Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

ocsp_vfy.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago
prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新 ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新以下のOSSをアップデート・mruby-1.3.0 ・musl-1.1.18 ・onigmo-6.1.3 ・tcc-0.9.27 以下のOSSを追加・openssl-1.1.0e ・curl-7.57.0 ・zlib-1.2.11 以下のmrbgemsを追加・iij/mruby-digest ・iij/mruby-env ・iij/mruby-errno ・iij/mruby-iijson ・iij/mruby-ipaddr ・iij/mruby-mock ・iij/mruby-require ・iij/mruby-tls-openssl
Property svn:eol-style set to `native` Property svn:mime-type set to `text/x-csrc`
File size: 12.7 KB

Line
1	/*
2	* Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <openssl/ocsp.h>
11	#include "ocsp_lcl.h"
12	#include <openssl/err.h>
13	#include <string.h>
14
15	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
16	STACK_OF(X509) *certs, unsigned long flags);
17	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id);
18	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain);
19	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
20	OCSP_CERTID **ret);
21	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
22	STACK_OF(OCSP_SINGLERESP) *sresp);
23	static int ocsp_check_delegated(X509 *x);
24	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
25	X509_NAME nm, STACK_OF(X509) certs,
26	unsigned long flags);
27
28	/* Verify a basic response message */
29
30	int OCSP_basic_verify(OCSP_BASICRESP bs, STACK_OF(X509) certs,
31	X509_STORE *st, unsigned long flags)
32	{
33	X509 signer, x;
34	STACK_OF(X509) *chain = NULL;
35	STACK_OF(X509) *untrusted = NULL;
36	X509_STORE_CTX *ctx = NULL;
37	int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
38
39	if (!ret) {
40	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
41	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
42	goto end;
43	}
44	ctx = X509_STORE_CTX_new();
45	if (ctx == NULL) {
46	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
47	goto f_err;
48	}
49	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
50	flags \|= OCSP_NOVERIFY;
51	if (!(flags & OCSP_NOSIGS)) {
52	EVP_PKEY *skey;
53	skey = X509_get0_pubkey(signer);
54	if (skey == NULL) {
55	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);
56	goto err;
57	}
58	ret = OCSP_BASICRESP_verify(bs, skey, 0);
59	if (ret <= 0) {
60	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
61	goto end;
62	}
63	}
64	if (!(flags & OCSP_NOVERIFY)) {
65	int init_res;
66	if (flags & OCSP_NOCHAIN) {
67	untrusted = NULL;
68	} else if (bs->certs && certs) {
69	untrusted = sk_X509_dup(bs->certs);
70	for (i = 0; i < sk_X509_num(certs); i++) {
71	if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
72	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
73	goto f_err;
74	}
75	}
76	} else {
77	untrusted = bs->certs;
78	}
79	init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);
80	if (!init_res) {
81	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
82	goto f_err;
83	}
84
85	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
86	ret = X509_verify_cert(ctx);
87	chain = X509_STORE_CTX_get1_chain(ctx);
88	if (ret <= 0) {
89	i = X509_STORE_CTX_get_error(ctx);
90	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
91	OCSP_R_CERTIFICATE_VERIFY_ERROR);
92	ERR_add_error_data(2, "Verify error:",
93	X509_verify_cert_error_string(i));
94	goto end;
95	}
96	if (flags & OCSP_NOCHECKS) {
97	ret = 1;
98	goto end;
99	}
100	/*
101	* At this point we have a valid certificate chain need to verify it
102	* against the OCSP issuer criteria.
