[thirdparty/openssl.git] / crypto / ocsp / ocsp_vfy.c

/* ocsp_vfy.c */
/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2000.
 */
/* ====================================================================
 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <openssl/ocsp.h>
#include "ocsp_lcl.h"
#include <openssl/err.h>
#include <string.h>

static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
                            STACK_OF(X509) *certs, X509_STORE *st,
                            unsigned long flags);
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
                             unsigned long flags);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
                          OCSP_CERTID **ret);
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                               STACK_OF(OCSP_SINGLERESP) *sresp);
static int ocsp_check_delegated(X509 *x, int flags);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
                                X509_NAME *nm, STACK_OF(X509) *certs,
                                X509_STORE *st, unsigned long flags);

/* Verify a basic response message */

int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                      X509_STORE *st, unsigned long flags)
{
    X509 *signer, *x;
    STACK_OF(X509) *chain = NULL;
    STACK_OF(X509) *untrusted = NULL;
    X509_STORE_CTX ctx;
    int i, ret = 0;
    ret = ocsp_find_signer(&signer, bs, certs, st, flags);
    if (!ret) {
        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
        goto end;
    }
    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
        flags |= OCSP_NOVERIFY;
    if (!(flags & OCSP_NOSIGS)) {
        EVP_PKEY *skey;
        skey = X509_get_pubkey(signer);
        if (skey) {
            ret = OCSP_BASICRESP_verify(bs, skey, 0);
            EVP_PKEY_free(skey);
        }
        if (!skey || ret <= 0) {
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
            goto end;
        }
    }
    if (!(flags & OCSP_NOVERIFY)) {
        int init_res;
        if (flags & OCSP_NOCHAIN) {
            untrusted = NULL;
        } else if (bs->certs && certs) {
            untrusted = sk_X509_dup(bs->certs);
            for (i = 0; i < sk_X509_num(certs); i++) {
                if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
                    OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
                    goto end;
                }
            }
        } else {
            untrusted = bs->certs;
        }
        init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
        if (!init_res) {
            ret = -1;
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
            goto end;
        }

        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
        ret = X509_verify_cert(&ctx);
        chain = X509_STORE_CTX_get1_chain(&ctx);
        X509_STORE_CTX_cleanup(&ctx);
        if (ret <= 0) {
            i = X509_STORE_CTX_get_error(&ctx);
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
            ERR_add_error_data(2, "Verify error:",
                               X509_verify_cert_error_string(i));
            goto end;
        }
        if (flags & OCSP_NOCHECKS) {
            ret = 1;
            goto end;
        }
        /*
         * At this point we have a valid certificate chain need to verify it
         * against the OCSP issuer criteria.
         */
        ret = ocsp_check_issuer(bs, chain, flags);

        /* If fatal error or valid match then finish */
        if (ret != 0)
            goto end;

        /*
         * Easy case: explicitly trusted. Get root CA and check for explicit
         * trust
         */
        if (flags & OCSP_NOEXPLICIT)
            goto end;

        x = sk_X509_value(chain, sk_X509_num(chain) - 1);
        if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
            goto end;
        }
        ret = 1;
    }

 end:
    sk_X509_pop_free(chain, X509_free);
    if (bs->certs && certs)
        sk_X509_free(untrusted);
    return ret;
}

static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
                            STACK_OF(X509) *certs, X509_STORE *st,
                            unsigned long flags)
{
    X509 *signer;
    OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
    if ((signer = ocsp_find_signer_sk(certs, rid))) {
        *psigner = signer;
        return 2;
    }
    if (!(flags & OCSP_NOINTERN) &&
        (signer = ocsp_find_signer_sk(bs->certs, rid))) {
        *psigner = signer;
        return 1;
    }
    /* Maybe lookup from store if by subject name */

    *psigner = NULL;
    return 0;
}

static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
{
    int i;
    unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
    X509 *x;

    /* Easy if lookup by name */
    if (id->type == V_OCSP_RESPID_NAME)
        return X509_find_by_subject(certs, id->value.byName);

