->type != GEN_DIRNAME) {
	382	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
	383	OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
	384	return 0;
	385	}
	386	nm = gen->d.directoryName;
	387	ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
	388	if (ret <= 0) {
	389	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
	390	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
	391	return 0;
	392	}
	393	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
	394	flags \|= OCSP_NOVERIFY;
	395	if (!(flags & OCSP_NOSIGS)) {
	396	EVP_PKEY *skey;
8382fd3a	397	skey = X509_get0_pubkey(signer);
0f113f3e	398	ret = OCSP_REQUEST_verify(req, skey);
0f113f3e MC	399	if (ret <= 0) {
	400	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
	401	return 0;
	402	}
	403	}
	404	if (!(flags & OCSP_NOVERIFY)) {
	405	int init_res;
	406	if (flags & OCSP_NOCHAIN)
	407	init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
	408	else
	409	init_res = X509_STORE_CTX_init(&ctx, store, signer,
	410	req->optionalSignature->certs);
	411	if (!init_res) {
	412	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
	413	return 0;
fafc7f98 DSH	414	}
fafc7f98 DSH	415
0f113f3e MC	416	X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
	417	X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
	418	ret = X509_verify_cert(&ctx);
	419	X509_STORE_CTX_cleanup(&ctx);
	420	if (ret <= 0) {
	421	ret = X509_STORE_CTX_get_error(&ctx);
	422	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
	423	OCSP_R_CERTIFICATE_VERIFY_ERROR);
	424	ERR_add_error_data(2, "Verify error:",
	425	X509_verify_cert_error_string(ret));
	426	return 0;
	427	}
	428	}
	429	return 1;
	430	}
	431
	432	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
	433	X509_NAME nm, STACK_OF(X509) certs,
	434	X509_STORE *st, unsigned long flags)
	435	{
	436	X509 *signer;
	437	if (!(flags & OCSP_NOINTERN)) {
	438	signer = X509_find_by_subject(req->optionalSignature->certs, nm);
	439	if (signer) {
	440	*psigner = signer;
	441	return 1;
	442	}
	443	}
	444
	445	signer = X509_find_by_subject(certs, nm);
	446	if (signer) {
	447	*psigner = signer;
	448	return 2;
	449	}
	450	return 0;
	451	}