[thirdparty/openssl.git] / crypto / ocsp / ocsp_vfy.c

/*
 * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/ocsp.h>
#include "ocsp_local.h"
#include <openssl/err.h>
#include <string.h>

DEFINE_STACK_OF(OCSP_ONEREQ)
DEFINE_STACK_OF(X509)
DEFINE_STACK_OF(OCSP_SINGLERESP)

static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
                            STACK_OF(X509) *certs, unsigned long flags);
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
                          OCSP_CERTID **ret);
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                               STACK_OF(OCSP_SINGLERESP) *sresp);
static int ocsp_check_delegated(X509 *x);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
                                const X509_NAME *nm, STACK_OF(X509) *certs,
                                unsigned long flags);

/* Verify a basic response message */

int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                      X509_STORE *st, unsigned long flags)
{
    X509 *signer, *x;
    STACK_OF(X509) *chain = NULL;
    STACK_OF(X509) *untrusted = NULL;
    X509_STORE_CTX *ctx = NULL;
    int i, ret = ocsp_find_signer(&signer, bs, certs, flags);

    if (!ret) {
        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
        goto end;
    }
    ctx = X509_STORE_CTX_new();
    if (ctx == NULL) {
        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
        goto f_err;
    }
    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
        flags |= OCSP_NOVERIFY;
    if (!(flags & OCSP_NOSIGS)) {
        EVP_PKEY *skey;
        skey = X509_get0_pubkey(signer);
        if (skey == NULL) {
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);
            goto err;
        }
        ret = OCSP_BASICRESP_verify(bs, skey, 0);
        if (ret <= 0) {
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
            goto end;
        }
    }
    if (!(flags & OCSP_NOVERIFY)) {
        int init_res;

        if (flags & OCSP_NOCHAIN) {
            untrusted = NULL;
        } else if (bs->certs && certs) {
            untrusted = sk_X509_dup(bs->certs);
            if (!X509_add_certs(untrusted, certs, X509_ADD_FLAG_DEFAULT))
                goto f_err;
        } else if (certs != NULL) {
            untrusted = certs;
        } else {
            untrusted = bs->certs;
        }
        init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);
        if (!init_res) {
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
            goto f_err;
        }

        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
        ret = X509_verify_cert(ctx);
        chain = X509_STORE_CTX_get1_chain(ctx);
        if (ret <= 0) {
            i = X509_STORE_CTX_get_error(ctx);
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
            ERR_add_error_data(2, "Verify error:",
                               X509_verify_cert_error_string(i));
            goto end;
        }
        if (flags & OCSP_NOCHECKS) {
            ret = 1;
            goto end;
        }
        /*
         * At this point we have a valid certificate chain need to verify it
         * against the OCSP issuer criteria.
         */
        ret = ocsp_check_issuer(bs, chain);

        /* If fatal error or valid match then finish */
        if (ret != 0)
            goto end;

        /*
         * Easy case: explicitly trusted. Get root CA and check for explicit
         * trust
         */
        if (flags & OCSP_NOEXPLICIT)
            goto end;

        x = sk_X509_value(chain, sk_X509_num(chain) - 1);
        if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
            goto err;
        }
        ret = 1;
    }
 end:
    X509_STORE_CTX_free(ctx);
    sk_X509_pop_free(chain, X509_free);
    if (bs->certs && certs)
        sk_X509_free(untrusted);
    return ret;

 err:
    ret = 0;
    goto end;
 f_err:
    ret = -1;
    goto end;
}

int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
                          STACK_OF(X509) *extra_certs)
{
    int ret;

    ret = ocsp_find_signer(signer, bs, extra_certs, 0);
    return (ret > 0) ? 1 : 0;
}

static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
                            STACK_OF(X509) *certs, unsigned long flags)
{
    X509 *signer;
    OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
    if ((signer = ocsp_find_signer_sk(certs, rid))) {
        *psigner = signer;
        return 2;
    }
    if (!(flags & OCSP_NOINTERN) &&
        (signer = ocsp_find_signer_sk(bs->certs, rid))) {
        *psigner = signer;
        return 1;
    }
    /* Maybe lookup from store if by subject name */