    /* Lookup by key hash */

    /* If key hash isn't SHA1 length then forget it */
    if (id->value.byKey->length != SHA_DIGEST_LENGTH)
        return NULL;
    keyhash = id->value.byKey->data;
    /* Calculate hash of each key and compare */
    for (i = 0; i < sk_X509_num(certs); i++) {
        x = sk_X509_value(certs, i);
        X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
        if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
            return x;
    }
    return NULL;
}

static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
                             unsigned long flags)
{
    STACK_OF(OCSP_SINGLERESP) *sresp;
    X509 *signer, *sca;
    OCSP_CERTID *caid = NULL;
    int i;
    sresp = bs->tbsResponseData.responses;

    if (sk_X509_num(chain) <= 0) {
        OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
        return -1;
    }

    /* See if the issuer IDs match. */
    i = ocsp_check_ids(sresp, &caid);

    /* If ID mismatch or other error then return */
    if (i <= 0)
        return i;

    signer = sk_X509_value(chain, 0);
    /* Check to see if OCSP responder CA matches request CA */
    if (sk_X509_num(chain) > 1) {
        sca = sk_X509_value(chain, 1);
        i = ocsp_match_issuerid(sca, caid, sresp);
        if (i < 0)
            return i;
        if (i) {
            /* We have a match, if extensions OK then success */
            if (ocsp_check_delegated(signer, flags))
                return 1;
            return 0;
        }
    }

    /* Otherwise check if OCSP request signed directly by request CA */
    return ocsp_match_issuerid(signer, caid, sresp);
}

/*
 * Check the issuer certificate IDs for equality. If there is a mismatch with
 * the same algorithm then there's no point trying to match any certificates
 * against the issuer. If the issuer IDs all match then we just need to check
 * equality against one of them.
 */

static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
{
    OCSP_CERTID *tmpid, *cid;
    int i, idcount;

    idcount = sk_OCSP_SINGLERESP_num(sresp);
    if (idcount <= 0) {
        OCSPerr(OCSP_F_OCSP_CHECK_IDS,
                OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
        return -1;
    }

    cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;

    *ret = NULL;

    for (i = 1; i < idcount; i++) {
        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
        /* Check to see if IDs match */
        if (OCSP_id_issuer_cmp(cid, tmpid)) {
            /* If algoritm mismatch let caller deal with it */
            if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
                        cid->hashAlgorithm.algorithm))
                return 2;
            /* Else mismatch */
            return 0;
        }
    }

    /* All IDs match: only need to check one ID */
    *ret = cid;
    return 1;
}

static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                               STACK_OF(OCSP_SINGLERESP) *sresp)
{
    /* If only one ID to match then do it */
    if (cid) {
        const EVP_MD *dgst;
        X509_NAME *iname;
        int mdlen;
        unsigned char md[EVP_MAX_MD_SIZE];
        if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
                == NULL) {
            OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
                    OCSP_R_UNKNOWN_MESSAGE_DIGEST);
            return -1;
        }

        mdlen = EVP_MD_size(dgst);
        if (mdlen < 0)
            return -1;
        if ((cid->issuerNameHash->length != mdlen) ||
            (cid->issuerKeyHash->length != mdlen))
            return 0;
        iname = X509_get_subject_name(cert);
        if (!X509_NAME_digest(iname, dgst, md, NULL))
            return -1;
        if (memcmp(md, cid->issuerNameHash->data, mdlen))
            return 0;
        X509_pubkey_digest(cert, dgst, md, NULL);
        if (memcmp(md, cid->issuerKeyHash->data, mdlen))
            return 0;

        return 1;

    } else {
        /* We have to match the whole lot */
        int i, ret;
        OCSP_CERTID *tmpid;
        for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
            tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
            ret = ocsp_match_issuerid(cert, tmpid, NULL);
            if (ret <= 0)
                return ret;
        }
        return 1;
    }

}

static int ocsp_check_delegated(X509 *x, int flags)
{
    if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
        && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
        return 1;
    OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
    return 0;
}