103	*/
104	ret = ocsp_check_issuer(bs, chain);
105
106	/* If fatal error or valid match then finish */
107	if (ret != 0)
108	goto end;
109
110	/*
111	* Easy case: explicitly trusted. Get root CA and check for explicit
112	* trust
113	*/
114	if (flags & OCSP_NOEXPLICIT)
115	goto end;
116
117	x = sk_X509_value(chain, sk_X509_num(chain) - 1);
118	if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
119	OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
120	goto err;
121	}
122	ret = 1;
123	}
124	end:
125	X509_STORE_CTX_free(ctx);
126	sk_X509_pop_free(chain, X509_free);
127	if (bs->certs && certs)
128	sk_X509_free(untrusted);
129	return ret;
130
131	err:
132	ret = 0;
133	goto end;
134	f_err:
135	ret = -1;
136	goto end;
137	}
138
139	static int ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs,
140	STACK_OF(X509) *certs, unsigned long flags)
141	{
142	X509 *signer;
143	OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
144	if ((signer = ocsp_find_signer_sk(certs, rid))) {
145	*psigner = signer;
146	return 2;
147	}
148	if (!(flags & OCSP_NOINTERN) &&
149	(signer = ocsp_find_signer_sk(bs->certs, rid))) {
150	*psigner = signer;
151	return 1;
152	}
153	/* Maybe lookup from store if by subject name */
154
155	*psigner = NULL;
156	return 0;
157	}
158
159	static X509 ocsp_find_signer_sk(STACK_OF(X509) certs, OCSP_RESPID *id)
160	{
161	int i;
162	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
163	X509 *x;
164
165	/* Easy if lookup by name */
166	if (id->type == V_OCSP_RESPID_NAME)
167	return X509_find_by_subject(certs, id->value.byName);
168
169	/* Lookup by key hash */
170
171	/* If key hash isn't SHA1 length then forget it */
172	if (id->value.byKey->length != SHA_DIGEST_LENGTH)
173	return NULL;
174	keyhash = id->value.byKey->data;
175	/* Calculate hash of each key and compare */
176	for (i = 0; i < sk_X509_num(certs); i++) {
177	x = sk_X509_value(certs, i);
178	X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
179	if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
180	return x;
181	}
182	return NULL;
183	}
184
185	static int ocsp_check_issuer(OCSP_BASICRESP bs, STACK_OF(X509) chain)
186	{
187	STACK_OF(OCSP_SINGLERESP) *sresp;
188	X509 signer, sca;
189	OCSP_CERTID *caid = NULL;
190	int i;
191	sresp = bs->tbsResponseData.responses;
192
193	if (sk_X509_num(chain) <= 0) {
194	OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
195	return -1;
196	}
197
198	/* See if the issuer IDs match. */
199	i = ocsp_check_ids(sresp, &caid);
200
201	/* If ID mismatch or other error then return */
202	if (i <= 0)
203	return i;
204
205	signer = sk_X509_value(chain, 0);
206	/* Check to see if OCSP responder CA matches request CA */
207	if (sk_X509_num(chain) > 1) {
208	sca = sk_X509_value(chain, 1);
209	i = ocsp_match_issuerid(sca, caid, sresp);
210	if (i < 0)
211	return i;
212	if (i) {
213	/* We have a match, if extensions OK then success */
214	if (ocsp_check_delegated(signer))
215	return 1;
216	return 0;
217	}
218	}
219
220	/* Otherwise check if OCSP request signed directly by request CA */
221	return ocsp_match_issuerid(signer, caid, sresp);
222	}
223
224	/*
225	* Check the issuer certificate IDs for equality. If there is a mismatch with
226	* the same algorithm then there's no point trying to match any certificates
227	* against the issuer. If the issuer IDs all match then we just need to check
228	* equality against one of them.
229	*/
230
231	static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) sresp, OCSP_CERTID *ret)
232	{
233	OCSP_CERTID tmpid, cid;
234	int i, idcount;
235
236	idcount = sk_OCSP_SINGLERESP_num(sresp);
237	if (idcount <= 0) {
238	OCSPerr(OCSP_F_OCSP_CHECK_IDS,
239	OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
240	return -1;
241	}
242
243	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
244
245	*ret = NULL;
246
247	for (i = 1; i < idcount; i++) {
248	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
249	/* Check to see if IDs match */
250	if (OCSP_id_issuer_cmp(cid, tmpid)) {
251	/* If algorithm mismatch let caller deal with it */
252	if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
253	cid->hashAlgorithm.algorithm))
254	return 2;
255	/* Else mismatch */
256	return 0;
257	}
258	}
259
260	/* All IDs match: only need to check one ID */
261	*ret = cid;
262	return 1;
263	}
264
265	static int ocsp_match_issuerid(X509 cert, OCSP_CERTID cid,
