1/*
2 * SSL/TLS interface functions for OpenSSL - BoringSSL OCSP
3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10
11#include <openssl/ssl.h>
12#include <openssl/err.h>
13#include <openssl/x509v3.h>
14#ifdef OPENSSL_IS_BORINGSSL
15#include <openssl/asn1.h>
16#include <openssl/asn1t.h>
17#endif /* OPENSSL_IS_BORINGSSL */
18
19#include "common.h"
20#include "tls_openssl.h"
21
22
23#ifdef OPENSSL_IS_BORINGSSL
24
25static void tls_show_errors(int level, const char *func, const char *txt)
26{
27	unsigned long err;
28
29	wpa_printf(level, "OpenSSL: %s - %s %s",
30		   func, txt, ERR_error_string(ERR_get_error(), NULL));
31
32	while ((err = ERR_get_error())) {
33		wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
34			   ERR_error_string(err, NULL));
35	}
36}
37
38
39/*
40 * CertID ::= SEQUENCE {
41 *     hashAlgorithm      AlgorithmIdentifier,
42 *     issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
43 *     issuerKeyHash      OCTET STRING, -- Hash of Issuer's public key
44 *     serialNumber       CertificateSerialNumber }
45 */
46typedef struct {
47	X509_ALGOR *hashAlgorithm;
48	ASN1_OCTET_STRING *issuerNameHash;
49	ASN1_OCTET_STRING *issuerKeyHash;
50	ASN1_INTEGER *serialNumber;
51} CertID;
52
53/*
54 * ResponseBytes ::=       SEQUENCE {
55 *     responseType   OBJECT IDENTIFIER,
56 *     response       OCTET STRING }
57 */
58typedef struct {
59	ASN1_OBJECT *responseType;
60	ASN1_OCTET_STRING *response;
61} ResponseBytes;
62
63/*
64 * OCSPResponse ::= SEQUENCE {
65 *    responseStatus         OCSPResponseStatus,
66 *    responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
67 */
68typedef struct {
69	ASN1_ENUMERATED *responseStatus;
70	ResponseBytes *responseBytes;
71} OCSPResponse;
72
73ASN1_SEQUENCE(ResponseBytes) = {
74	ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
75	ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
76} ASN1_SEQUENCE_END(ResponseBytes);
77
78ASN1_SEQUENCE(OCSPResponse) = {
79	ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
80	ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
81} ASN1_SEQUENCE_END(OCSPResponse);
82
83IMPLEMENT_ASN1_FUNCTIONS(OCSPResponse);
84
85/*
86 * ResponderID ::= CHOICE {
87 *    byName               [1] Name,
88 *    byKey                [2] KeyHash }
89 */
90typedef struct {
91	int type;
92	union {
93		X509_NAME *byName;
94		ASN1_OCTET_STRING *byKey;
95	} value;
96} ResponderID;
97
98/*
99 * RevokedInfo ::= SEQUENCE {
100 *     revocationTime              GeneralizedTime,
101 *     revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
102 */
103typedef struct {
104	ASN1_GENERALIZEDTIME *revocationTime;
105	ASN1_ENUMERATED *revocationReason;
106} RevokedInfo;
107
108/*
109 * CertStatus ::= CHOICE {
110 *     good        [0]     IMPLICIT NULL,
111 *     revoked     [1]     IMPLICIT RevokedInfo,
112 *     unknown     [2]     IMPLICIT UnknownInfo }
113 */
114typedef struct {
115	int type;
116	union {
117		ASN1_NULL *good;
118		RevokedInfo *revoked;
119		ASN1_NULL *unknown;
120	} value;
121} CertStatus;
122
123/*
124 * SingleResponse ::= SEQUENCE {
125 *    certID                       CertID,
126 *    certStatus                   CertStatus,
127 *    thisUpdate                   GeneralizedTime,
128 *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