/*
 * Verify an OCSP request. This is fortunately much easier than OCSP response
 * verify. Just find the signers certificate and verify it against a given
 * trust value.
 */

int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
                        X509_STORE *store, unsigned long flags)
{
    X509 *signer;
    X509_NAME *nm;
    GENERAL_NAME *gen;
    int ret;
    X509_STORE_CTX ctx;
    if (!req->optionalSignature) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
        return 0;
    }
    gen = req->tbsRequest.requestorName;
    if (!gen || gen->type != GEN_DIRNAME) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
        return 0;
    }
    nm = gen->d.directoryName;
    ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
    if (ret <= 0) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
        return 0;
    }
    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
        flags |= OCSP_NOVERIFY;
    if (!(flags & OCSP_NOSIGS)) {
        EVP_PKEY *skey;
        skey = X509_get_pubkey(signer);
        ret = OCSP_REQUEST_verify(req, skey);
        EVP_PKEY_free(skey);
        if (ret <= 0) {
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
            return 0;
        }
    }
    if (!(flags & OCSP_NOVERIFY)) {
        int init_res;
        if (flags & OCSP_NOCHAIN)
            init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
        else
            init_res = X509_STORE_CTX_init(&ctx, store, signer,
                                           req->optionalSignature->certs);
        if (!init_res) {
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
            return 0;
        }

        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
        X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
        ret = X509_verify_cert(&ctx);
        X509_STORE_CTX_cleanup(&ctx);
        if (ret <= 0) {
            ret = X509_STORE_CTX_get_error(&ctx);
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
            ERR_add_error_data(2, "Verify error:",
                               X509_verify_cert_error_string(ret));
            return 0;
        }
    }
    return 1;
}

static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
                                X509_NAME *nm, STACK_OF(X509) *certs,
                                X509_STORE *st, unsigned long flags)
{
    X509 *signer;
    if (!(flags & OCSP_NOINTERN)) {
        signer = X509_find_by_subject(req->optionalSignature->certs, nm);
        if (signer) {
            *psigner = signer;
            return 1;
        }
    }

