diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 93ba2eaa7..ae929419e 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -30,6 +30,11 @@ #include #endif +#ifdef OPENSSL_IS_BORINGSSL +#include +#include +#endif /* OPENSSL_IS_BORINGSSL */ + #include "common.h" #include "crypto.h" #include "sha1.h" @@ -1580,6 +1585,819 @@ static void openssl_tls_cert_event(struct tls_connection *conn, } +#ifdef OPENSSL_IS_BORINGSSL + +/* + * CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuer's public key + * serialNumber CertificateSerialNumber } + */ +typedef struct { + X509_ALGOR *hashAlgorithm; + ASN1_OCTET_STRING *issuerNameHash; + ASN1_OCTET_STRING *issuerKeyHash; + ASN1_INTEGER *serialNumber; +} CertID; + +/* + * ResponseBytes ::= SEQUENCE { + * responseType OBJECT IDENTIFIER, + * response OCTET STRING } + */ +typedef struct { + ASN1_OBJECT *responseType; + ASN1_OCTET_STRING *response; +} ResponseBytes; + +/* + * OCSPResponse ::= SEQUENCE { + * responseStatus OCSPResponseStatus, + * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + */ +typedef struct { + ASN1_ENUMERATED *responseStatus; + ResponseBytes *responseBytes; +} OCSPResponse; + +ASN1_SEQUENCE(ResponseBytes) = { + ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT), + ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(ResponseBytes); + +ASN1_SEQUENCE(OCSPResponse) = { + ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED), + ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0) +} ASN1_SEQUENCE_END(OCSPResponse); + +IMPLEMENT_ASN1_FUNCTIONS(OCSPResponse); + +/* + * ResponderID ::= CHOICE { + * byName [1] Name, + * byKey [2] KeyHash } + */ +typedef struct { + int type; + union { + X509_NAME *byName; + ASN1_OCTET_STRING *byKey; + } value; +} ResponderID; + +/* + * RevokedInfo ::= SEQUENCE { + * revocationTime GeneralizedTime, + * revocationReason [0] EXPLICIT CRLReason OPTIONAL } + */ +typedef struct { + ASN1_GENERALIZEDTIME *revocationTime; + ASN1_ENUMERATED *revocationReason; +} RevokedInfo; + +/* + * CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + */ +typedef struct { + int type; + union { + ASN1_NULL *good; + RevokedInfo *revoked; + ASN1_NULL *unknown; + } value; +} CertStatus; + +/* + * SingleResponse ::= SEQUENCE { + * certID CertID, + * certStatus CertStatus, + * thisUpdate GeneralizedTime, + * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + * singleExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +typedef struct { + CertID *certID; + CertStatus *certStatus; + ASN1_GENERALIZEDTIME *thisUpdate; + ASN1_GENERALIZEDTIME *nextUpdate; + STACK_OF(X509_EXTENSION) *singleExtensions; +} SingleResponse; + +/* + * ResponseData ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * responderID ResponderID, + * producedAt GeneralizedTime, + * responses SEQUENCE OF SingleResponse, + * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +typedef struct { + ASN1_INTEGER *version; + ResponderID *responderID; + ASN1_GENERALIZEDTIME *producedAt; + STACK_OF(SingleResponse) *responses; + STACK_OF(X509_EXTENSION) *responseExtensions; +} ResponseData; + +/* + * BasicOCSPResponse ::= SEQUENCE { + * tbsResponseData ResponseData, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ +typedef struct { + ResponseData *tbsResponseData; + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +} BasicOCSPResponse; + +ASN1_SEQUENCE(CertID) = { + ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR), + ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING), + ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING), + ASN1_SIMPLE(CertID, serialNumber, ASN1_INTEGER) +} ASN1_SEQUENCE_END(CertID); + +ASN1_CHOICE(ResponderID) = { + ASN1_EXP(ResponderID, value.byName, X509_NAME, 