129 *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
130 */
131typedef struct {
132	CertID *certID;
133	CertStatus *certStatus;
134	ASN1_GENERALIZEDTIME *thisUpdate;
135	ASN1_GENERALIZEDTIME *nextUpdate;
136	STACK_OF(X509_EXTENSION) *singleExtensions;
137} SingleResponse;
138
139/*
140 * ResponseData ::= SEQUENCE {
141 *   version              [0] EXPLICIT Version DEFAULT v1,
142 *   responderID              ResponderID,
143 *   producedAt               GeneralizedTime,
144 *   responses                SEQUENCE OF SingleResponse,
145 *   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
146 */
147typedef struct {
148	ASN1_INTEGER *version;
149	ResponderID *responderID;
150	ASN1_GENERALIZEDTIME *producedAt;
151	STACK_OF(SingleResponse) *responses;
152	STACK_OF(X509_EXTENSION) *responseExtensions;
153} ResponseData;
154
155/*
156 * BasicOCSPResponse       ::= SEQUENCE {
157 *   tbsResponseData      ResponseData,
158 *   signatureAlgorithm   AlgorithmIdentifier,
159 *   signature            BIT STRING,
160 *   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
161 */
162typedef struct {
163	ResponseData *tbsResponseData;
164	X509_ALGOR *signatureAlgorithm;
165	ASN1_BIT_STRING *signature;
166	STACK_OF(X509) *certs;
167} BasicOCSPResponse;
168
169ASN1_SEQUENCE(CertID) = {
170	ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
171	ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
172	ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
173	ASN1_SIMPLE(CertID, serialNumber, ASN1_INTEGER)
174} ASN1_SEQUENCE_END(CertID);
175
176ASN1_CHOICE(ResponderID) = {
177	ASN1_EXP(ResponderID, value.byName, X509_NAME, 1),
178	ASN1_EXP(ResponderID, value.byKey, ASN1_OCTET_STRING, 2)
179} ASN1_CHOICE_END(ResponderID);
180
181ASN1_SEQUENCE(RevokedInfo) = {
182	ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
183	ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
184} ASN1_SEQUENCE_END(RevokedInfo);
185
186ASN1_CHOICE(CertStatus) = {
187	ASN1_IMP(CertStatus, value.good, ASN1_NULL, 0),
188	ASN1_IMP(CertStatus, value.revoked, RevokedInfo, 1),
189	ASN1_IMP(CertStatus, value.unknown, ASN1_NULL, 2)
190} ASN1_CHOICE_END(CertStatus);
191
192ASN1_SEQUENCE(SingleResponse) = {
193	ASN1_SIMPLE(SingleResponse, certID, CertID),
194	ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
195	ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
196	ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
197	ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions,
198				 X509_EXTENSION, 1)
199} ASN1_SEQUENCE_END(SingleResponse);
200
201ASN1_SEQUENCE(ResponseData) = {
202	ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
203	ASN1_SIMPLE(ResponseData, responderID, ResponderID),
204	ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
205	ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
206	ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions,
207				 X509_EXTENSION, 1)
208} ASN1_SEQUENCE_END(ResponseData);
209
210ASN1_SEQUENCE(BasicOCSPResponse) = {
211	ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
212	ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
213	ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
214	ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
215} ASN1_SEQUENCE_END(BasicOCSPResponse);
216
217IMPLEMENT_ASN1_FUNCTIONS(BasicOCSPResponse);
218
219#define sk_SingleResponse_num(sk) \