    signer = X509_find_by_subject(certs, nm);
    if (signer) {
        *psigner = signer;
        return 2;
    }
    return 0;
}
Commit	Line	Data
9b4dc830	1	/* ocsp_vfy.c */
0f113f3e MC	2	/*
	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
	4	* 2000.
9b4dc830 DSH	5	*/
9b4dc830 DSH	6	/* ====================================================================
91180d45	7	* Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
9b4dc830 DSH	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	*
	13	* 1. Redistributions of source code must retain the above copyright
0f113f3e	14	* notice, this list of conditions and the following disclaimer.
9b4dc830 DSH	15	*
	16	* 2. Redistributions in binary form must reproduce the above copyright
	17	* notice, this list of conditions and the following disclaimer in
	18	* the documentation and/or other materials provided with the
	19	* distribution.
	20	*
	21	* 3. All advertising materials mentioning features or use of this
	22	* software must display the following acknowledgment:
	23	* "This product includes software developed by the OpenSSL Project
	24	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	25	*
	26	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	27	* endorse or promote products derived from this software without
	28	* prior written permission. For written permission, please contact
	29	* licensing@OpenSSL.org.
	30	*
	31	* 5. Products derived from this software may not be called "OpenSSL"
	32	* nor may "OpenSSL" appear in their names without prior written
	33	* permission of the OpenSSL Project.
	34	*
	35	* 6. Redistributions of any form whatsoever must retain the following
	36	* acknowledgment:
	37	* "This product includes software developed by the OpenSSL Project
	38	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	39	*
	40	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	41	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	43	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	44	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	45	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	46	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	47	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	49	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	50	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	51	* OF THE POSSIBILITY OF SUCH DAMAGE.
	52	* ====================================================================
	53	*
	54	* This product includes cryptographic software written by Eric Young
	55	* (eay@cryptsoft.com). This product includes software written by Tim
	56	* Hudson (tjh@cryptsoft.com).
	57	*
	58	*/
	59
	60	#include <openssl/ocsp.h>
6ef869d7	61	#include "ocsp_lcl.h"
9b4dc830	62	#include <openssl/err.h>
3ebac273	63	#include <string.h>
9b4dc830	64
0f113f3e MC	65	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
	66	STACK_OF(X509) certs, X509_STORE st,
	67	unsigned long flags);
9b4dc830	68	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id);
0f113f3e MC	69	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain,
	70	unsigned long flags);
	71	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
	72	OCSP_CERTID **ret);
	73	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
	74	STACK_OF(OCSP_SINGLERESP) *sresp);
e8af92fc	75	static int ocsp_check_delegated(X509 *x, int flags);
0f113f3e MC	76	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
	77	X509_NAME nm, STACK_OF(X509) certs,
	78	X509_STORE *st, unsigned long flags);
9b4dc830 DSH	79
	80	/* Verify a basic response message */
	81
	82	int OCSP_basic_verify(OCSP_BASICRESP bs, STACK_OF(X509) certs,
0f113f3e MC	83	X509_STORE *st, unsigned long flags)
	84	{
	85	X509 signer, x;
	86	STACK_OF(X509) *chain = NULL;
4ca5efc2	87	STACK_OF(X509) *untrusted = NULL;
0f113f3e MC	88	X509_STORE_CTX ctx;
	89	int i, ret = 0;
	90	ret = ocsp_find_signer(&signer, bs, certs, st, flags);
	91	if (!ret) {
	92	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
	93	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
	94	goto end;
	95	}
	96	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
	97	flags \|= OCSP_NOVERIFY;
	98	if (!(flags & OCSP_NOSIGS)) {
	99	EVP_PKEY *skey;
	100	skey = X509_get_pubkey(signer);
	101	if (skey) {
	102	ret = OCSP_BASICRESP_verify(bs, skey, 0);
	103	EVP_PKEY_free(skey);
	104	}
	105	if (!skey \|\| ret <= 0) {
	106	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
	107	goto end;
	108	}
	109	}
	110	if (!(flags & OCSP_NOVERIFY)) {
	111	int init_res;
4ca5efc2 DSH	112	if (flags & OCSP_NOCHAIN) {
	113	untrusted = NULL;
	114	} else if (bs->certs && certs) {
	115	untrusted = sk_X509_dup(bs->certs);
	116	for (i = 0; i < sk_X509_num(certs); i++) {
	117	if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
	118	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
	119	goto end;
	120	}
	121	}
	122	} else {
	123	untrusted = bs->certs;
	124	}
	125	init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