1), + ASN1_EXP(ResponderID, value.byKey, ASN1_OCTET_STRING, 2) +} ASN1_CHOICE_END(ResponderID); + +ASN1_SEQUENCE(RevokedInfo) = { + ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME), + ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0) +} ASN1_SEQUENCE_END(RevokedInfo); + +ASN1_CHOICE(CertStatus) = { + ASN1_IMP(CertStatus, value.good, ASN1_NULL, 0), + ASN1_IMP(CertStatus, value.revoked, RevokedInfo, 1), + ASN1_IMP(CertStatus, value.unknown, ASN1_NULL, 2) +} ASN1_CHOICE_END(CertStatus); + +ASN1_SEQUENCE(SingleResponse) = { + ASN1_SIMPLE(SingleResponse, certID, CertID), + ASN1_SIMPLE(SingleResponse, certStatus, CertStatus), + ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME), + ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0), + ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, + X509_EXTENSION, 1) +} ASN1_SEQUENCE_END(SingleResponse); + +ASN1_SEQUENCE(ResponseData) = { + ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0), + ASN1_SIMPLE(ResponseData, responderID, ResponderID), + ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME), + ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse), + ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, + X509_EXTENSION, 1) +} ASN1_SEQUENCE_END(ResponseData); + +ASN1_SEQUENCE(BasicOCSPResponse) = { + ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData), + ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING), + ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0) +} ASN1_SEQUENCE_END(BasicOCSPResponse); + +IMPLEMENT_ASN1_FUNCTIONS(BasicOCSPResponse); + +#define sk_SingleResponse_num(sk) \ +sk_num(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk)) + +#define sk_SingleResponse_value(sk, i) \ + ((SingleResponse *) \ + sk_value(CHECKED_CAST(_STACK *, STACK_OF(SingleResponse) *, sk), (i))) + + +static char * mem_bio_to_str(BIO *out) +{ + char *txt; + size_t rlen; + int res; + + rlen = BIO_ctrl_pending(out); + txt = os_malloc(rlen + 1); + if (!txt) { + BIO_free(out); + return NULL; + } + + res = BIO_read(out, txt, rlen); + BIO_free(out); + if (res < 0) { + os_free(txt); + return NULL; + } + + txt[res] = '\0'; + return txt; +} + + +static char * generalizedtime_str(ASN1_GENERALIZEDTIME *t) +{ + BIO *out; + + out = BIO_new(BIO_s_mem()); + if (!out) + return NULL; + + if (!ASN1_GENERALIZEDTIME_print(out, t)) { + BIO_free(out); + return NULL; + } + + return mem_bio_to_str(out); +} + + +static char * responderid_str(ResponderID *rid) +{ + BIO *out; + + out = BIO_new(BIO_s_mem()); + if (!out) + return NULL; + + switch (rid->type) { + case 0: + X509_NAME_print_ex(out, rid->value.byName, 0, XN_FLAG_ONELINE); + break; + case 1: + i2a_ASN1_STRING(out, rid->value.byKey, V_ASN1_OCTET_STRING); + break; + default: + BIO_free(out); + return NULL; + } + + return mem_bio_to_str(out); +} + + +static char * octet_string_str(ASN1_OCTET_STRING *o) +{ + BIO *out; + + out = BIO_new(BIO_s_mem()); + if (!out) + return NULL; + + i2a_ASN1_STRING(out, o, V_ASN1_OCTET_STRING); + return mem_bio_to_str(out); +} + + +static char * integer_str(ASN1_INTEGER *i) +{ + BIO *out; + + out = BIO_new(BIO_s_mem()); + if (!out) + return NULL; + + i2a_ASN1_INTEGER(out, i); + return mem_bio_to_str(out); +} + + +static char * algor_str(X509_ALGOR *alg) +{ + BIO *out; + + out = BIO_new(BIO_s_mem()); + if (!out) + return NULL; + + i2a_ASN1_OBJECT(out, alg->algorithm); + return mem_bio_to_str(out); +} + + +static char * extensions_str(const char *title, STACK_OF(X509_EXTENSION) *ext) +{ + BIO *out; + + if (!ext) + return NULL; + + out = BIO_new(BIO_s_mem()); + if (!out) + return NULL; + + if (!X509V3_extensions_print(out, title, ext, 0, 0)) { + BIO_free(out); + return NULL; + } + return mem_bio_to_str(out); +} + + +static int ocsp_resp_valid(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd) +{ + time_t now, tmp; + + if (!ASN1_GENERALIZEDTIME_check(thisupd)) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Invalid OCSP response thisUpdate"); + return 0; + } + + time(&now); + tmp = now + 5 * 60; /* allow five minute clock difference */ + if (X509_cmp_time(thisupd, &tmp) > 0) { + wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response not yet valid"); + return 0; + } + + if (!nextupd) + return 1; /* OK - no limit on response age */ + + if (!ASN1_GENERALIZEDTIME_check(nextupd)) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Invalid OCSP response nextUpdate"); + return 0; + } + + tmp = now - 5 * 60; /* allow five minute clock difference */ + if (X509_cmp_time(nextupd, &tmp) < 0) { + wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response expired"); + return 0; + } + + if (ASN1_STRING_cmp(nextupd, thisupd) < 0) { + wpa_printf(MSG_DEBUG, + "OpenSSL: OCSP response nextUpdate before thisUpdate"); + return 0; + } + + /* Both thisUpdate and nextUpdate are valid */ + return -1; +} + + +static int issuer_match(X509 *cert, X509 *issuer, CertID *certid) +{ + X509_NAME *iname; + ASN1_BIT_STRING *ikey; + const EVP_MD *dgst; + unsigned int len; + unsigned char md[EVP_MAX_MD_SIZE]; + ASN1_OCTET_STRING *hash; + char *txt; + + dgst = EVP_get_digestbyobj(certid->hashAlgorithm->algorithm); + if (!dgst) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Could not find matching hash algorithm for OCSP"); + return -1; + } + + iname = X509_get_issuer_name(cert); + if (!X509_NAME_digest(iname, dgst, md, &len)) + return -1; + hash = ASN1_OCTET_STRING_new(); + if (!hash) + return -1; + if (!ASN1_OCTET_STRING_set(hash, md, len)) { + ASN1_OCTET_STRING_free(hash); + return -1; + } + + txt = octet_string_str(hash); + if (txt) { + wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerNameHash: %s", + txt); + os_free(txt); + } + + if (ASN1_OCTET_STRING_cmp(certid->issuerNameHash, hash)) { + ASN1_OCTET_STRING_free(hash); + return -1; + } + + ikey = X509_get0_pubkey_bitstr(issuer); + if (!EVP_Digest(ikey->data, ikey->length, md, &len, dgst, NULL) || + !ASN1_OCTET_STRING_set(hash, md, len)) { + ASN1_OCTET_STRING_free(hash); + return -1; + } + + txt = octet_string_str(hash); + if (txt) { + wpa_printf(MSG_DEBUG, "OpenSSL: calculated issuerKeyHash: %s", + txt); + os_free(txt); + } + + if (ASN1_OCTET_STRING_cmp(certid->issuerKeyHash, hash)) { + ASN1_OCTET_STRING_free(hash); + return -1; + } + + ASN1_OCTET_STRING_free(hash); + return 0; +} + + +static X509 * ocsp_find_signer(STACK_OF(X509) *certs, ResponderID *rid) +{ + unsigned int i; + unsigned char hash[SHA_DIGEST_LENGTH]; + + if (rid->type == 0) { + /* byName */ + return X509_find_by_subject(certs, rid->value.byName); + } + + /* byKey */ + if (rid->value.byKey->length != SHA_DIGEST_LENGTH) + return NULL; + for (i = 0; i < sk_X509_num(certs); i++) { + X509 *x = sk_X509_value(certs, i); + + X509_pubkey_digest(x, EVP_sha1(), hash, NULL); + if (os_memcmp(rid->value.byKey->data, hash, + SHA_DIGEST_LENGTH) == 0) + return x; + } + + return NULL; +} + + +enum ocsp_result { + OCSP_GOOD, OCSP_REVOKED, OCSP_NO_RESPONSE, OCSP_INVALID +}; + +static enum ocsp_result check_ocsp_resp(struct tls_connection *conn, + X509 *cert, X509 *issuer) +{ + const uint8_t *resp_data; + size_t resp_len; + OCSPResponse *resp; + int status; + ResponseBytes *bytes; + const u8 *basic_data; + size_t basic_len; + BasicOCSPResponse *basic; + ResponseData *rd; + char *txt; + int i, num; + unsigned int j, num_resp; + SingleResponse *matching_resp = NULL, *cmp_sresp; + enum ocsp_result result = OCSP_INVALID; + X509_STORE *store; + STACK_OF(X509) *untrusted = NULL, *certs = NULL, *chain = NULL; + X509_STORE_CTX ctx; + X509 *signer, *tmp_cert; + int signer_trusted = 0; + EVP_PKEY *skey; + int ret; + char buf[256]; + + txt = integer_str(X509_get_serialNumber(cert)); + if (txt) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Searching OCSP response for peer certificate serialNumber: %s", txt); + os_free(txt); + } + + SSL_get0_ocsp_response(conn->ssl, &resp_data, &resp_len); + if (resp_data == NULL || resp_len == 0) { + wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received"); + return OCSP_NO_RESPONSE; + } + + wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", resp_data, resp_len); + + resp = d2i_OCSPResponse(NULL, &resp_data, resp_len); + if (!resp) { + wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSPResponse"); + return OCSP_INVALID; + } + + status = ASN1_ENUMERATED_get(resp->responseStatus); + if (status != 0) { + wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d", + status); + return OCSP_INVALID; + } + + bytes = resp->responseBytes; + + if (!bytes || + OBJ_obj2nid(bytes->responseType) != NID_id_pkix_OCSP_basic) { + wpa_printf(MSG_INFO, + "OpenSSL: Could not find BasicOCSPResponse"); + return OCSP_INVALID; + } + + basic_data = ASN1_STRING_data(bytes->response); + basic_len = ASN1_STRING_length(bytes->response); + wpa_hexdump(MSG_DEBUG, "OpenSSL: BasicOCSPResponse", + basic_data, basic_len); + + basic = d2i_BasicOCSPResponse(NULL, &basic_data, basic_len); + if (!basic) { + wpa_printf(MSG_INFO, + "OpenSSL: Could not parse BasicOCSPResponse"); + OCSPResponse_free(resp); + return OCSP_INVALID; + } + + rd = basic->tbsResponseData; + + if (basic->certs) { + untrusted = sk_X509_dup(basic->certs); + + num = sk_X509_num(basic->certs); + for (i = 0; i < num; i++) { + X509 *extra_cert; + + extra_cert = sk_X509_value(basic->certs, i); + X509_NAME_oneline(X509_get_subject_name(extra_cert), + buf, sizeof(buf)); + wpa_printf(MSG_DEBUG, + "OpenSSL: BasicOCSPResponse cert %s", buf); + + if (!sk_X509_push(untrusted, extra_cert)) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Could not add certificate to the untrusted stack"); + } + } + } + + store = SSL_CTX_get_cert_store(conn->ssl_ctx); + if (conn->peer_issuer) { + if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) { + tls_show_errors(MSG_INFO, __func__, + "OpenSSL: Could not add issuer to certificate store"); + } + certs = sk_X509_new_null(); + if (certs) { + tmp_cert = X509_dup(conn->peer_issuer); + if (tmp_cert && !sk_X509_push(certs, tmp_cert)) { + tls_show_errors( + MSG_INFO, __func__, + "OpenSSL: Could not add issuer to OCSP responder trust store"); + X509_free(tmp_cert); + sk_X509_free(certs); + certs = NULL; + } + if (certs && conn->peer_issuer_issuer) { + tmp_cert = X509_dup(conn->peer_issuer_issuer); + if (tmp_cert && + !sk_X509_push(certs, tmp_cert)) { + tls_show_errors( + MSG_INFO, __func__, + "OpenSSL: Could not add issuer's issuer to OCSP responder trust store"); + X509_free(tmp_cert); + } + } + } + } + + signer = ocsp_find_signer(certs, rd->responderID); + if (!signer) + signer = ocsp_find_signer(untrusted, rd->responderID); + else + signer_trusted = 1; + if (!signer) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Could not find OCSP signer certificate"); + goto fail; + } + + skey = X509_get_pubkey(signer); + if (!skey) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Could not get OCSP signer public key"); + goto fail; + } + if (ASN1_item_verify(ASN1_ITEM_rptr(ResponseData), + basic->signatureAlgorithm, basic->signature, + basic->tbsResponseData, skey) <= 0) { + wpa_printf(MSG_DEBUG, + "OpenSSL: BasicOCSPResponse signature is invalid"); + goto fail; + } + + X509_NAME_oneline(X509_get_subject_name(signer), buf, sizeof(buf)); + wpa_printf(MSG_DEBUG, + "OpenSSL: Found OCSP signer certificate %s and verified BasicOCSPResponse signature", + buf); + + if (!X509_STORE_CTX_init(&ctx, store, signer, untrusted)) + goto fail; + X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); + ret = X509_verify_cert(&ctx); + chain = X509_STORE_CTX_get1_chain(&ctx); + X509_STORE_CTX_cleanup(&ctx); + if (ret <= 0) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Could not validate OCSP signer certificate"); + goto fail; + } + + if (!chain || sk_X509_num(chain) <= 0) { + wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP signer chain found"); + goto fail; + } + + if (!signer_trusted) { + X509_check_purpose(signer, -1, 0); + if ((signer->ex_flags & EXFLAG_XKUSAGE) && + (signer->ex_xkusage & XKU_OCSP_SIGN)) { + wpa_printf(MSG_DEBUG, + "OpenSSL: OCSP signer certificate delegation OK"); + } else { + tmp_cert = sk_X509_value(chain, sk_X509_num(chain) - 1); + if (X509_check_trust(tmp_cert, NID_OCSP_sign, 0) != + X509_TRUST_TRUSTED) { + wpa_printf(MSG_DEBUG, + "OpenSSL: OCSP signer certificate not trusted"); + result = OCSP_NO_RESPONSE; + goto fail; + } + } + } + + wpa_printf(MSG_DEBUG, "OpenSSL: OCSP version: %lu", + ASN1_INTEGER_get(rd->version)); + + txt = responderid_str(rd->responderID); + if (txt) { + wpa_printf(MSG_DEBUG, "OpenSSL: OCSP responderID: %s", + txt); + os_free(txt); + } + + txt = generalizedtime_str(rd->producedAt); + if (txt) { + wpa_printf(MSG_DEBUG, "OpenSSL: OCSP producedAt: %s", + txt); + os_free(txt); + } + + num_resp = sk_SingleResponse_num(rd->responses); + if (num_resp == 0) { + wpa_printf(MSG_DEBUG, + "OpenSSL: No OCSP SingleResponse within BasicOCSPResponse"); + result = OCSP_NO_RESPONSE; + goto fail; + } + cmp_sresp = sk_SingleResponse_value(rd->responses, 0); + for (j = 0; j < num_resp; j++) { + SingleResponse *sresp; + CertID *cid1, *cid2; + + sresp = sk_SingleResponse_value(rd->responses, j); + wpa_printf(MSG_DEBUG, "OpenSSL: OCSP SingleResponse %u/%u", + j + 1, num_resp); + + txt = algor_str(sresp->certID->hashAlgorithm); + if (txt) { + wpa_printf(MSG_DEBUG, + "OpenSSL: certID hashAlgorithm: %s", txt); + os_free(txt); + } + + txt = octet_string_str(sresp->certID->issuerNameHash); + if (txt) { + wpa_printf(MSG_DEBUG, + "OpenSSL: certID issuerNameHash: %s", txt); + os_free(txt); + } + + txt = octet_string_str(sresp->certID->issuerKeyHash); + if (txt) { + wpa_printf(MSG_DEBUG, + "OpenSSL: certID issuerKeyHash: %s", txt); + os_free(txt); + } + + txt = integer_str(sresp->certID->serialNumber); + if (txt) { + wpa_printf(MSG_DEBUG, + "OpenSSL: certID serialNumber: %s", txt); + os_free(txt); + } + + switch (sresp->certStatus->type) { + case 0: + wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: good"); + break; + case 1: + wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: revoked"); + break; + default: + wpa_printf(MSG_DEBUG, "OpenSSL: certStatus: unknown"); + break; + } + + txt = generalizedtime_str(sresp->thisUpdate); + if (txt) { + wpa_printf(MSG_DEBUG, "OpenSSL: thisUpdate: %s", txt); + os_free(txt); + } + + if (sresp->nextUpdate) { + txt = generalizedtime_str(sresp->nextUpdate); + if (txt) { + wpa_printf(MSG_DEBUG, "OpenSSL: nextUpdate: %s", + txt); + os_free(txt); + } + } + + txt = extensions_str("singleExtensions", + sresp->singleExtensions); + if (txt) { + wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt); + os_free(txt); + } + + cid1 = cmp_sresp->certID; + cid2 = sresp->certID; + if (j > 0 && + (OBJ_cmp(cid1->hashAlgorithm->algorithm, + cid2->hashAlgorithm->algorithm) != 0 || + ASN1_OCTET_STRING_cmp(cid1->issuerNameHash, + cid2->issuerNameHash) != 0 || + ASN1_OCTET_STRING_cmp(cid1->issuerKeyHash, + cid2->issuerKeyHash) != 0)) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Different OCSP response issuer information between SingleResponse values within BasicOCSPResponse"); + goto fail; + } + + if (!matching_resp && issuer && + ASN1_INTEGER_cmp(sresp->certID->serialNumber, + X509_get_serialNumber(cert)) == 0 && + issuer_match(cert, issuer, sresp->certID) == 0) { + wpa_printf(MSG_DEBUG, + "OpenSSL: This response matches peer certificate"); + matching_resp = sresp; + } + } + + txt = extensions_str("responseExtensions", rd->responseExtensions); + if (txt) { + wpa_printf(MSG_DEBUG, "OpenSSL: %s", txt); + os_free(txt); + } + + if (!matching_resp) { + wpa_printf(MSG_DEBUG, + "OpenSSL: Could not find OCSP response that matches the peer certificate"); + result = OCSP_NO_RESPONSE; + goto fail; + } + + if (!ocsp_resp_valid(matching_resp->thisUpdate, + matching_resp->nextUpdate)) { + wpa_printf(MSG_DEBUG, + "OpenSSL: OCSP response not valid at this time"); + goto fail; + } + + if (matching_resp->certStatus->type == 1) { + wpa_printf(MSG_DEBUG, + "OpenSSL: OCSP response indicated that the peer certificate has been revoked"); + result = OCSP_REVOKED; + goto fail; + } + + if (matching_resp->certStatus->type != 0) { + wpa_printf(MSG_DEBUG, + "OpenSSL: OCSP response did not indicate good status"); + result = OCSP_NO_RESPONSE; + goto fail; + } + + /* OCSP response indicated the certificate is good. */ + result = OCSP_GOOD; +fail: + sk_X509_pop_free(chain, X509_free); + sk_X509_free(untrusted); + sk_X509_pop_free(certs, X509_free); + BasicOCSPResponse_free(basic); + OCSPResponse_free(resp); + + return result; +} + +#endif /* OPENSSL_IS_BORINGSSL */ + + static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) { char buf[256]; @@ -1725,6 +2543,29 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) TLS_FAIL_SERVER_CHAIN_PROBE); } +#ifdef OPENSSL_IS_BORINGSSL + if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP)) { + enum ocsp_result res; + + res = check_ocsp_resp(conn, err_cert, conn->peer_issuer); + if (res == OCSP_REVOKED) { + preverify_ok = 0; + openssl_tls_fail_event(conn, err_cert, err, depth, buf, + "certificate revoked", + TLS_FAIL_REVOKED); + if (err == X509_V_OK) + X509_STORE_CTX_set_error( + x509_ctx, X509_V_ERR_CERT_REVOKED); + } else if (res != OCSP_GOOD && + (conn->flags & TLS_CONN_REQUIRE_OCSP)) { + preverify_ok = 0; + openssl_tls_fail_event(conn, err_cert, err, depth, buf, + "bad certificate status response", + TLS_FAIL_UNSPECIFIED); + } + } +#endif /* OPENSSL_IS_BORINGSSL */ + if (preverify_ok && context->event_cb != NULL) context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_SUCCESS, NULL); @@ -3903,6 +4744,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, tls_set_conn_flags(conn->ssl, params->flags); +#ifdef OPENSSL_IS_BORINGSSL + if (params->flags & TLS_CONN_REQUEST_OCSP) { + SSL_enable_ocsp_stapling(conn->ssl); + } +#else /* OPENSSL_IS_BORINGSSL */ #ifdef HAVE_OCSP if (params->flags & TLS_CONN_REQUEST_OCSP) { SSL_CTX *ssl_ctx = data->ssl; @@ -3921,6 +4767,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, "OpenSSL: No OCSP support included - allow optional OCSP case to continue"); } #endif /* HAVE_OCSP */ +#endif /* OPENSSL_IS_BORINGSSL */ conn->flags = params->flags;