220sk_num(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk))
221
222#define sk_SingleResponse_value(sk, i) \
223	((SingleResponse *)						\
224	 sk_value(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk), (i)))
225
226
227static char * mem_bio_to_str(BIO *out)
228{
229	char *txt;
230	size_t rlen;
231	int res;
232
233	rlen = BIO_ctrl_pending(out);
234	txt = os_malloc(rlen + 1);
235	if (!txt) {
236		BIO_free(out);
237		return NULL;
238	}
239
240	res = BIO_read(out, txt, rlen);
241	BIO_free(out);
242	if (res < 0) {
243		os_free(txt);
244		return NULL;
245	}
246
247	txt[res] = '\0';
248	return txt;
249}
250
251
252static char * generalizedtime_str(ASN1_GENERALIZEDTIME *t)
253{
254	BIO *out;
255
256	out = BIO_new(BIO_s_mem());
257	if (!out)
258		return NULL;
259
260	if (!ASN1_GENERALIZEDTIME_print(out, t)) {
261		BIO_free(out);
262		return NULL;
263	}
264
265	return mem_bio_to_str(out);
266}
267
268
269static char * responderid_str(ResponderID *rid)
270{
271	BIO *out;
272
273	out = BIO_new(BIO_s_mem());
274	if (!out)
275		return NULL;
276
277	switch (rid->type) {
278	case 0:
279		X509_NAME_print_ex(out, rid->value.byName, 0, XN_FLAG_ONELINE);
280		break;
281	case 1:
282		i2a_ASN1_STRING(out, rid->value.byKey, V_ASN1_OCTET_STRING);
283		break;
284	default:
285		BIO_free(out);
286		return NULL;
287	}
288
289	return mem_bio_to_str(out);
290}
291
292
293static char * octet_string_str(ASN1_OCTET_STRING *o)
294{
295	BIO *out;
296
297	out = BIO_new(BIO_s_mem());
298	if (!out)
299		return NULL;
300
301	i2a_ASN1_STRING(out, o, V_ASN1_OCTET_STRING);
302	return mem_bio_to_str(out);
303}
304
305
306static char * integer_str(ASN1_INTEGER *i)
307{
308	BIO *out;
309
310	out = BIO_new(BIO_s_mem());
311	if (!out)
312		return NULL;
313
314	i2a_ASN1_INTEGER(out, i);
315	return mem_bio_to_str(out);
316}
317
318
319static char * algor_str(X509_ALGOR *alg)
320{
321	BIO *out;
322
323	out = BIO_new(BIO_s_mem());
324	if (!out)
325		return NULL;
326
327	i2a_ASN1_OBJECT(out, alg->algorithm);
328	return mem_bio_to_str(out);
329}
330
331
332static char * extensions_str(const char *title, STACK_OF(X509_EXTENSION) *ext)
333{
334	BIO *out;
335
336	if (!ext)
337		return NULL;
338
339	out = BIO_new(BIO_s_mem());
340	if (!out)
341		return NULL;
342
343	if (!X509V3_extensions_print(out, title, ext, 0, 0)) {
344		BIO_free(out);
345		return NULL;
346	}
347	return mem_bio_to_str(out);
348}
349
350
351static int ocsp_resp_valid(ASN1_GENERALIZEDTIME *thisupd,
352			   ASN1_GENERALIZEDTIME *nextupd)
353{
354	time_t now, tmp;
355
356	if (!ASN1_GENERALIZEDTIME_check(thisupd)) {
357		wpa_printf(MSG_DEBUG,
358			   "OpenSSL: Invalid OCSP response thisUpdate");
359		return 0;
360	}
361
362	time(&now);
363	tmp = now + 5 * 60; /* allow five minute clock difference */
364	if (X509_cmp_time(thisupd, &tmp) > 0) {
365		wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response not yet valid");
366		return 0;
367	}
368
369	if (!nextupd)
370		return 1; /* OK - no limit on response age */
371
372	if (!ASN1_GENERALIZEDTIME_check(nextupd)) {
373		wpa_printf(MSG_DEBUG,
374			   "OpenSSL: Invalid OCSP response nextUpdate");
375		return 0;
376	}
377
378	tmp = now - 5 * 60; /* allow five minute clock difference */
379	if (X509_cmp_time(nextupd, &tmp) < 0) {
380		wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response expired");