266	STACK_OF(OCSP_SINGLERESP) *sresp)
267	{
268	/* If only one ID to match then do it */
269	if (cid) {
270	const EVP_MD *dgst;
271	X509_NAME *iname;
272	int mdlen;
273	unsigned char md[EVP_MAX_MD_SIZE];
274	if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
275	== NULL) {
276	OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
277	OCSP_R_UNKNOWN_MESSAGE_DIGEST);
278	return -1;
279	}
280
281	mdlen = EVP_MD_size(dgst);
282	if (mdlen < 0)
283	return -1;
284	if ((cid->issuerNameHash.length != mdlen) \|\|
285	(cid->issuerKeyHash.length != mdlen))
286	return 0;
287	iname = X509_get_subject_name(cert);
288	if (!X509_NAME_digest(iname, dgst, md, NULL))
289	return -1;
290	if (memcmp(md, cid->issuerNameHash.data, mdlen))
291	return 0;
292	X509_pubkey_digest(cert, dgst, md, NULL);
293	if (memcmp(md, cid->issuerKeyHash.data, mdlen))
294	return 0;
295
296	return 1;
297
298	} else {
299	/* We have to match the whole lot */
300	int i, ret;
301	OCSP_CERTID *tmpid;
302	for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
303	tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
304	ret = ocsp_match_issuerid(cert, tmpid, NULL);
305	if (ret <= 0)
306	return ret;
307	}
308	return 1;
309	}
310
311	}
312
313	static int ocsp_check_delegated(X509 *x)
314	{
315	if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
316	&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
317	return 1;
318	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
319	return 0;
320	}
321
322	/*
323	* Verify an OCSP request. This is fortunately much easier than OCSP response
324	* verify. Just find the signers certificate and verify it against a given
325	* trust value.
326	*/
327
328	int OCSP_request_verify(OCSP_REQUEST req, STACK_OF(X509) certs,
329	X509_STORE *store, unsigned long flags)
330	{
331	X509 *signer;
332	X509_NAME *nm;
333	GENERAL_NAME *gen;
334	int ret = 0;
335	X509_STORE_CTX *ctx = X509_STORE_CTX_new();
336
337	if (ctx == NULL) {
338	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE);
339	goto err;
340	}
341
342	if (!req->optionalSignature) {
343	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
344	goto err;
345	}
346	gen = req->tbsRequest.requestorName;
347	if (!gen \|\| gen->type != GEN_DIRNAME) {
348	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
349	OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
350	goto err;
351	}
352	nm = gen->d.directoryName;
353	ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
354	if (ret <= 0) {
355	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
356	OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
357	goto err;
358	}
359	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
360	flags \|= OCSP_NOVERIFY;
361	if (!(flags & OCSP_NOSIGS)) {
362	EVP_PKEY *skey;
363	skey = X509_get0_pubkey(signer);
364	ret = OCSP_REQUEST_verify(req, skey);
365	if (ret <= 0) {
366	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
367	goto err;
368	}
369	}
370	if (!(flags & OCSP_NOVERIFY)) {
371	int init_res;
372	if (flags & OCSP_NOCHAIN)
373	init_res = X509_STORE_CTX_init(ctx, store, signer, NULL);
374	else
375	init_res = X509_STORE_CTX_init(ctx, store, signer,
376	req->optionalSignature->certs);
377	if (!init_res) {
378	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
379	goto err;
380	}
381
382	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
383	X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
384	ret = X509_verify_cert(ctx);
385	if (ret <= 0) {
386	ret = X509_STORE_CTX_get_error(ctx);
387	OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
388	OCSP_R_CERTIFICATE_VERIFY_ERROR);
389	ERR_add_error_data(2, "Verify error:",
390	X509_verify_cert_error_string(ret));
391	goto err;
392	}
393	}
394	ret = 1;
395	goto end;
396
397	err:
398	ret = 0;
399	end:
400	X509_STORE_CTX_free(ctx);
401	return ret;
402
403	}
404
405	static int ocsp_req_find_signer(X509 *psigner, OCSP_REQUEST req,
406	X509_NAME nm, STACK_OF(X509) certs,
407	unsigned long flags)
408	{
409	X509 *signer;
410	if (!(flags & OCSP_NOINTERN)) {
411	signer = X509_find_by_subject(req->optionalSignature->certs, nm);
412	if (signer) {
413	*psigner = signer;
414	return 1;
415	}
416	}
417
418	signer = X509_find_by_subject(certs, nm);
419	if (signer) {
420	*psigner = signer;
421	return 2;
422	}
423	return 0;
424	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/ocsp/ocsp_vfy.c@ 331

Download in other formats: