1 /* $OpenBSD: tls_ocsp.c,v 1.22 2021/10/31 16:39:32 tb Exp $ */
3 * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
4 * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
21 #include <arpa/inet.h>
22 #include <netinet/in.h>
24 #include <openssl/err.h>
25 #include <openssl/ocsp.h>
26 #include <openssl/x509.h>
29 #include "tls_internal.h"
31 #define MAXAGE_SEC (14*24*60*60)
32 #define JITTER_SEC (60)
38 static struct tls_ocsp
*
41 return (calloc(1, sizeof(struct tls_ocsp
)));
45 tls_ocsp_free(struct tls_ocsp
*ocsp
)
50 X509_free(ocsp
->main_cert
);
51 free(ocsp
->ocsp_result
);
58 tls_ocsp_asn1_parse_time(struct tls
*ctx
, ASN1_GENERALIZEDTIME
*gt
, time_t *gt_time
)
64 /* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */
65 if (ASN1_time_parse(gt
->data
, gt
->length
, &tm
,
66 V_ASN1_GENERALIZEDTIME
) == -1)
68 if ((*gt_time
= timegm(&tm
)) == -1)
74 tls_ocsp_fill_info(struct tls
*ctx
, int response_status
, int cert_status
,
75 int crl_reason
, ASN1_GENERALIZEDTIME
*revtime
,
76 ASN1_GENERALIZEDTIME
*thisupd
, ASN1_GENERALIZEDTIME
*nextupd
)
78 struct tls_ocsp_result
*info
= NULL
;
80 free(ctx
->ocsp
->ocsp_result
);
81 ctx
->ocsp
->ocsp_result
= NULL
;
83 if ((info
= calloc(1, sizeof (struct tls_ocsp_result
))) == NULL
) {
84 tls_set_error(ctx
, "calloc");
87 info
->response_status
= response_status
;
88 info
->cert_status
= cert_status
;
89 info
->crl_reason
= crl_reason
;
90 if (info
->response_status
!= OCSP_RESPONSE_STATUS_SUCCESSFUL
) {
92 OCSP_response_status_str(info
->response_status
);
93 } else if (info
->cert_status
!= V_OCSP_CERTSTATUS_REVOKED
) {
94 info
->result_msg
= OCSP_cert_status_str(info
->cert_status
);
96 info
->result_msg
= OCSP_crl_reason_str(info
->crl_reason
);
98 info
->revocation_time
= info
->this_update
= info
->next_update
= -1;
99 if (revtime
!= NULL
&&
100 tls_ocsp_asn1_parse_time(ctx
, revtime
, &info
->revocation_time
) != 0) {
102 "unable to parse revocation time in OCSP reply");
105 if (thisupd
!= NULL
&&
106 tls_ocsp_asn1_parse_time(ctx
, thisupd
, &info
->this_update
) != 0) {
108 "unable to parse this update time in OCSP reply");
111 if (nextupd
!= NULL
&&
112 tls_ocsp_asn1_parse_time(ctx
, nextupd
, &info
->next_update
) != 0) {
114 "unable to parse next update time in OCSP reply");
117 ctx
->ocsp
->ocsp_result
= info
;
126 tls_ocsp_get_certid(X509
*main_cert
, STACK_OF(X509
) *extra_certs
,
129 X509_NAME
*issuer_name
;
131 X509_STORE_CTX
*storectx
= NULL
;
132 X509_OBJECT
*obj
= NULL
;
133 OCSP_CERTID
*cid
= NULL
;
136 if ((issuer_name
= X509_get_issuer_name(main_cert
)) == NULL
)
139 if (extra_certs
!= NULL
) {
140 issuer
= X509_find_by_subject(extra_certs
, issuer_name
);
141 if (issuer
!= NULL
) {
142 cid
= OCSP_cert_to_id(NULL
, main_cert
, issuer
);
147 if ((store
= SSL_CTX_get_cert_store(ssl_ctx
)) == NULL
)
149 if ((storectx
= X509_STORE_CTX_new()) == NULL
)
151 if (X509_STORE_CTX_init(storectx
, store
, main_cert
, extra_certs
) != 1)
153 if ((obj
= X509_STORE_CTX_get_obj_by_subject(storectx
, X509_LU_X509
,
154 issuer_name
)) == NULL
)
157 cid
= OCSP_cert_to_id(NULL
, main_cert
, X509_OBJECT_get0_X509(obj
));
160 X509_STORE_CTX_free(storectx
);
161 X509_OBJECT_free(obj
);
167 tls_ocsp_setup_from_peer(struct tls
*ctx
)
169 struct tls_ocsp
*ocsp
= NULL
;
170 STACK_OF(OPENSSL_STRING
) *ocsp_urls
= NULL
;
172 if ((ocsp
= tls_ocsp_new()) == NULL
)
175 /* steal state from ctx struct */
176 ocsp
->main_cert
= SSL_get_peer_certificate(ctx
->ssl_conn
);
177 ocsp
->extra_certs
= SSL_get_peer_cert_chain(ctx
->ssl_conn
);
178 if (ocsp
->main_cert
== NULL
) {
179 tls_set_errorx(ctx
, "no peer certificate for OCSP");
183 ocsp_urls
= X509_get1_ocsp(ocsp
->main_cert
);
184 if (ocsp_urls
== NULL
) {
185 tls_set_errorx(ctx
, "no OCSP URLs in peer certificate");
189 ocsp
->ocsp_url
= strdup(sk_OPENSSL_STRING_value(ocsp_urls
, 0));
190 if (ocsp
->ocsp_url
== NULL
) {
191 tls_set_errorx(ctx
, "out of memory");
195 X509_email_free(ocsp_urls
);
200 X509_email_free(ocsp_urls
);
205 tls_ocsp_verify_response(struct tls
*ctx
, OCSP_RESPONSE
*resp
)
207 OCSP_BASICRESP
*br
= NULL
;
208 ASN1_GENERALIZEDTIME
*revtime
= NULL
, *thisupd
= NULL
, *nextupd
= NULL
;
209 OCSP_CERTID
*cid
= NULL
;
210 STACK_OF(X509
) *combined
= NULL
;
211 int response_status
=0, cert_status
=0, crl_reason
=0;
215 if ((br
= OCSP_response_get1_basic(resp
)) == NULL
) {
216 tls_set_errorx(ctx
, "cannot load ocsp reply");
221 * Skip validation of 'extra_certs' as this should be done
222 * already as part of main handshake.
224 flags
= OCSP_TRUSTOTHER
;
227 if (OCSP_basic_verify(br
, ctx
->ocsp
->extra_certs
,
228 SSL_CTX_get_cert_store(ctx
->ssl_ctx
), flags
) != 1) {
229 tls_set_errorx(ctx
, "ocsp verify failed");
233 /* signature OK, look inside */
234 response_status
= OCSP_response_status(resp
);
235 if (response_status
!= OCSP_RESPONSE_STATUS_SUCCESSFUL
) {
236 tls_set_errorx(ctx
, "ocsp verify failed: response - %s",
237 OCSP_response_status_str(response_status
));
241 cid
= tls_ocsp_get_certid(ctx
->ocsp
->main_cert
,
242 ctx
->ocsp
->extra_certs
, ctx
->ssl_ctx
);
244 tls_set_errorx(ctx
, "ocsp verify failed: no issuer cert");
248 if (OCSP_resp_find_status(br
, cid
, &cert_status
, &crl_reason
,
249 &revtime
, &thisupd
, &nextupd
) != 1) {
250 tls_set_errorx(ctx
, "ocsp verify failed: no result for cert");
254 if (OCSP_check_validity(thisupd
, nextupd
, JITTER_SEC
,
257 "ocsp verify failed: ocsp response not current");
261 if (tls_ocsp_fill_info(ctx
, response_status
, cert_status
,
262 crl_reason
, revtime
, thisupd
, nextupd
) != 0)
265 /* finally can look at status */
266 if (cert_status
!= V_OCSP_CERTSTATUS_GOOD
&& cert_status
!=
267 V_OCSP_CERTSTATUS_UNKNOWN
) {
268 tls_set_errorx(ctx
, "ocsp verify failed: revoked cert - %s",
269 OCSP_crl_reason_str(crl_reason
));
275 sk_X509_free(combined
);
276 OCSP_CERTID_free(cid
);
277 OCSP_BASICRESP_free(br
);
282 * Process a raw OCSP response from an OCSP server request.
283 * OCSP details can then be retrieved with tls_peer_ocsp_* functions.
284 * returns 0 if certificate ok, -1 otherwise.