381		return 0;
382	}
383
384	if (ASN1_STRING_cmp(nextupd, thisupd) < 0) {
385		wpa_printf(MSG_DEBUG,
386			   "OpenSSL: OCSP response nextUpdate before thisUpdate");
387		return 0;
388	}
389
390	/* Both thisUpdate and nextUpdate are valid */
391	return -1;
392}
393
394
395static int issuer_match(X509 *cert, X509 *issuer, CertID *certid)
396{
397	X509_NAME *iname;
398	ASN1_BIT_STRING *ikey;
399	const EVP_MD *dgst;
400	unsigned int len;
401	unsigned char md[EVP_MAX_MD_SIZE];
402	ASN1_OCTET_STRING *hash;
403	char *txt;
404
405	dgst = EVP_get_digestbyobj(certid->hashAlgorithm->algorithm);
406	if (!dgst) {
407		wpa_printf(MSG_DEBUG,
408			   "OpenSSL: Could not find matching hash algorithm for OCSP");
409		return -1;
410	}
411
412	iname = X509_get_issuer_name(cert);
413	if (!X509_NAME_digest(iname, dgst, md, &len))
414		return -1;
415	hash = ASN1_OCTET_STRING_new();
416	if (!hash)
417		return -1;
418	if (!ASN1_OCTET_STRING_set(hash, md, len)) {
419		ASN1_OCTET_STRING_free(hash);
420		return -1;
421	}
422
423	txt = octet_string_str(hash);
424	if (txt) {
425		wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerNameHash: %s",
426			   txt);
427		os_free(txt);
428	}
429
430	if (ASN1_OCTET_STRING_cmp(certid->issuerNameHash, hash)) {
431		ASN1_OCTET_STRING_free(hash);
432		return -1;
433	}
434
435	ikey = X509_get0_pubkey_bitstr(issuer);
436	if (!ikey ||
437	    !EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) ||
438	    !ASN1_OCTET_STRING_set(hash, md, len)) {
439		ASN1_OCTET_STRING_free(hash);
440		return -1;
441	}
442
443	txt = octet_string_str(hash);
444	if (txt) {
445		wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerKeyHash: %s",
446			   txt);
447		os_free(txt);
448	}
449
450	if (ASN1_OCTET_STRING_cmp(certid->issuerKeyHash, hash)) {
451		ASN1_OCTET_STRING_free(hash);
452		return -1;
453	}
454
455	ASN1_OCTET_STRING_free(hash);
456	return 0;
457}
458
459
460static X509 * ocsp_find_signer(STACK_OF(X509) *certs, ResponderID *rid)
461{
462	unsigned int i;
463	unsigned char hash[SHA_DIGEST_LENGTH];
464
465	if (rid->type == 0) {
466		/* byName */
467		return X509_find_by_subject(certs, rid->value.byName);
468	}
469
470	/* byKey */
471	if (rid->value.byKey->length != SHA_DIGEST_LENGTH)
472		return NULL;
473	for (i = 0; i < sk_X509_num(certs); i++) {
474		X509 *x = sk_X509_value(certs, i);
475
476		X509_pubkey_digest(x, EVP_sha1(), hash, NULL);
477		if (os_memcmp(rid->value.byKey->data, hash,
478			      SHA_DIGEST_LENGTH) == 0)
479			return x;
480	}
481
482	return NULL;
483}
484
485
486enum ocsp_result check_ocsp_resp(SSL_CTX *ssl_ctx, SSL *ssl, X509 *cert,
487				 X509 *issuer, X509 *issuer_issuer)
488{
489	const uint8_t *resp_data;
490	size_t resp_len;
491	OCSPResponse *resp;
492	int status;
493	ResponseBytes *bytes;
494	const u8 *basic_data;
495	size_t basic_len;
496	BasicOCSPResponse *basic;
497	ResponseData *rd;
498	char *txt;
499	int i, num;
500	unsigned int j, num_resp;
501	SingleResponse *matching_resp = NULL, *cmp_sresp;
502	enum ocsp_result result = OCSP_INVALID;
503	X509_STORE *store;
504	STACK_OF(X509) *untrusted = NULL, *certs = NULL, *chain = NULL;
505	X509_STORE_CTX ctx;
506	X509 *signer, *tmp_cert;
507	int signer_trusted = 0;
508	EVP_PKEY *skey;
509	int ret;
510	char buf[256];
511
512	txt = integer_str(X509_get_serialNumber(cert));