    *psigner = NULL;
    return 0;
}

static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
{
    int i;
    unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
    X509 *x;

    /* Easy if lookup by name */
    if (id->type == V_OCSP_RESPID_NAME)
        return X509_find_by_subject(certs, id->value.byName);

    /* Lookup by key hash */

    /* If key hash isn't SHA1 length then forget it */
    if (id->value.byKey->length != SHA_DIGEST_LENGTH)
        return NULL;
    keyhash = id->value.byKey->data;
    /* Calculate hash of each key and compare */
    for (i = 0; i < sk_X509_num(certs); i++) {
        x = sk_X509_value(certs, i);
        X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
        if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
            return x;
    }
    return NULL;
}

static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain)
{
    STACK_OF(OCSP_SINGLERESP) *sresp;
    X509 *signer, *sca;
    OCSP_CERTID *caid = NULL;
    int i;
    sresp = bs->tbsResponseData.responses;

    if (sk_X509_num(chain) <= 0) {
        OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
        return -1;
    }

    /* See if the issuer IDs match. */
    i = ocsp_check_ids(sresp, &caid);

    /* If ID mismatch or other error then return */
    if (i <= 0)
        return i;

    signer = sk_X509_value(chain, 0);
    /* Check to see if OCSP responder CA matches request CA */
    if (sk_X509_num(chain) > 1) {
        sca = sk_X509_value(chain, 1);
        i = ocsp_match_issuerid(sca, caid, sresp);
        if (i < 0)
            return i;
        if (i) {
            /* We have a match, if extensions OK then success */
            if (ocsp_check_delegated(signer))
                return 1;
            return 0;
        }
    }

    /* Otherwise check if OCSP request signed directly by request CA */
    return ocsp_match_issuerid(signer, caid, sresp);
}

/*
 * Check the issuer certificate IDs for equality. If there is a mismatch with
 * the same algorithm then there's no point trying to match any certificates
 * against the issuer. If the issuer IDs all match then we just need to check
 * equality against one of them.
 */

static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
{
    OCSP_CERTID *tmpid, *cid;
    int i, idcount;

    idcount = sk_OCSP_SINGLERESP_num(sresp);
    if (idcount <= 0) {
        OCSPerr(OCSP_F_OCSP_CHECK_IDS,
                OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
        return -1;
    }

    cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;

    *ret = NULL;

    for (i = 1; i < idcount; i++) {
        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
        /* Check to see if IDs match */
        if (OCSP_id_issuer_cmp(cid, tmpid)) {
            /* If algorithm mismatch let caller deal with it */
            if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
                        cid->hashAlgorithm.algorithm))
                return 2;
            /* Else mismatch */
            return 0;
        }
    }

    /* All IDs match: only need to check one ID */
    *ret = cid;
    return 1;
}

static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                               STACK_OF(OCSP_SINGLERESP) *sresp)
{
    /* If only one ID to match then do it */
    if (cid) {
        const EVP_MD *dgst;
        const X509_NAME *iname;
        int mdlen;
        unsigned char md[EVP_MAX_MD_SIZE];
        if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
                == NULL) {
            OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
                    OCSP_R_UNKNOWN_MESSAGE_DIGEST);
            return -1;
        }

        mdlen = EVP_MD_size(dgst);
        if (mdlen < 0)
            return -1;
        if ((cid->issuerNameHash.length != mdlen) ||
            (cid->issuerKeyHash.length != mdlen))
            return 0;
        iname = X509_get_subject_name(cert);
        if (!X509_NAME_digest(iname, dgst, md, NULL))
            return -1;
        if (memcmp(md, cid->issuerNameHash.data, mdlen))
            return 0;
        X509_pubkey_digest(cert, dgst, md, NULL);
        if (memcmp(md, cid->issuerKeyHash.data, mdlen))
            return 0;

        return 1;