0f113f3e MC	126	if (!init_res) {
	127	ret = -1;
	128	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
	129	goto end;
	130	}
9b4dc830	131
0f113f3e MC	132	X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
	133	ret = X509_verify_cert(&ctx);
	134	chain = X509_STORE_CTX_get1_chain(&ctx);
	135	X509_STORE_CTX_cleanup(&ctx);
	136	if (ret <= 0) {
	137	i = X509_STORE_CTX_get_error(&ctx);
	138	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
	139	OCSP_R_CERTIFICATE_VERIFY_ERROR);
	140	ERR_add_error_data(2, "Verify error:",
	141	X509_verify_cert_error_string(i));
	142	goto end;
	143	}
	144	if (flags & OCSP_NOCHECKS) {
	145	ret = 1;
	146	goto end;
	147	}
	148	/*
	149	* At this point we have a valid certificate chain need to verify it
	150	* against the OCSP issuer criteria.
	151	*/
	152	ret = ocsp_check_issuer(bs, chain, flags);
	153
	154	/* If fatal error or valid match then finish */
	155	if (ret != 0)
	156	goto end;
	157
	158	/*
	159	* Easy case: explicitly trusted. Get root CA and check for explicit
	160	* trust
	161	*/
	162	if (flags & OCSP_NOEXPLICIT)
	163	goto end;
	164
	165	x = sk_X509_value(chain, sk_X509_num(chain) - 1);
	166	if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
	167	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
	168	goto end;
	169	}
	170	ret = 1;
	171	}
	172
	173	end:
222561fe	174	sk_X509_pop_free(chain, X509_free);
4ca5efc2 DSH	175	if (bs->certs && certs)
4ca5efc2 DSH	176	sk_X509_free(untrusted);
0f113f3e MC	177	return ret;
	178	}
	179
	180	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
	181	STACK_OF(X509) certs, X509_STORE st,
	182	unsigned long flags)
	183	{
	184	X509 *signer;
a332635e	185	OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
0f113f3e MC	186	if ((signer = ocsp_find_signer_sk(certs, rid))) {
	187	*psigner = signer;
	188	return 2;
	189	}
	190	if (!(flags & OCSP_NOINTERN) &&
	191	(signer = ocsp_find_signer_sk(bs->certs, rid))) {
	192	*psigner = signer;
	193	return 1;
	194	}
	195	/* Maybe lookup from store if by subject name */
	196
	197	*psigner = NULL;
	198	return 0;
	199	}
9b4dc830 DSH	200
9b4dc830 DSH	201	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id)
0f113f3e MC	202	{
	203	int i;
	204	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
	205	X509 *x;
	206
	207	/* Easy if lookup by name */
	208	if (id->type == V_OCSP_RESPID_NAME)
	209	return X509_find_by_subject(certs, id->value.byName);
	210
	211	/* Lookup by key hash */
	212
	213	/* If key hash isn't SHA1 length then forget it */
	214	if (id->value.byKey->length != SHA_DIGEST_LENGTH)
	215	return NULL;
	216	keyhash = id->value.byKey->data;
	217	/* Calculate hash of each key and compare */
	218	for (i = 0; i < sk_X509_num(certs); i++) {
	219	x = sk_X509_value(certs, i);
	220	X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
	221	if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
	222	return x;
	223	}
	224	return NULL;
	225	}
	226
	227	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain,
	228	unsigned long flags)
	229	{
	230	STACK_OF(OCSP_SINGLERESP) *sresp;
	231	X509 signer, sca;
	232	OCSP_CERTID *caid = NULL;
	233	int i;
a332635e	234	sresp = bs->tbsResponseData.responses;
0f113f3e MC	235
	236	if (sk_X509_num(chain) <= 0) {
	237	OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
	238	return -1;
	239	}
	240
	241	/* See if the issuer IDs match. */
	242	i = ocsp_check_ids(sresp, &caid);
	243
	244	/* If ID mismatch or other error then return */
	245	if (i <= 0)
	246	return i;
	247
	248	signer = sk_X509_value(chain, 0);
	249	/* Check to see if OCSP responder CA matches request CA */
	250	if (sk_X509_num(chain) > 1) {
	251	sca = sk_X509_value(chain, 1);
	252	i = ocsp_match_issuerid(sca, caid, sresp);
	253	if (i < 0)
	254	return i;
	255	if (i) {
	256	/* We have a match, if extensions OK then success */
	257	if (ocsp_check_delegated(signer, flags))
	258	return 1;
	259	return 0;
	260	}
	261	}
	262
	263	/* Otherwise check if OCSP request signed directly by request CA */
	264	return ocsp_match_issuerid(signer, caid, sresp);
	265	}
	266
	267	/*
	268	* Check the issuer certificate IDs for equality. If there is a mismatch with
	269	* the same algorithm then there's no point trying to match any certificates
	270	* against the issuer. If the issuer IDs all match then we just need to check
	271	* equality against one of them.
e8af92fc	272	*/
0f113f3e	273
e8af92fc	274	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) sresp, OCSP_CERTID *ret)
0f113f3e MC	275	{
	276	OCSP_CERTID tmpid, cid;
	277	int i, idcount;
	278
	279	idcount = sk_OCSP_SINGLERESP_num(sresp);
	280	if (idcount <= 0) {
	281	OCSPerr(OCSP_F_OCSP_CHECK_IDS,
	282	OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
	283	return -1;
	284	}
	285
	286	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
	287
	288	*ret = NULL;
	289
	290	for (i = 1; i < idcount; i++) {
	291	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
	292	/* Check to see if IDs match */