513	if (txt) {
514		wpa_printf(MSG_DEBUG,
515			   "OpenSSL: Searching OCSP response for peer certificate serialNumber: %s", txt);
516		os_free(txt);
517	}
518
519	SSL_get0_ocsp_response(ssl, &resp_data, &resp_len);
520	if (resp_data == NULL || resp_len == 0) {
521		wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
522		return OCSP_NO_RESPONSE;
523	}
524
525	wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", resp_data, resp_len);
526
527	resp = d2i_OCSPResponse(NULL, &resp_data, resp_len);
528	if (!resp) {
529		wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSPResponse");
530		return OCSP_INVALID;
531	}
532
533	status = ASN1_ENUMERATED_get(resp->responseStatus);
534	if (status != 0) {
535		wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d",
536			   status);
537		return OCSP_INVALID;
538	}
539
540	bytes = resp->responseBytes;
541
542	if (!bytes ||
543	    OBJ_obj2nid(bytes->responseType) != NID_id_pkix_OCSP_basic) {
544		wpa_printf(MSG_INFO,
545			   "OpenSSL: Could not find BasicOCSPResponse");
546		return OCSP_INVALID;
547	}
548
549	basic_data = ASN1_STRING_data(bytes->response);
550	basic_len = ASN1_STRING_length(bytes->response);
551	wpa_hexdump(MSG_DEBUG, "OpenSSL: BasicOCSPResponse",
552		    basic_data, basic_len);
553
554	basic = d2i_BasicOCSPResponse(NULL, &basic_data, basic_len);
555	if (!basic) {
556		wpa_printf(MSG_INFO,
557			   "OpenSSL: Could not parse BasicOCSPResponse");
558		OCSPResponse_free(resp);
559		return OCSP_INVALID;
560	}
561
562	rd = basic->tbsResponseData;
563
564	if (basic->certs) {
565		untrusted = sk_X509_dup(basic->certs);
566		if (!untrusted)
567			goto fail;
568
569		num = sk_X509_num(basic->certs);
570		for (i = 0; i < num; i++) {
571			X509 *extra_cert;
572
573			extra_cert = sk_X509_value(basic->certs, i);
574			X509_NAME_oneline(X509_get_subject_name(extra_cert),
575					  buf, sizeof(buf));
576			wpa_printf(MSG_DEBUG,
577				   "OpenSSL: BasicOCSPResponse cert %s", buf);
578
579			if (!sk_X509_push(untrusted, extra_cert)) {
580				wpa_printf(MSG_DEBUG,
581					   "OpenSSL: Could not add certificate to the untrusted stack");
582			}
583		}
584	}
585
586	store = SSL_CTX_get_cert_store(ssl_ctx);
587	if (issuer) {
588		if (X509_STORE_add_cert(store, issuer) != 1) {
589			tls_show_errors(MSG_INFO, __func__,
590					"OpenSSL: Could not add issuer to certificate store");
591		}
592		certs = sk_X509_new_null();
593		if (certs) {
594			tmp_cert = X509_dup(issuer);
595			if (tmp_cert && !sk_X509_push(certs, tmp_cert)) {
596				tls_show_errors(
597					MSG_INFO, __func__,
598					"OpenSSL: Could not add issuer to OCSP responder trust store");
599				X509_free(tmp_cert);
600				sk_X509_free(certs);
601				certs = NULL;
602			}
603			if (certs && issuer_issuer) {
604				tmp_cert = X509_dup(issuer_issuer);
605				if (tmp_cert &&
606				    !sk_X509_push(certs, tmp_cert)) {
607					tls_show_errors(
608						MSG_INFO, __func__,
609						"OpenSSL: Could not add issuer's issuer to OCSP responder trust store");
610					X509_free(tmp_cert);
611				}
612			}
613		}
614	}
615
616	signer = ocsp_find_signer(certs, rd->responderID);
617	if (!signer)
618		signer = ocsp_find_signer(untrusted, rd->responderID);
619	else
620		signer_trusted = 1;
621	if (!signer) {
622		wpa_printf(MSG_DEBUG,
623			   "OpenSSL: Could not find OCSP signer certificate");
624		goto fail;
625	}
626
627	skey = X509_get_pubkey(signer);
628	if (!skey) {
629		wpa_printf(MSG_DEBUG,
630			   "OpenSSL: Could not get OCSP signer public key");
631		goto fail;
632	}
633	if (ASN1_item_verify(ASN1_ITEM_rptr(ResponseData),
634			     basic->signatureAlgorithm, basic->signature,
635			     basic->tbsResponseData, skey) <= 0) {
636		wpa_printf(MSG_DEBUG,
637			   "OpenSSL: BasicOCSPResponse signature is invalid");
638		goto fail;
639	}
640
641	X509_NAME_oneline(X509_get_subject_name(signer), buf, sizeof(buf));
642	wpa_printf(MSG_DEBUG,
643		   "OpenSSL: Found OCSP signer certificate %s and verified BasicOCSPResponse signature",
644		   buf);
645
646	if (!X509_STORE_CTX_init(&ctx, store, signer, untrusted))
647		goto fail;
648	X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
649	ret = X509_verify_cert(&ctx);
650	chain = X509_STORE_CTX_get1_chain(&ctx);
651	X509_STORE_CTX_cleanup(&ctx);
652	if (ret <= 0) {
653		wpa_printf(MSG_DEBUG,
654			   "OpenSSL: Could not validate OCSP signer certificate");
655		goto fail;
656	}
657
658	if (!chain || sk_X509_num(chain) <= 0) {
659		wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP signer chain found");
660		goto fail;
661	}
662
663	if (!signer_trusted) {
664		X509_check_purpose(signer, -1, 0);
665		if ((signer->ex_flags & EXFLAG_XKUSAGE) &&
666		    (signer->ex_xkusage & XKU_OCSP_SIGN)) {
667			wpa_printf(MSG_DEBUG,
668				   "OpenSSL: OCSP signer certificate delegation OK");
669		} else {
670			tmp_cert = sk_X509_value(chain, sk_X509_num(chain) - 1);
671			if (X509_check_trust(tmp_cert, NID_OCSP_sign, 0) !=
672			    X509_TRUST_TRUSTED) {
673				wpa_printf(MSG_DEBUG,
674					   "OpenSSL: OCSP signer certificate not trusted");
675				result = OCSP_NO_RESPONSE;
676				goto fail;
677			}
678		}
679	}
680
681	wpa_printf(MSG_DEBUG, "OpenSSL: OCSP version: %lu",
682		   ASN1_INTEGER_get(rd->version));
683
684	txt = responderid_str(rd->responderID);
685	if (txt) {
686		wpa_printf(MSG_DEBUG, "OpenSSL: OCSP responderID: %s",
687			   txt);
688		os_free(txt);
689	}
690
691	txt = generalizedtime_str(rd->producedAt);
692	if (txt) {
693		wpa_printf(MSG_DEBUG, "OpenSSL: OCSP producedAt: %s",
694			   txt);
695		os_free(txt);
696	}
697
698	num_resp = sk_SingleResponse_num(rd->responses);
699	if (num_resp == 0) {
700		wpa_printf(MSG_DEBUG,
701			   "OpenSSL: No OCSP SingleResponse within BasicOCSPResponse");
702		result = OCSP_NO_RESPONSE;
703		goto fail;
704	}
705	cmp_sresp = sk_SingleResponse_value(rd->responses, 0);
706	for (j = 0; j < num_resp; j++) {
707		SingleResponse *sresp;
708		CertID *cid1, *cid2;
709
710		sresp = sk_SingleResponse_value(rd->responses, j);
711		wpa_printf(MSG_DEBUG, "OpenSSL: OCSP SingleResponse %u/%u",
712			   j + 1, num_resp);
713
714		txt = algor_str(sresp->certID->hashAlgorithm);
715		if (txt) {
716			wpa_printf(MSG_DEBUG,
717				   "OpenSSL: certID hashAlgorithm: %s", txt);
718			os_free(txt);
719		}
720
721		txt = octet_string_str(sresp->certID->issuerNameHash);
722		if (txt) {
723			wpa_printf(MSG_DEBUG,
724				   "OpenSSL: certID issuerNameHash: %s", txt);
725			os_free(txt);
726		}
727
728		txt = octet_string_str(sresp->certID->issuerKeyHash);
729		if (txt) {
730			wpa_printf(MSG_DEBUG,
731				   "OpenSSL: certID issuerKeyHash: %s", txt);