    } else {
        /* We have to match the whole lot */
        int i, ret;
        OCSP_CERTID *tmpid;
        for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
            tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
            ret = ocsp_match_issuerid(cert, tmpid, NULL);
            if (ret <= 0)
                return ret;
        }
        return 1;
    }

}

static int ocsp_check_delegated(X509 *x)
{
    if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
        && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
        return 1;
    OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
    return 0;
}

/*
 * Verify an OCSP request. This is fortunately much easier than OCSP response
 * verify. Just find the signers certificate and verify it against a given
 * trust value.
 */

int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
                        X509_STORE *store, unsigned long flags)
{
    X509 *signer;
    const X509_NAME *nm;
    GENERAL_NAME *gen;
    int ret = 0;
    X509_STORE_CTX *ctx = X509_STORE_CTX_new();

    if (ctx == NULL) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (!req->optionalSignature) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
        goto err;
    }
    gen = req->tbsRequest.requestorName;
    if (!gen || gen->type != GEN_DIRNAME) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
        goto err;
    }
    nm = gen->d.directoryName;
    ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
    if (ret <= 0) {
        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
        goto err;
    }
    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
        flags |= OCSP_NOVERIFY;
    if (!(flags & OCSP_NOSIGS)) {
        EVP_PKEY *skey;
        skey = X509_get0_pubkey(signer);
        ret = OCSP_REQUEST_verify(req, skey);
        if (ret <= 0) {
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
            goto err;
        }
    }
    if (!(flags & OCSP_NOVERIFY)) {
        int init_res;
        if (flags & OCSP_NOCHAIN)
            init_res = X509_STORE_CTX_init(ctx, store, signer, NULL);
        else
            init_res = X509_STORE_CTX_init(ctx, store, signer,
                                           req->optionalSignature->certs);
        if (!init_res) {
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
            goto err;
        }

        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
        X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
        ret = X509_verify_cert(ctx);
        if (ret <= 0) {
            ret = X509_STORE_CTX_get_error(ctx);
            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
            ERR_add_error_data(2, "Verify error:",
                               X509_verify_cert_error_string(ret));
            goto err;
        }
    }
    ret = 1;
    goto end;

err:
    ret = 0;
end:
    X509_STORE_CTX_free(ctx);
    return ret;

}

static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
                                const X509_NAME *nm, STACK_OF(X509) *certs,
                                unsigned long flags)
{
    X509 *signer;
    if (!(flags & OCSP_NOINTERN)) {
        signer = X509_find_by_subject(req->optionalSignature->certs, nm);
        if (signer) {
            *psigner = signer;
            return 1;
        }
    }

    signer = X509_find_by_subject(certs, nm);
    if (signer) {
        *psigner = signer;
        return 2;
    }
    return 0;
}
Commit	Line	Data
0f113f3e	1	/*
33388b44	2	* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
9b4dc830	3	*
0c496700	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
b1322259 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
9b4dc830 DSH	8	*/
	9
	10	#include <openssl/ocsp.h>
706457b7	11	#include "ocsp_local.h"
9b4dc830	12	#include <openssl/err.h>
3ebac273	13	#include <string.h>
9b4dc830	14
852c2ed2 RS	15	DEFINE_STACK_OF(OCSP_ONEREQ)
	16	DEFINE_STACK_OF(X509)
	17	DEFINE_STACK_OF(OCSP_SINGLERESP)
	18
0f113f3e	19	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
a773b52a	20	STACK_OF(X509) *certs, unsigned long flags);
9b4dc830	21	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id);
a773b52a	22	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain);
0f113f3e MC	23	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
	24	OCSP_CERTID **ret);
	25	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
	26	STACK_OF(OCSP_SINGLERESP) *sresp);
a773b52a	27	static int ocsp_check_delegated(X509 *x);
0f113f3e	28	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
8cc86b81	29	const X509_NAME nm, STACK_OF(X509) certs,
a773b52a	30	unsigned long flags);
9b4dc830 DSH	31
	32	/* Verify a basic response message */
	33
	34	int OCSP_basic_verify(OCSP_BASICRESP bs, STACK_OF(X509) certs,
0f113f3e MC	35	X509_STORE *st, unsigned long flags)
	36	{
	37	X509 signer, x;
	38	STACK_OF(X509) *chain = NULL;
4ca5efc2	39	STACK_OF(X509) *untrusted = NULL;
f0e0fd51	40	X509_STORE_CTX *ctx = NULL;
a773b52a RS	41	int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
a773b52a RS	42
0f113f3e MC	43	if (!ret) {
	44	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
	45	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
d32f5d87	46	goto end;
f0e0fd51 RS	47	}
	48	ctx = X509_STORE_CTX_new();
	49	if (ctx == NULL) {
	50	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
d32f5d87	51	goto f_err;
0f113f3e MC	52	}
	53	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
	54	flags \|= OCSP_NOVERIFY;
	55	if (!(flags & OCSP_NOSIGS)) {
	56	EVP_PKEY *skey;
8382fd3a	57	skey = X509_get0_pubkey(signer);
d32f5d87 RL	58	if (skey == NULL) {
d32f5d87 RL	59	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);
f0e0fd51	60	goto err;
0f113f3e	61	}
d32f5d87 RL	62	ret = OCSP_BASICRESP_verify(bs, skey, 0);
	63	if (ret <= 0) {
	64	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
	65	goto end;
	66	}
0f113f3e MC	67	}
	68	if (!(flags & OCSP_NOVERIFY)) {
	69	int init_res;
eeccc237	70
4ca5efc2 DSH	71	if (flags & OCSP_NOCHAIN) {
	72	untrusted = NULL;
	73	} else if (bs->certs && certs) {
	74	untrusted = sk_X509_dup(bs->certs);
eeccc237 DDO	75	if (!X509_add_certs(untrusted, certs, X509_ADD_FLAG_DEFAULT))
eeccc237 DDO	76	goto f_err;
121738d1 DO	77	} else if (certs != NULL) {
121738d1 DO	78	untrusted = certs;
4ca5efc2 DSH	79	} else {
	80	untrusted = bs->certs;
	81	}
f0e0fd51	82	init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);
0f113f3e	83	if (!init_res) {
0f113f3e	84	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
d32f5d87	85	goto f_err;
0f113f3e	86	}
9b4dc830	87
f0e0fd51 RS	88	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
	89	ret = X509_verify_cert(ctx);
	90	chain = X509_STORE_CTX_get1_chain(ctx);
0f113f3e	91	if (ret <= 0) {
f0e0fd51	92	i = X509_STORE_CTX_get_error(ctx);
0f113f3e MC	93	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