	293	if (OCSP_id_issuer_cmp(cid, tmpid)) {
	294	/* If algoritm mismatch let caller deal with it */
a332635e DSH	295	if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
a332635e DSH	296	cid->hashAlgorithm.algorithm))
0f113f3e MC	297	return 2;
	298	/* Else mismatch */
	299	return 0;
	300	}
	301	}
e8af92fc	302
0f113f3e MC	303	/* All IDs match: only need to check one ID */
	304	*ret = cid;
	305	return 1;
	306	}
e8af92fc DSH	307
e8af92fc DSH	308	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
0f113f3e MC	309	STACK_OF(OCSP_SINGLERESP) *sresp)
	310	{
	311	/* If only one ID to match then do it */
	312	if (cid) {
	313	const EVP_MD *dgst;
	314	X509_NAME *iname;
	315	int mdlen;
	316	unsigned char md[EVP_MAX_MD_SIZE];
a332635e	317	if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
75ebbd9a	318	== NULL) {
0f113f3e MC	319	OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
	320	OCSP_R_UNKNOWN_MESSAGE_DIGEST);
	321	return -1;
	322	}
	323
	324	mdlen = EVP_MD_size(dgst);
	325	if (mdlen < 0)
	326	return -1;
	327	if ((cid->issuerNameHash->length != mdlen) \|\|
	328	(cid->issuerKeyHash->length != mdlen))
	329	return 0;
	330	iname = X509_get_subject_name(cert);
	331	if (!X509_NAME_digest(iname, dgst, md, NULL))
	332	return -1;
	333	if (memcmp(md, cid->issuerNameHash->data, mdlen))
	334	return 0;
	335	X509_pubkey_digest(cert, dgst, md, NULL);
	336	if (memcmp(md, cid->issuerKeyHash->data, mdlen))
	337	return 0;
	338
	339	return 1;
	340
	341	} else {
	342	/* We have to match the whole lot */
	343	int i, ret;
	344	OCSP_CERTID *tmpid;
	345	for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
	346	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
	347	ret = ocsp_match_issuerid(cert, tmpid, NULL);
	348	if (ret <= 0)
	349	return ret;
	350	}
	351	return 1;
	352	}
	353
	354	}
e8af92fc DSH	355
e8af92fc DSH	356	static int ocsp_check_delegated(X509 *x, int flags)
0f113f3e	357	{
a8d8e06b DSH	358	if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
a8d8e06b DSH	359	&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
0f113f3e MC	360	return 1;
	361	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
	362	return 0;
	363	}
	364
	365	/*
	366	* Verify an OCSP request. This is fortunately much easier than OCSP response
	367	* verify. Just find the signers certificate and verify it against a given
	368	* trust value.
fafc7f98 DSH	369	*/
fafc7f98 DSH	370
0f113f3e MC	371	int OCSP_request_verify(OCSP_REQUEST req, STACK_OF(X509) certs,
	372	X509_STORE *store, unsigned long flags)
	373	{
	374	X509 *signer;
	375	X509_NAME *nm;
	376	GENERAL_NAME *gen;
	377	int ret;
	378	X509_STORE_CTX ctx;
	379	if (!req->optionalSignature) {
	380	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
	381	return 0;
	382	}
a332635e	383	gen = req->tbsRequest.requestorName;
0f113f3e MC	384	if (!gen \|\| gen->type != GEN_DIRNAME) {
	385	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
	386	OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
	387	return 0;
	388	}
	389	nm = gen->d.directoryName;
	390	ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
	391	if (ret <= 0) {
	392	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
	393	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
	394	return 0;
	395	}
	396	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
	397	flags \|= OCSP_NOVERIFY;
	398	if (!(flags & OCSP_NOSIGS)) {
	399	EVP_PKEY *skey;
	400	skey = X509_get_pubkey(signer);
	401	ret = OCSP_REQUEST_verify(req, skey);
	402	EVP_PKEY_free(skey);
	403	if (ret <= 0) {
	404	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
	405	return 0;
	406	}
	407	}
	408	if (!(flags & OCSP_NOVERIFY)) {
	409	int init_res;
	410	if (flags & OCSP_NOCHAIN)
	411	init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
	412	else
	413	init_res = X509_STORE_CTX_init(&ctx, store, signer,
	414	req->optionalSignature->certs);
	415	if (!init_res) {
	416	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
	417	return 0;
fafc7f98 DSH	418	}
fafc7f98 DSH	419
0f113f3e MC	420	X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
	421	X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
	422	ret = X509_verify_cert(&ctx);
	423	X509_STORE_CTX_cleanup(&ctx);
	424	if (ret <= 0) {
	425	ret = X509_STORE_CTX_get_error(&ctx);
	426	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
	427	OCSP_R_CERTIFICATE_VERIFY_ERROR);
	428	ERR_add_error_data(2, "Verify error:",
	429	X509_verify_cert_error_string(ret));
	430	return 0;
	431	}
	432	}
	433	return 1;
	434	}
	435
	436	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
	437	X509_NAME nm, STACK_OF(X509) certs,
	438	X509_STORE *st, unsigned long flags)
	439	{
	440	X509 *signer;
	441	if (!(flags & OCSP_NOINTERN)) {
	442	signer = X509_find_by_subject(req->optionalSignature->certs, nm);
	443	if (signer) {
	444	*psigner = signer;
	445	return 1;
	446	}
	447	}
	448
	449	signer = X509_find_by_subject(certs, nm);
	450	if (signer) {
	451	*psigner = signer;
	452	return 2;
	453	}
	454	return 0;
	455	}