search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
import libtls (LibreSSL 2.5.4)
[unleashed.git] / lib / libtls / tls_ocsp.c
bloba7aca37a7dff1817a9d45276bf122e8781c7f7f5
1 /*
2 * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
3 * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include <sys/types.h>
19
20 #include <arpa/inet.h>
21 #include <netinet/in.h>
22
23 #include <openssl/err.h>
24 #include <openssl/ocsp.h>
25 #include <openssl/x509.h>
26
27 #include <tls.h>
28 #include "tls_internal.h"
29
30 #define MAXAGE_SEC (14*24*60*60)
31 #define JITTER_SEC (60)
32
33 /*
34 * State for request.
35 */
36
37 static struct tls_ocsp *
38 tls_ocsp_new(void)
39 {
40 return (calloc(1, sizeof(struct tls_ocsp)));
41 }
42
43 void
44 tls_ocsp_free(struct tls_ocsp *ocsp)
45 {
46 if (ocsp == NULL)
47 return;
48
49 free(ocsp->ocsp_result);
50 ocsp->ocsp_result = NULL;
51 free(ocsp->ocsp_url);
52 ocsp->ocsp_url = NULL;
53 free(ocsp);
54 }
55
56 static int
57 tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_time)
58 {
59 struct tm tm;
60
61 if (gt == NULL)
62 return -1;
63 /* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */
64 if (ASN1_time_parse(gt->data, gt->length, &tm,
65 V_ASN1_GENERALIZEDTIME) == -1)
66 return -1;
67 if ((*gt_time = timegm(&tm)) == -1)
68 return -1;
69 return 0;
70 }
71
72 static int
73 tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,
74 int crl_reason, ASN1_GENERALIZEDTIME *revtime,
75 ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd)
76 {
77 struct tls_ocsp_result *info = NULL;
78
79 free(ctx->ocsp->ocsp_result);
80 ctx->ocsp->ocsp_result = NULL;
81
82 if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) {
83 tls_set_error(ctx, "calloc");
84 return -1;
85 }
86 info->response_status = response_status;
87 info->cert_status = cert_status;
88 info->crl_reason = crl_reason;
89 if (info->response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
90 info->result_msg =
91 OCSP_response_status_str(info->response_status);
92 } else if (info->cert_status != V_OCSP_CERTSTATUS_REVOKED) {
93 info->result_msg = OCSP_cert_status_str(info->cert_status);
94 } else {
95 info->result_msg = OCSP_crl_reason_str(info->crl_reason);
96 }
97 info->revocation_time = info->this_update = info->next_update = -1;
98 if (revtime != NULL &&
99 tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0) {
100 tls_set_error(ctx,
101 "unable to parse revocation time in OCSP reply");
102 goto error;
103 }
104 if (thisupd != NULL &&
105 tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0) {
106 tls_set_error(ctx,
107 "unable to parse this update time in OCSP reply");
108 goto error;
109 }
110 if (nextupd != NULL &&
111 tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0) {
112 tls_set_error(ctx,
113 "unable to parse next update time in OCSP reply");
114 goto error;
115 }
116 ctx->ocsp->ocsp_result = info;
117 return 0;
118 error:
119 free(info);
120 return -1;
121 }
122
123 static OCSP_CERTID *
124 tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs,
125 SSL_CTX *ssl_ctx)
126 {
127 X509_NAME *issuer_name;
128 X509 *issuer;
129 X509_STORE_CTX storectx;
130 X509_OBJECT tmpobj;
131 OCSP_CERTID *cid = NULL;
132 X509_STORE *store;
133
134 if ((issuer_name = X509_get_issuer_name(main_cert)) == NULL)
135 return NULL;
136
137 if (extra_certs != NULL) {
138 issuer = X509_find_by_subject(extra_certs, issuer_name);
139 if (issuer != NULL)
140 return OCSP_cert_to_id(NULL, main_cert, issuer);
141 }
142
143 if ((store = SSL_CTX_get_cert_store(ssl_ctx)) == NULL)
144 return NULL;
145 if (X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs) != 1)
146 return NULL;
147 if (X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name,
148 &tmpobj) == 1) {
149 cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509);
150 X509_OBJECT_free_contents(&tmpobj);
151 }
152 X509_STORE_CTX_cleanup(&storectx);
153 return cid;
154 }
155
156 struct tls_ocsp *
157 tls_ocsp_setup_from_peer(struct tls *ctx)
158 {
159 struct tls_ocsp *ocsp = NULL;
160 STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL;
161
162 if ((ocsp = tls_ocsp_new()) == NULL)
163 goto failed;
164
165 /* steal state from ctx struct */
166 ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn);
167 ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn);
168 if (ocsp->main_cert == NULL) {
169 tls_set_errorx(ctx, "no peer certificate for OCSP");
170 goto failed;
171 }
172
173 ocsp_urls = X509_get1_ocsp(ocsp->main_cert);
174 if (ocsp_urls == NULL)
175 goto failed;
176 ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0));
177 if (ocsp->ocsp_url == NULL) {
178 tls_set_errorx(ctx, "out of memory");
179 goto failed;
180 }
181
182 X509_email_free(ocsp_urls);
183 return ocsp;
184
185 failed:
186 tls_ocsp_free(ocsp);
187 X509_email_free(ocsp_urls);
188 return NULL;
189 }
190
191 static int
192 tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)
193 {
194 OCSP_BASICRESP *br = NULL;
195 ASN1_GENERALIZEDTIME *revtime = NULL, *thisupd = NULL, *nextupd = NULL;
196 OCSP_CERTID *cid = NULL;
197 STACK_OF(X509) *combined = NULL;
198 int response_status=0, cert_status=0, crl_reason=0;
199 int ret = -1;
200 unsigned long flags;
201
202 if ((br = OCSP_response_get1_basic(resp)) == NULL) {
203 tls_set_errorx(ctx, "cannot load ocsp reply");
204 goto error;
205 }
206
207 /*
208 * Skip validation of 'extra_certs' as this should be done
209 * already as part of main handshake.