	94	OCSP_R_CERTIFICATE_VERIFY_ERROR);
	95	ERR_add_error_data(2, "Verify error:",
	96	X509_verify_cert_error_string(i));
d32f5d87	97	goto end;
0f113f3e MC	98	}
	99	if (flags & OCSP_NOCHECKS) {
	100	ret = 1;
	101	goto end;
	102	}
	103	/*
	104	* At this point we have a valid certificate chain need to verify it
	105	* against the OCSP issuer criteria.
	106	*/
a773b52a	107	ret = ocsp_check_issuer(bs, chain);
0f113f3e MC	108
	109	/* If fatal error or valid match then finish */
	110	if (ret != 0)
64a1385a	111	goto end;
0f113f3e MC	112
	113	/*
	114	* Easy case: explicitly trusted. Get root CA and check for explicit
	115	* trust
	116	*/
	117	if (flags & OCSP_NOEXPLICIT)
	118	goto end;
	119
	120	x = sk_X509_value(chain, sk_X509_num(chain) - 1);
	121	if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
	122	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
f0e0fd51	123	goto err;
0f113f3e MC	124	}
	125	ret = 1;
	126	}
0f113f3e	127	end:
f0e0fd51	128	X509_STORE_CTX_free(ctx);
222561fe	129	sk_X509_pop_free(chain, X509_free);
4ca5efc2 DSH	130	if (bs->certs && certs)
4ca5efc2 DSH	131	sk_X509_free(untrusted);
0f113f3e	132	return ret;
d32f5d87 RL	133
	134	err:
	135	ret = 0;
	136	goto end;
	137	f_err:
	138	ret = -1;
	139	goto end;
0f113f3e MC	140	}
0f113f3e MC	141
ce5886dd	142	int OCSP_resp_get0_signer(OCSP_BASICRESP bs, X509 *signer,
eb48052e	143	STACK_OF(X509) *extra_certs)
ce5886dd BK	144	{
	145	int ret;
	146
	147	ret = ocsp_find_signer(signer, bs, extra_certs, 0);
	148	return (ret > 0) ? 1 : 0;
	149	}
	150
0f113f3e	151	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
a773b52a	152	STACK_OF(X509) *certs, unsigned long flags)
0f113f3e MC	153	{
0f113f3e MC	154	X509 *signer;
a332635e	155	OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
0f113f3e MC	156	if ((signer = ocsp_find_signer_sk(certs, rid))) {
	157	*psigner = signer;
	158	return 2;
	159	}
	160	if (!(flags & OCSP_NOINTERN) &&
	161	(signer = ocsp_find_signer_sk(bs->certs, rid))) {
	162	*psigner = signer;
	163	return 1;
	164	}
	165	/* Maybe lookup from store if by subject name */
	166
	167	*psigner = NULL;
	168	return 0;
	169	}
9b4dc830 DSH	170
9b4dc830 DSH	171	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id)
0f113f3e MC	172	{
	173	int i;
	174	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
	175	X509 *x;
	176
	177	/* Easy if lookup by name */
	178	if (id->type == V_OCSP_RESPID_NAME)
	179	return X509_find_by_subject(certs, id->value.byName);
	180
	181	/* Lookup by key hash */
	182
	183	/* If key hash isn't SHA1 length then forget it */
	184	if (id->value.byKey->length != SHA_DIGEST_LENGTH)
	185	return NULL;
	186	keyhash = id->value.byKey->data;
	187	/* Calculate hash of each key and compare */
	188	for (i = 0; i < sk_X509_num(certs); i++) {
	189	x = sk_X509_value(certs, i);
	190	X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
	191	if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
	192	return x;
	193	}
	194	return NULL;
	195	}
	196
a773b52a	197	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain)
0f113f3e MC	198	{
	199	STACK_OF(OCSP_SINGLERESP) *sresp;
	200	X509 signer, sca;
	201	OCSP_CERTID *caid = NULL;
	202	int i;
a332635e	203	sresp = bs->tbsResponseData.responses;
0f113f3e MC	204
	205	if (sk_X509_num(chain) <= 0) {
	206	OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
	207	return -1;
	208	}
	209
	210	/* See if the issuer IDs match. */
	211	i = ocsp_check_ids(sresp, &caid);
	212
	213	/* If ID mismatch or other error then return */
	214	if (i <= 0)
	215	return i;
	216
