/* * TLSv1 client - OCSP * Copyright (c) 2015, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. */ #include "includes.h" #include "common.h" #include "crypto/tls.h" #include "crypto/sha1.h" #include "asn1.h" #include "x509v3.h" #include "tlsv1_common.h" #include "tlsv1_record.h" #include "tlsv1_client.h" #include "tlsv1_client_i.h" /* RFC 6960, 4.2.1: OCSPResponseStatus ::= ENUMERATED */ enum ocsp_response_status { OCSP_RESP_STATUS_SUCCESSFUL = 0, OCSP_RESP_STATUS_MALFORMED_REQ = 1, OCSP_RESP_STATUS_INT_ERROR = 2, OCSP_RESP_STATUS_TRY_LATER = 3, /* 4 not used */ OCSP_RESP_STATUS_SIG_REQUIRED = 5, OCSP_RESP_STATUS_UNAUTHORIZED = 6, }; static int is_oid_basic_ocsp_resp(struct asn1_oid *oid) { return oid->len == 10 && oid->oid[0] == 1 /* iso */ && oid->oid[1] == 3 /* identified-organization */ && oid->oid[2] == 6 /* dod */ && oid->oid[3] == 1 /* internet */ && oid->oid[4] == 5 /* security */ && oid->oid[5] == 5 /* mechanisms */ && oid->oid[6] == 7 /* id-pkix */ && oid->oid[7] == 48 /* id-ad */ && oid->oid[8] == 1 /* id-pkix-ocsp */ && oid->oid[9] == 1 /* id-pkix-ocsp-basic */; } static int ocsp_responder_id_match(struct x509_certificate *signer, struct x509_name *name, const u8 *key_hash) { if (key_hash) { u8 hash[SHA1_MAC_LEN]; const u8 *addr[1] = { signer->public_key }; size_t len[1] = { signer->public_key_len }; if (sha1_vector(1, addr, len, hash) < 0) return 0; return os_memcmp(hash, key_hash, SHA1_MAC_LEN) == 0; } return x509_name_compare(&signer->subject, name) == 0; } static unsigned int ocsp_hash_data(struct asn1_oid *alg, const u8 *data, size_t data_len, u8 *hash) { const u8 *addr[1] = { data }; size_t len[1] = { data_len }; char buf[100]; if (x509_sha1_oid(alg)) { if (sha1_vector(1, addr, len, hash) < 0) return 0; wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA1)", hash, 20); return 20; } if (x509_sha256_oid(alg)) { if (sha256_vector(1, addr, len, hash) < 0) return 0; wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA256)", hash, 32); return 32; } if (x509_sha384_oid(alg)) { if (sha384_vector(1, addr, len, hash) < 0) return 0; wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA384)", hash, 48); return 48; } if (x509_sha512_oid(alg)) { if (sha512_vector(1, addr, len, hash) < 0) return 0; wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA512)", hash, 64); return 64; } asn1_oid_to_str(alg, buf, sizeof(buf)); wpa_printf(MSG_DEBUG, "OCSP: Could not calculate hash with alg %s", buf); return 0; } static int tls_process_ocsp_single_response(struct tlsv1_client *conn, struct x509_certificate *cert, struct x509_certificate *issuer, const u8 *resp, size_t len, enum tls_ocsp_result *res) { struct asn1_hdr hdr; const u8 *pos, *end; struct x509_algorithm_identifier alg; const u8 *name_hash, *key_hash; size_t name_hash_len, key_hash_len; const u8 *serial_number; size_t serial_number_len; u8 hash[64]; unsigned int hash_len; unsigned int cert_status; os_time_t update; struct os_time now; wpa_hexdump(MSG_MSGDUMP, "OCSP: SingleResponse", resp, len); /* * SingleResponse ::= SEQUENCE { * certID CertID, * certStatus CertStatus, * thisUpdate GeneralizedTime, * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, * singleExtensions [1] EXPLICIT Extensions OPTIONAL } */ /* CertID ::= SEQUENCE */ if (asn1_get_next(resp, len, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_SEQUENCE) { wpa_printf(MSG_DEBUG, "OCSP: Expected SEQUENCE (CertID) - found class %d tag 0x%x", hdr.class, hdr.tag); return -1; } pos = hdr.payload; end = hdr.payload + hdr.length; /* * CertID ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * issuerNameHash OCTET STRING, * issuerKeyHash OCTET STRING, * serialNumber CertificateSerialNumber } */ /* hashAlgorithm AlgorithmIdentifier */ if (x509_parse_algorithm_identifier(pos, end - pos, &alg, &pos)) return -1; /* issuerNameHash OCTET STRING */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_OCTETSTRING) { wpa_printf(MSG_DEBUG, "OCSP: Expected OCTET STRING (issuerNameHash) - found class %d tag 0x%x", hdr.class, hdr.tag); return -1; } name_hash = hdr.payload; name_hash_len = hdr.length; wpa_hexdump(MSG_DEBUG, "OCSP: issuerNameHash", name_hash, name_hash_len); pos = hdr.payload + hdr.length; wpa_hexdump(MSG_DEBUG, "OCSP: Issuer subject DN", issuer->subject_dn, issuer->subject_dn_len); hash_len = ocsp_hash_data(&alg.oid, issuer->subject_dn, issuer->subject_dn_len, hash); if (hash_len == 0 || name_hash_len != hash_len || os_memcmp(name_hash, hash, hash_len) != 0) { wpa_printf(MSG_DEBUG, "OCSP: issuerNameHash mismatch"); wpa_hexdump(MSG_DEBUG, "OCSP: Calculated issuerNameHash", hash, hash_len); return -1; } /* issuerKeyHash OCTET STRING */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_OCTETSTRING) { wpa_printf(MSG_DEBUG, "OCSP: Expected OCTET STRING (issuerKeyHash) - found class %d tag 0x%x", hdr.class, hdr.tag); return -1; } key_hash = hdr.payload; key_hash_len = hdr.length; wpa_hexdump(MSG_DEBUG, "OCSP: issuerKeyHash", key_hash, key_hash_len); pos = hdr.payload + hdr.length; hash_len = ocsp_hash_data(&alg.oid, issuer->public_key, issuer->public_key_len, hash); if (hash_len == 0 || key_hash_len != hash_len || os_memcmp(key_hash, hash, hash_len) != 0) { wpa_printf(MSG_DEBUG, "OCSP: issuerKeyHash mismatch"); wpa_hexdump(MSG_DEBUG, "OCSP: Calculated issuerKeyHash", hash, hash_len); return -1; } /* serialNumber CertificateSerialNumber ::= INTEGER */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_INTEGER || hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) { wpa_printf(MSG_DEBUG, "OCSP: No INTEGER tag found for serialNumber; class=%d tag=0x%x length=%u", hdr.class, hdr.tag, hdr.length); return -1; } serial_number = hdr.payload; serial_number_len = hdr.length; while (serial_number_len > 0 && serial_number[0] == 0) { serial_number++; serial_number_len--; } wpa_hexdump(MSG_MSGDUMP, "OCSP: serialNumber", serial_number, serial_number_len); if (serial_number_len != cert->serial_number_len || os_memcmp(serial_number, cert->serial_number, serial_number_len) != 0) { wpa_printf(MSG_DEBUG, "OCSP: serialNumber mismatch"); return -1; } pos = end; end = resp + len; /* certStatus CertStatus ::= CHOICE */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { wpa_printf(MSG_DEBUG, "OCSP: Expected CHOICE (CertStatus) - found class %d tag 0x%x", hdr.class, hdr.tag); return -1; } cert_status = hdr.tag; wpa_printf(MSG_DEBUG, "OCSP: certStatus=%u", cert_status); wpa_hexdump(MSG_DEBUG, "OCSP: CertStatus additional data", hdr.payload, hdr.length); pos = hdr.payload + hdr.length; os_get_time(&now); /* thisUpdate GeneralizedTime */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_GENERALIZEDTIME || x509_parse_time(hdr.payload, hdr.length, hdr.tag, &update) < 0) { wpa_printf(MSG_DEBUG, "OCSP: Failed to parse thisUpdate"); return -1; } wpa_printf(MSG_DEBUG, "OCSP: thisUpdate %lu", (unsigned long) update); pos = hdr.payload + hdr.length; if ((unsigned long) now.sec < (unsigned long) update) { wpa_printf(MSG_DEBUG, "OCSP: thisUpdate time in the future (response not yet valid)"); return -1; } /* nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL */ if (pos < end) { if (asn1_get_next(pos, end - pos, &hdr) < 0) return -1; if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC && hdr.tag == 0) { const u8 *next = hdr.payload + hdr.length; if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_GENERALIZEDTIME || x509_parse_time(hdr.payload, hdr.length, hdr.tag, &update) < 0) { wpa_printf(MSG_DEBUG, "OCSP: Failed to parse nextUpdate"); return -1; } wpa_printf(MSG_DEBUG, "OCSP: nextUpdate %lu", (unsigned long) update); pos = next; if ((unsigned long) now.sec > (unsigned long) update) { wpa_printf(MSG_DEBUG, "OCSP: nextUpdate time in the past (response has expired)"); return -1; } } } /* singleExtensions [1] EXPLICIT Extensions OPTIONAL */ if (pos < end) { wpa_hexdump(MSG_MSGDUMP, "OCSP: singleExtensions", pos, end - pos); /* Ignore for now */ } if (cert_status == 0 /* good */) *res = TLS_OCSP_GOOD; else if (cert_status == 1 /* revoked */) *res = TLS_OCSP_REVOKED; else return -1; return 0; } static enum tls_ocsp_result tls_process_ocsp_responses(struct tlsv1_client *conn, struct x509_certificate *cert, struct x509_certificate *issuer, const u8 *resp, size_t len) { struct asn1_hdr hdr; const u8 *pos, *end; enum tls_ocsp_result res; pos = resp; end = resp + len; while (pos < end) { /* SingleResponse ::= SEQUENCE */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_SEQUENCE) { wpa_printf(MSG_DEBUG, "OCSP: Expected SEQUENCE (SingleResponse) - found class %d tag 0x%x", hdr.class, hdr.tag); return TLS_OCSP_INVALID; } if (tls_process_ocsp_single_response(conn, cert, issuer, hdr.payload, hdr.length, &res) == 0) return res; pos = hdr.payload + hdr.length; } wpa_printf(MSG_DEBUG, "OCSP: Did not find a response matching the server certificate"); return TLS_OCSP_NO_RESPONSE; } static enum tls_ocsp_result tls_process_basic_ocsp_response(struct tlsv1_client *conn, struct x509_certificate *srv_cert, const u8 *resp, size_t len) { struct asn1_hdr hdr; const u8 *pos, *end; const u8 *resp_data, *sign_value, *key_hash = NULL, *responses; const u8 *resp_data_signed; size_t resp_data_len, sign_value_len, responses_len; size_t resp_data_signed_len; struct x509_algorithm_identifier alg; struct x509_certificate *certs = NULL, *last_cert = NULL; struct x509_certificate *issuer, *signer; struct x509_name name; /* used if key_hash == NULL */ char buf[100]; os_time_t produced_at; enum tls_ocsp_result res; wpa_hexdump(MSG_MSGDUMP, "OCSP: BasicOCSPResponse", resp, len); os_memset(&name, 0, sizeof(name)); /* * RFC 6960, 4.2.1: * BasicOCSPResponse ::= SEQUENCE { * tbsResponseData ResponseData, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } */ if (asn1_get_next(resp, len, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_SEQUENCE) { wpa_printf(MSG_DEBUG, "OCSP: Expected SEQUENCE (BasicOCSPResponse) - found class %d tag 0x%x", hdr.class, hdr.tag); return TLS_OCSP_INVALID; } pos = hdr.payload; end = hdr.payload + hdr.length; /* ResponseData ::= SEQUENCE */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_SEQUENCE) { wpa_printf(MSG_DEBUG, "OCSP: Expected SEQUENCE (ResponseData) - found class %d tag 0x%x", hdr.class, hdr.tag); return TLS_OCSP_INVALID; } resp_data = hdr.payload; resp_data_len = hdr.length; resp_data_signed = pos; pos = hdr.payload + hdr.length; resp_data_signed_len = pos - resp_data_signed; /* signatureAlgorithm AlgorithmIdentifier */ if (x509_parse_algorithm_identifier(pos, end - pos, &alg, &pos)) return TLS_OCSP_INVALID; /* signature BIT STRING */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_BITSTRING) { wpa_printf(MSG_DEBUG, "OCSP: Expected BITSTRING (signature) - found class %d tag 0x%x", hdr.class, hdr.tag); return TLS_OCSP_INVALID; } if (hdr.length < 1) return TLS_OCSP_INVALID; pos = hdr.payload; if (*pos) { wpa_printf(MSG_DEBUG, "OCSP: BITSTRING - %d unused bits", *pos); /* PKCS #1 v1.5 10.2.1: * It is an error if the length in bits of the signature S is * not a multiple of eight. */ return TLS_OCSP_INVALID; } sign_value = pos + 1; sign_value_len = hdr.length - 1; pos += hdr.length; wpa_hexdump(MSG_MSGDUMP, "OCSP: signature", sign_value, sign_value_len); /* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL */ if (pos < end) { if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC || hdr.tag != 0) { wpa_printf(MSG_DEBUG, "OCSP: Expected [0] EXPLICIT (certs) - found class %d tag 0x%x", hdr.class, hdr.tag); return TLS_OCSP_INVALID; } wpa_hexdump(MSG_MSGDUMP, "OCSP: certs", hdr.payload, hdr.length); pos = hdr.payload; end = hdr.payload + hdr.length; while (pos < end) { struct x509_certificate *cert; if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_SEQUENCE) { wpa_printf(MSG_DEBUG, "OCSP: Expected SEQUENCE (Certificate) - found class %d tag 0x%x", hdr.class, hdr.tag); goto fail; } cert = x509_certificate_parse(hdr.payload, hdr.length); if (!cert) goto fail; if (last_cert) { last_cert->next = cert; last_cert = cert; } else { last_cert = certs = cert; } pos = hdr.payload + hdr.length; } } /* * ResponseData ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, * responderID ResponderID, * producedAt GeneralizedTime, * responses SEQUENCE OF SingleResponse, * responseExtensions [1] EXPLICIT Extensions OPTIONAL } */ pos = resp_data; end = resp_data + resp_data_len; wpa_hexdump(MSG_MSGDUMP, "OCSP: ResponseData", pos, end - pos); /* * version [0] EXPLICIT Version DEFAULT v1 * Version ::= INTEGER { v1(0) } */ if (asn1_get_next(pos, end - pos, &hdr) < 0 && hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC && hdr.tag == 0) { if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_INTEGER || hdr.length != 1) { wpa_printf(MSG_DEBUG, "OCSP: No INTEGER (len=1) tag found for version field - found class %d tag 0x%x length %d", hdr.class, hdr.tag, hdr.length); goto fail; } wpa_printf(MSG_DEBUG, "OCSP: ResponseData version %u", hdr.payload[0]); if (hdr.payload[0] != 0) { wpa_printf(MSG_DEBUG, "OCSP: Unsupported ResponseData version %u", hdr.payload[0]); goto no_resp; } pos = hdr.payload + hdr.length; } else { wpa_printf(MSG_DEBUG, "OCSP: Default ResponseData version (v1)"); } /* * ResponderID ::= CHOICE { * byName [1] Name, * byKey [2] KeyHash } */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) { wpa_printf(MSG_DEBUG, "OCSP: Expected CHOICE (ResponderID) - found class %d tag 0x%x", hdr.class, hdr.tag); goto fail; } if (hdr.tag == 1) { /* Name */ if (x509_parse_name(hdr.payload, hdr.length, &name, &pos) < 0) goto fail; x509_name_string(&name, buf, sizeof(buf)); wpa_printf(MSG_DEBUG, "OCSP: ResponderID byName Name: %s", buf); } else if (hdr.tag == 2) { /* KeyHash ::= OCTET STRING */ if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_OCTETSTRING) { wpa_printf(MSG_DEBUG, "OCSP: Expected OCTET STRING (KeyHash) - found class %d tag 0x%x", hdr.class, hdr.tag); goto fail; } key_hash = hdr.payload; wpa_hexdump(MSG_DEBUG, "OCSP: ResponderID byKey KeyHash", key_hash, hdr.length); if (hdr.length != SHA1_MAC_LEN) { wpa_printf(MSG_DEBUG, "OCSP: Unexpected byKey KeyHash length %u - expected %u for SHA-1", hdr.length, SHA1_MAC_LEN); goto fail; } pos = hdr.payload + hdr.length; } else { wpa_printf(MSG_DEBUG, "OCSP: Unexpected ResponderID CHOICE %u", hdr.tag); goto fail; } /* producedAt GeneralizedTime */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_GENERALIZEDTIME || x509_parse_time(hdr.payload, hdr.length, hdr.tag, &produced_at) < 0) { wpa_printf(MSG_DEBUG, "OCSP: Failed to parse producedAt"); goto fail; } wpa_printf(MSG_DEBUG, "OCSP: producedAt %lu", (unsigned long) produced_at); pos = hdr.payload + hdr.length; /* responses SEQUENCE OF SingleResponse */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_SEQUENCE) { wpa_printf(MSG_DEBUG, "OCSP: Expected SEQUENCE (responses) - found class %d tag 0x%x", hdr.class, hdr.tag); goto fail; } responses = hdr.payload; responses_len = hdr.length; wpa_hexdump(MSG_MSGDUMP, "OCSP: responses", responses, responses_len); pos = hdr.payload + hdr.length; if (pos < end) { /* responseExtensions [1] EXPLICIT Extensions OPTIONAL */ wpa_hexdump(MSG_MSGDUMP, "OCSP: responseExtensions", pos, end - pos); /* Ignore for now. */ } if (!srv_cert) { wpa_printf(MSG_DEBUG, "OCSP: Server certificate not known - cannot check OCSP response"); goto no_resp; } if (srv_cert->next) { /* Issuer has already been verified in the chain */ issuer = srv_cert->next; } else { /* Find issuer from the set of trusted certificates */ for (issuer = conn->cred ? conn->cred->trusted_certs : NULL; issuer; issuer = issuer->next) { if (x509_name_compare(&srv_cert->issuer, &issuer->subject) == 0) break; } } if (!issuer) { wpa_printf(MSG_DEBUG, "OCSP: Server certificate issuer not known - cannot check OCSP response"); goto no_resp; } if (ocsp_responder_id_match(issuer, &name, key_hash)) { wpa_printf(MSG_DEBUG, "OCSP: Server certificate issuer certificate matches ResponderID"); signer = issuer; } else { for (signer = certs; signer; signer = signer->next) { if (!ocsp_responder_id_match(signer, &name, key_hash) || x509_name_compare(&srv_cert->issuer, &issuer->subject) != 0 || !(signer->ext_key_usage & X509_EXT_KEY_USAGE_OCSP) || x509_certificate_check_signature(issuer, signer) < 0) continue; wpa_printf(MSG_DEBUG, "OCSP: An extra certificate from the response matches ResponderID and is trusted as an OCSP signer"); break; } if (!signer) { wpa_printf(MSG_DEBUG, "OCSP: Could not find OCSP signer certificate"); goto no_resp; } } x509_free_name(&name); os_memset(&name, 0, sizeof(name)); x509_certificate_chain_free(certs); certs = NULL; if (x509_check_signature(signer, &alg, sign_value, sign_value_len, resp_data_signed, resp_data_signed_len) < 0) { wpa_printf(MSG_DEBUG, "OCSP: Invalid signature"); return TLS_OCSP_INVALID; } res = tls_process_ocsp_responses(conn, srv_cert, issuer, responses, responses_len); if (res == TLS_OCSP_REVOKED) srv_cert->ocsp_revoked = 1; else if (res == TLS_OCSP_GOOD) srv_cert->ocsp_good = 1; return res; no_resp: x509_free_name(&name); x509_certificate_chain_free(certs); return TLS_OCSP_NO_RESPONSE; fail: x509_free_name(&name); x509_certificate_chain_free(certs); return TLS_OCSP_INVALID; } enum tls_ocsp_result tls_process_ocsp_response(struct tlsv1_client *conn, const u8 *resp, size_t len) { struct asn1_hdr hdr; const u8 *pos, *end; u8 resp_status; struct asn1_oid oid; char obuf[80]; struct x509_certificate *cert; enum tls_ocsp_result res = TLS_OCSP_NO_RESPONSE; enum tls_ocsp_result res_first = res; wpa_hexdump(MSG_MSGDUMP, "TLSv1: OCSPResponse", resp, len); /* * RFC 6960, 4.2.1: * OCSPResponse ::= SEQUENCE { * responseStatus OCSPResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } */ if (asn1_get_next(resp, len, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_SEQUENCE) { wpa_printf(MSG_DEBUG, "OCSP: Expected SEQUENCE (OCSPResponse) - found class %d tag 0x%x", hdr.class, hdr.tag); return TLS_OCSP_INVALID; } pos = hdr.payload; end = hdr.payload + hdr.length; /* OCSPResponseStatus ::= ENUMERATED */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_ENUMERATED || hdr.length != 1) { wpa_printf(MSG_DEBUG, "OCSP: Expected ENUMERATED (responseStatus) - found class %d tag 0x%x length %u", hdr.class, hdr.tag, hdr.length); return TLS_OCSP_INVALID; } resp_status = hdr.payload[0]; wpa_printf(MSG_DEBUG, "OCSP: responseStatus %u", resp_status); pos = hdr.payload + hdr.length; if (resp_status != OCSP_RESP_STATUS_SUCCESSFUL) { wpa_printf(MSG_DEBUG, "OCSP: No stapling result"); return TLS_OCSP_NO_RESPONSE; } /* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL */ if (pos == end) return TLS_OCSP_NO_RESPONSE; if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC || hdr.tag != 0) { wpa_printf(MSG_DEBUG, "OCSP: Expected [0] EXPLICIT (responseBytes) - found class %d tag 0x%x", hdr.class, hdr.tag); return TLS_OCSP_INVALID; } /* * ResponseBytes ::= SEQUENCE { * responseType OBJECT IDENTIFIER, * response OCTET STRING } */ if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_SEQUENCE) { wpa_printf(MSG_DEBUG, "OCSP: Expected SEQUENCE (ResponseBytes) - found class %d tag 0x%x", hdr.class, hdr.tag); return TLS_OCSP_INVALID; } pos = hdr.payload; end = hdr.payload + hdr.length; /* responseType OBJECT IDENTIFIER */ if (asn1_get_oid(pos, end - pos, &oid, &pos)) { wpa_printf(MSG_DEBUG, "OCSP: Failed to parse OID (responseType)"); return TLS_OCSP_INVALID; } asn1_oid_to_str(&oid, obuf, sizeof(obuf)); wpa_printf(MSG_DEBUG, "OCSP: responseType %s", obuf); if (!is_oid_basic_ocsp_resp(&oid)) { wpa_printf(MSG_DEBUG, "OCSP: Ignore unsupported response type"); return TLS_OCSP_NO_RESPONSE; } /* response OCTET STRING */ if (asn1_get_next(pos, end - pos, &hdr) < 0 || hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_OCTETSTRING) { wpa_printf(MSG_DEBUG, "OCSP: Expected OCTET STRING (response) - found class %d tag 0x%x", hdr.class, hdr.tag); return TLS_OCSP_INVALID; } cert = conn->server_cert; while (cert) { if (!cert->ocsp_good && !cert->ocsp_revoked) { char sbuf[128]; x509_name_string(&cert->subject, sbuf, sizeof(sbuf)); wpa_printf(MSG_DEBUG, "OCSP: Trying to find certificate status for %s", sbuf); res = tls_process_basic_ocsp_response(conn, cert, hdr.payload, hdr.length); if (cert == conn->server_cert) res_first = res; } if (res == TLS_OCSP_REVOKED || cert->issuer_trusted) break; cert = cert->next; } return res == TLS_OCSP_REVOKED ? res : res_first; }