732			os_free(txt);
733		}
734
735		txt = integer_str(sresp->certID->serialNumber);
736		if (txt) {
737			wpa_printf(MSG_DEBUG,
738				   "OpenSSL: certID serialNumber: %s", txt);
739			os_free(txt);
740		}
741
742		switch (sresp->certStatus->type) {
743		case 0:
744			wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: good");
745			break;
746		case 1:
747			wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: revoked");
748			break;
749		default:
750			wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: unknown");
751			break;
752		}
753
754		txt = generalizedtime_str(sresp->thisUpdate);
755		if (txt) {
756			wpa_printf(MSG_DEBUG, "OpenSSL: thisUpdate: %s", txt);
757			os_free(txt);
758		}
759
760		if (sresp->nextUpdate) {
761			txt = generalizedtime_str(sresp->nextUpdate);
762			if (txt) {
763				wpa_printf(MSG_DEBUG, "OpenSSL: nextUpdate: %s",
764					   txt);
765				os_free(txt);
766			}
767		}
768
769		txt = extensions_str("singleExtensions",
770				     sresp->singleExtensions);
771		if (txt) {
772			wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt);
773			os_free(txt);
774		}
775
776		cid1 = cmp_sresp->certID;
777		cid2 = sresp->certID;
778		if (j > 0 &&
779		    (OBJ_cmp(cid1->hashAlgorithm->algorithm,
780			     cid2->hashAlgorithm->algorithm) != 0 ||
781		     ASN1_OCTET_STRING_cmp(cid1->issuerNameHash,
782					   cid2->issuerNameHash) != 0 ||
783		     ASN1_OCTET_STRING_cmp(cid1->issuerKeyHash,
784					   cid2->issuerKeyHash) != 0)) {
785			wpa_printf(MSG_DEBUG,
786				   "OpenSSL: Different OCSP response issuer information between SingleResponse values within BasicOCSPResponse");
787			goto fail;
788		}
789
790		if (!matching_resp && issuer &&
791		    ASN1_INTEGER_cmp(sresp->certID->serialNumber,
792				     X509_get_serialNumber(cert)) == 0 &&
793		    issuer_match(cert, issuer, sresp->certID) == 0) {
794			wpa_printf(MSG_DEBUG,
795				   "OpenSSL: This response matches peer certificate");
796			matching_resp = sresp;
797		}
798	}
799
800	txt = extensions_str("responseExtensions", rd->responseExtensions);
801	if (txt) {
802		wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt);
803		os_free(txt);
804	}
805
806	if (!matching_resp) {
807		wpa_printf(MSG_DEBUG,
808			   "OpenSSL: Could not find OCSP response that matches the peer certificate");
809		result = OCSP_NO_RESPONSE;
810		goto fail;
811	}
812
813	if (!ocsp_resp_valid(matching_resp->thisUpdate,
814			     matching_resp->nextUpdate)) {
815		wpa_printf(MSG_DEBUG,
816			   "OpenSSL: OCSP response not valid at this time");
817		goto fail;
818	}
819
820	if (matching_resp->certStatus->type == 1) {
821		wpa_printf(MSG_DEBUG,
822			   "OpenSSL: OCSP response indicated that the peer certificate has been revoked");
823		result = OCSP_REVOKED;
824		goto fail;
825	}
826
827	if (matching_resp->certStatus->type != 0) {
828		wpa_printf(MSG_DEBUG,
829			   "OpenSSL: OCSP response did not indicate good status");
830		result = OCSP_NO_RESPONSE;
831		goto fail;
832	}
833
834	/* OCSP response indicated the certificate is good. */
835	result = OCSP_GOOD;
836fail:
837	sk_X509_pop_free(chain, X509_free);
838	sk_X509_free(untrusted);
839	sk_X509_pop_free(certs, X509_free);
840	BasicOCSPResponse_free(basic);
841	OCSPResponse_free(resp);
842
843	return result;
844}
845
846#endif /* OPENSSL_IS_BORINGSSL */
847