	217	signer = sk_X509_value(chain, 0);
	218	/* Check to see if OCSP responder CA matches request CA */
	219	if (sk_X509_num(chain) > 1) {
	220	sca = sk_X509_value(chain, 1);
	221	i = ocsp_match_issuerid(sca, caid, sresp);
	222	if (i < 0)
	223	return i;
	224	if (i) {
	225	/* We have a match, if extensions OK then success */
a773b52a	226	if (ocsp_check_delegated(signer))
0f113f3e MC	227	return 1;
	228	return 0;
	229	}
	230	}
	231
	232	/* Otherwise check if OCSP request signed directly by request CA */
	233	return ocsp_match_issuerid(signer, caid, sresp);
	234	}
	235
	236	/*
	237	* Check the issuer certificate IDs for equality. If there is a mismatch with
	238	* the same algorithm then there's no point trying to match any certificates
	239	* against the issuer. If the issuer IDs all match then we just need to check
	240	* equality against one of them.
e8af92fc	241	*/
0f113f3e	242
e8af92fc	243	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) sresp, OCSP_CERTID *ret)
0f113f3e MC	244	{
	245	OCSP_CERTID tmpid, cid;
	246	int i, idcount;
	247
	248	idcount = sk_OCSP_SINGLERESP_num(sresp);
	249	if (idcount <= 0) {
	250	OCSPerr(OCSP_F_OCSP_CHECK_IDS,
	251	OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
	252	return -1;
	253	}
	254
	255	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
	256
	257	*ret = NULL;
	258
	259	for (i = 1; i < idcount; i++) {
	260	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
	261	/* Check to see if IDs match */
	262	if (OCSP_id_issuer_cmp(cid, tmpid)) {
0d4fb843	263	/* If algorithm mismatch let caller deal with it */
a332635e DSH	264	if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
a332635e DSH	265	cid->hashAlgorithm.algorithm))
0f113f3e MC	266	return 2;
	267	/* Else mismatch */
	268	return 0;
	269	}
	270	}
e8af92fc	271
0f113f3e MC	272	/* All IDs match: only need to check one ID */
	273	*ret = cid;
	274	return 1;
	275	}
e8af92fc DSH	276
e8af92fc DSH	277	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
0f113f3e MC	278	STACK_OF(OCSP_SINGLERESP) *sresp)
	279	{
	280	/* If only one ID to match then do it */
	281	if (cid) {
	282	const EVP_MD *dgst;
8cc86b81	283	const X509_NAME *iname;
0f113f3e MC	284	int mdlen;
0f113f3e MC	285	unsigned char md[EVP_MAX_MD_SIZE];
a332635e	286	if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
75ebbd9a	287	== NULL) {
0f113f3e MC	288	OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
	289	OCSP_R_UNKNOWN_MESSAGE_DIGEST);
	290	return -1;
	291	}
	292
	293	mdlen = EVP_MD_size(dgst);
	294	if (mdlen < 0)
	295	return -1;
af170194 DSH	296	if ((cid->issuerNameHash.length != mdlen) \|\|
af170194 DSH	297	(cid->issuerKeyHash.length != mdlen))
0f113f3e MC	298	return 0;
	299	iname = X509_get_subject_name(cert);
	300	if (!X509_NAME_digest(iname, dgst, md, NULL))
	301	return -1;
af170194	302	if (memcmp(md, cid->issuerNameHash.data, mdlen))
0f113f3e MC	303	return 0;
0f113f3e MC	304	X509_pubkey_digest(cert, dgst, md, NULL);
af170194	305	if (memcmp(md, cid->issuerKeyHash.data, mdlen))
0f113f3e MC	306	return 0;
	307
	308	return 1;
	309
	310	} else {
	311	/* We have to match the whole lot */
	312	int i, ret;
	313	OCSP_CERTID *tmpid;
	314	for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
	315	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
	316	ret = ocsp_match_issuerid(cert, tmpid, NULL);
	317	if (ret <= 0)
	318	return ret;
	319	}
	320	return 1;
	321	}
	322
	323	}
e8af92fc	324
a773b52a	325	static int ocsp_check_delegated(X509 *x)
0f113f3e	326	{
a8d8e06b DSH	327	if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