210 */
211 flags = OCSP_TRUSTOTHER;
212
213 /* now verify */
214 if (OCSP_basic_verify(br, ctx->ocsp->extra_certs,
215 SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) {
216 tls_set_error(ctx, "ocsp verify failed");
217 goto error;
218 }
219
220 /* signature OK, look inside */
221 response_status = OCSP_response_status(resp);
222 if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
223 tls_set_errorx(ctx, "ocsp verify failed: response - %s",
224 OCSP_response_status_str(response_status));
225 goto error;
226 }
227
228 cid = tls_ocsp_get_certid(ctx->ocsp->main_cert,
229 ctx->ocsp->extra_certs, ctx->ssl_ctx);
230 if (cid == NULL) {
231 tls_set_errorx(ctx, "ocsp verify failed: no issuer cert");
232 goto error;
233 }
234
235 if (OCSP_resp_find_status(br, cid, &cert_status, &crl_reason,
236 &revtime, &thisupd, &nextupd) != 1) {
237 tls_set_errorx(ctx, "ocsp verify failed: no result for cert");
238 goto error;
239 }
240
241 if (OCSP_check_validity(thisupd, nextupd, JITTER_SEC,
242 MAXAGE_SEC) != 1) {
243 tls_set_errorx(ctx,
244 "ocsp verify failed: ocsp response not current");
245 goto error;
246 }
247
248 if (tls_ocsp_fill_info(ctx, response_status, cert_status,
249 crl_reason, revtime, thisupd, nextupd) != 0)
250 goto error;
251
252 /* finally can look at status */
253 if (cert_status != V_OCSP_CERTSTATUS_GOOD && cert_status !=
254 V_OCSP_CERTSTATUS_UNKNOWN) {
255 tls_set_errorx(ctx, "ocsp verify failed: revoked cert - %s",
256 OCSP_crl_reason_str(crl_reason));
257 goto error;
258 }
259 ret = 0;
260
261 error:
262 sk_X509_free(combined);
263 OCSP_CERTID_free(cid);
264 OCSP_BASICRESP_free(br);
265 return ret;
266 }
267
268 /*
269 * Process a raw OCSP response from an OCSP server request.
270 * OCSP details can then be retrieved with tls_peer_ocsp_* functions.
271 * returns 0 if certificate ok, -1 otherwise.