287 tls_ocsp_process_response_internal(struct tls
*ctx
, const unsigned char *response
,
293 resp
= d2i_OCSP_RESPONSE(NULL
, &response
, size
);
295 tls_ocsp_free(ctx
->ocsp
);
297 tls_set_error(ctx
, "unable to parse OCSP response");
300 ret
= tls_ocsp_verify_response(ctx
, resp
);
301 OCSP_RESPONSE_free(resp
);
305 /* TLS handshake verification callback for stapled requests */
307 tls_ocsp_verify_cb(SSL
*ssl
, void *arg
)
309 const unsigned char *raw
= NULL
;
313 if ((ctx
= SSL_get_app_data(ssl
)) == NULL
)
316 size
= SSL_get_tlsext_status_ocsp_resp(ssl
, &raw
);
318 if (ctx
->config
->ocsp_require_stapling
) {
319 tls_set_errorx(ctx
, "no stapled OCSP response provided");
325 tls_ocsp_free(ctx
->ocsp
);
326 if ((ctx
->ocsp
= tls_ocsp_setup_from_peer(ctx
)) == NULL
)
329 if (ctx
->config
->verify_cert
== 0 || ctx
->config
->verify_time
== 0)
332 res
= tls_ocsp_process_response_internal(ctx
, raw
, size
);
334 return (res
== 0) ? 1 : 0;
338 /* Staple the OCSP information in ctx->ocsp to the server handshake. */
340 tls_ocsp_stapling_cb(SSL
*ssl
, void *arg
)
342 int ret
= SSL_TLSEXT_ERR_ALERT_FATAL
;
343 unsigned char *ocsp_staple
= NULL
;
346 if ((ctx
= SSL_get_app_data(ssl
)) == NULL
)
349 if (ctx
->keypair
== NULL
|| ctx
->keypair
->ocsp_staple
== NULL
||
350 ctx
->keypair
->ocsp_staple_len
== 0)
351 return SSL_TLSEXT_ERR_NOACK
;
353 if ((ocsp_staple
= malloc(ctx
->keypair
->ocsp_staple_len
)) == NULL
)
356 memcpy(ocsp_staple
, ctx
->keypair
->ocsp_staple
,
357 ctx
->keypair
->ocsp_staple_len
);
359 if (SSL_set_tlsext_status_ocsp_resp(ctx
->ssl_conn
, ocsp_staple
,
360 ctx
->keypair
->ocsp_staple_len
) != 1)
363 ret
= SSL_TLSEXT_ERR_OK
;
365 if (ret
!= SSL_TLSEXT_ERR_OK
)
375 /* Retrieve OCSP URL from peer certificate, if present. */
377 tls_peer_ocsp_url(struct tls
*ctx
)
379 if (ctx
->ocsp
== NULL
)
381 return ctx
->ocsp
->ocsp_url
;
385 tls_peer_ocsp_result(struct tls
*ctx
)
387 if (ctx
->ocsp
== NULL
)
389 if (ctx
->ocsp
->ocsp_result
== NULL
)
391 return ctx
->ocsp
->ocsp_result
->result_msg
;
395 tls_peer_ocsp_response_status(struct tls
*ctx
)
397 if (ctx
->ocsp
== NULL
)
399 if (ctx
->ocsp
->ocsp_result
== NULL
)
401 return ctx
->ocsp
->ocsp_result
->response_status
;
405 tls_peer_ocsp_cert_status(struct tls
*ctx
)
407 if (ctx
->ocsp
== NULL
)
409 if (ctx
->ocsp
->ocsp_result
== NULL
)
411 return ctx
->ocsp
->ocsp_result
->cert_status
;
415 tls_peer_ocsp_crl_reason(struct tls
*ctx
)
417 if (ctx
->ocsp
== NULL
)
419 if (ctx
->ocsp
->ocsp_result
== NULL
)
421 return ctx
->ocsp
->ocsp_result
->crl_reason
;
425 tls_peer_ocsp_this_update(struct tls
*ctx
)
427 if (ctx
->ocsp
== NULL
)
429 if (ctx
->ocsp
->ocsp_result
== NULL
)
431 return ctx
->ocsp
->ocsp_result
->this_update
;
435 tls_peer_ocsp_next_update(struct tls
*ctx
)
437 if (ctx
->ocsp
== NULL
)
439 if (ctx
->ocsp
->ocsp_result
== NULL
)
441 return ctx
->ocsp
->ocsp_result
->next_update
;
445 tls_peer_ocsp_revocation_time(struct tls
*ctx
)
447 if (ctx
->ocsp
== NULL
)
449 if (ctx
->ocsp
->ocsp_result
== NULL
)
451 return ctx
->ocsp
->ocsp_result
->revocation_time
;
455 tls_ocsp_process_response(struct tls
*ctx
, const unsigned char *response
,
458 if ((ctx
->state
& TLS_HANDSHAKE_COMPLETE
) == 0)
460 return tls_ocsp_process_response_internal(ctx
, response
, size
);