a8d8e06b DSH	328	&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
0f113f3e MC	329	return 1;
	330	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
	331	return 0;
	332	}
	333
	334	/*
	335	* Verify an OCSP request. This is fortunately much easier than OCSP response
	336	* verify. Just find the signers certificate and verify it against a given
	337	* trust value.
fafc7f98 DSH	338	*/
fafc7f98 DSH	339
0f113f3e MC	340	int OCSP_request_verify(OCSP_REQUEST req, STACK_OF(X509) certs,
	341	X509_STORE *store, unsigned long flags)
	342	{
	343	X509 *signer;
8cc86b81	344	const X509_NAME *nm;
0f113f3e	345	GENERAL_NAME *gen;
f0e0fd51 RS	346	int ret = 0;
	347	X509_STORE_CTX *ctx = X509_STORE_CTX_new();
	348
	349	if (ctx == NULL) {
	350	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE);
	351	goto err;
	352	}
	353
0f113f3e MC	354	if (!req->optionalSignature) {
0f113f3e MC	355	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
f0e0fd51	356	goto err;
0f113f3e	357	}
a332635e	358	gen = req->tbsRequest.requestorName;
0f113f3e MC	359	if (!gen \|\| gen->type != GEN_DIRNAME) {
	360	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
	361	OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
f0e0fd51	362	goto err;
0f113f3e MC	363	}
0f113f3e MC	364	nm = gen->d.directoryName;
a773b52a	365	ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
0f113f3e MC	366	if (ret <= 0) {
	367	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
	368	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
f0e0fd51	369	goto err;
0f113f3e MC	370	}
	371	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
	372	flags \|= OCSP_NOVERIFY;
	373	if (!(flags & OCSP_NOSIGS)) {
	374	EVP_PKEY *skey;
8382fd3a	375	skey = X509_get0_pubkey(signer);
0f113f3e	376	ret = OCSP_REQUEST_verify(req, skey);
0f113f3e MC	377	if (ret <= 0) {
0f113f3e MC	378	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
f0e0fd51	379	goto err;
0f113f3e MC	380	}
	381	}
	382	if (!(flags & OCSP_NOVERIFY)) {
	383	int init_res;
	384	if (flags & OCSP_NOCHAIN)
f0e0fd51	385	init_res = X509_STORE_CTX_init(ctx, store, signer, NULL);
0f113f3e	386	else
f0e0fd51	387	init_res = X509_STORE_CTX_init(ctx, store, signer,
0f113f3e MC	388	req->optionalSignature->certs);
	389	if (!init_res) {
	390	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
f0e0fd51	391	goto err;
fafc7f98 DSH	392	}
fafc7f98 DSH	393
f0e0fd51 RS	394	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
	395	X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
	396	ret = X509_verify_cert(ctx);
0f113f3e	397	if (ret <= 0) {
f0e0fd51	398	ret = X509_STORE_CTX_get_error(ctx);
0f113f3e MC	399	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
	400	OCSP_R_CERTIFICATE_VERIFY_ERROR);
	401	ERR_add_error_data(2, "Verify error:",
	402	X509_verify_cert_error_string(ret));
f0e0fd51	403	goto err;
0f113f3e MC	404	}
0f113f3e MC	405	}
f0e0fd51 RS	406	ret = 1;
	407	goto end;
	408
	409	err:
	410	ret = 0;
	411	end:
	412	X509_STORE_CTX_free(ctx);
	413	return ret;
	414
0f113f3e MC	415	}
	416
	417	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
8cc86b81	418	const X509_NAME nm, STACK_OF(X509) certs,
a773b52a	419	unsigned long flags)
0f113f3e MC	420	{
	421	X509 *signer;
	422	if (!(flags & OCSP_NOINTERN)) {
	423	signer = X509_find_by_subject(req->optionalSignature->certs, nm);
	424	if (signer) {
	425	*psigner = signer;
	426	return 1;
	427	}
	428	}
	429
	430	signer = X509_find_by_subject(certs, nm);
	431	if (signer) {
	432	*psigner = signer;
	433	return 2;
	434	}
	435	return 0;
	436	}