272 */
273 static int
274 tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *response,
275 size_t size)
276 {
277 int ret;
278 OCSP_RESPONSE *resp;
279
280 resp = d2i_OCSP_RESPONSE(NULL, &response, size);
281 if (resp == NULL) {
282 tls_ocsp_free(ctx->ocsp);
283 ctx->ocsp = NULL;
284 tls_set_error(ctx, "unable to parse OCSP response");
285 return -1;
286 }
287 ret = tls_ocsp_verify_response(ctx, resp);
288 OCSP_RESPONSE_free(resp);
289 return ret;
290 }
291
292 /* TLS handshake verification callback for stapled requests */
293 int
294 tls_ocsp_verify_cb(SSL *ssl, void *arg)
295 {
296 const unsigned char *raw = NULL;
297 int size, res = -1;
298 struct tls *ctx;
299
300 if ((ctx = SSL_get_app_data(ssl)) == NULL)
301 return -1;
302
303 size = SSL_get_tlsext_status_ocsp_resp(ssl, &raw);
304 if (size <= 0) {
305 if (ctx->config->ocsp_require_stapling) {
306 tls_set_errorx(ctx, "no stapled OCSP response provided");
307 return 0;
308 }
309 return 1;
310 }
311
312 tls_ocsp_free(ctx->ocsp);
313 ctx->ocsp = tls_ocsp_setup_from_peer(ctx);
314 if (ctx->ocsp != NULL) {
315 if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0)
316 return 1;
317 res = tls_ocsp_process_response_internal(ctx, raw, size);
318 }
319
320 return (res == 0) ? 1 : 0;
321 }
322
323
324 /* Staple the OCSP information in ctx->ocsp to the server handshake. */
325 int
326 tls_ocsp_stapling_cb(SSL *ssl, void *arg)
327 {
328 struct tls *ctx;
329 unsigned char *ocsp_staple = NULL;
330 int ret = SSL_TLSEXT_ERR_ALERT_FATAL;
331
332 if ((ctx = SSL_get_app_data(ssl)) == NULL)
333 goto err;
334
335 if (ctx->config->keypair == NULL ||
336 ctx->config->keypair->ocsp_staple == NULL ||
337 ctx->config->keypair->ocsp_staple_len == 0)
338 return SSL_TLSEXT_ERR_NOACK;
339
340 if ((ocsp_staple = malloc(ctx->config->keypair->ocsp_staple_len)) ==
341 NULL)
342 goto err;
343
344 memcpy(ocsp_staple, ctx->config->keypair->ocsp_staple,
345 ctx->config->keypair->ocsp_staple_len);
346 if (SSL_set_tlsext_status_ocsp_resp(ctx->ssl_conn, ocsp_staple,
347 ctx->config->keypair->ocsp_staple_len) != 1)
348 goto err;
349
350 ret = SSL_TLSEXT_ERR_OK;
351 err:
352 if (ret != SSL_TLSEXT_ERR_OK)
353 free(ocsp_staple);
354 return ret;
355 }
356
357 /*
358 * Public API
359 */
360
361 /* Retrieve OCSP URL from peer certificate, if present */
362 const char *
363 tls_peer_ocsp_url(struct tls *ctx)
364 {
365 if (ctx->ocsp == NULL)
366 return NULL;
367 return ctx->ocsp->ocsp_url;
368 }
369
370 const char *
371 tls_peer_ocsp_result(struct tls *ctx)
372 {
373 if (ctx->ocsp == NULL)
374 return NULL;
375 if (ctx->ocsp->ocsp_result == NULL)
376 return NULL;
377 return ctx->ocsp->ocsp_result->result_msg;
378 }
379
380 int
381 tls_peer_ocsp_response_status(struct tls *ctx)
382 {
383 if (ctx->ocsp == NULL)
384 return -1;
385 if (ctx->ocsp->ocsp_result == NULL)
386 return -1;
387 return ctx->ocsp->ocsp_result->response_status;
388 }
389
390 int
391 tls_peer_ocsp_cert_status(struct tls *ctx)
392 {
393 if (ctx->ocsp == NULL)
394 return -1;
395 if (ctx->ocsp->ocsp_result == NULL)
396 return -1;
397 return ctx->ocsp->ocsp_result->cert_status;
398 }
399
400 int
401 tls_peer_ocsp_crl_reason(struct tls *ctx)
402 {
403 if (ctx->ocsp == NULL)
404 return -1;
405 if (ctx->ocsp->ocsp_result == NULL)
406 return -1;
407 return ctx->ocsp->ocsp_result->crl_reason;
408 }
409
410 time_t
411 tls_peer_ocsp_this_update(struct tls *ctx)
412 {
413 if (ctx->ocsp == NULL)
414 return -1;
415 if (ctx->ocsp->ocsp_result == NULL)
416 return -1;
417 return ctx->ocsp->ocsp_result->this_update;
418 }
419
420 time_t
421 tls_peer_ocsp_next_update(struct tls *ctx)
422 {
423 if (ctx->ocsp == NULL)
424 return -1;
425 if (ctx->ocsp->ocsp_result == NULL)
426 return -1;
427 return ctx->ocsp->ocsp_result->next_update;
428 }
429
430 time_t
431 tls_peer_ocsp_revocation_time(struct tls *ctx)
432 {
433 if (ctx->ocsp == NULL)
434 return -1;
435 if (ctx->ocsp->ocsp_result == NULL)
436 return -1;
437 return ctx->ocsp->ocsp_result->revocation_time;
438 }
439
440 int
441 tls_ocsp_process_response(struct tls *ctx, const unsigned char *response,
442 size_t size)
443 {
444 if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0)
445 return -1;
446 return tls_ocsp_process_response_internal(ctx, response, size);
447 }
Unleashed OS