3 * Copyright (c) 2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/tls.h"
13 #include "crypto/sha1.h"
16 #include "tlsv1_common.h"
17 #include "tlsv1_record.h"
18 #include "tlsv1_client.h"
19 #include "tlsv1_client_i.h"
22 /* RFC 6960, 4.2.1: OCSPResponseStatus ::= ENUMERATED */
23 enum ocsp_response_status {
24 OCSP_RESP_STATUS_SUCCESSFUL = 0,
25 OCSP_RESP_STATUS_MALFORMED_REQ = 1,
26 OCSP_RESP_STATUS_INT_ERROR = 2,
27 OCSP_RESP_STATUS_TRY_LATER = 3,
29 OCSP_RESP_STATUS_SIG_REQUIRED = 5,
30 OCSP_RESP_STATUS_UNAUTHORIZED = 6,
34 static int is_oid_basic_ocsp_resp(struct asn1_oid *oid)
36 return oid->len == 10 &&
37 oid->oid[0] == 1 /* iso */ &&
38 oid->oid[1] == 3 /* identified-organization */ &&
39 oid->oid[2] == 6 /* dod */ &&
40 oid->oid[3] == 1 /* internet */ &&
41 oid->oid[4] == 5 /* security */ &&
42 oid->oid[5] == 5 /* mechanisms */ &&
43 oid->oid[6] == 7 /* id-pkix */ &&
44 oid->oid[7] == 48 /* id-ad */ &&
45 oid->oid[8] == 1 /* id-pkix-ocsp */ &&
46 oid->oid[9] == 1 /* id-pkix-ocsp-basic */;
50 static int ocsp_responder_id_match(struct x509_certificate *signer,
51 struct x509_name *name, const u8 *key_hash)
54 u8 hash[SHA1_MAC_LEN];
55 const u8 *addr[1] = { signer->public_key };
56 size_t len[1] = { signer->public_key_len };
58 if (sha1_vector(1, addr, len, hash) < 0)
60 return os_memcmp(hash, key_hash, SHA1_MAC_LEN) == 0;
63 return x509_name_compare(&signer->subject, name) == 0;
67 static unsigned int ocsp_hash_data(struct asn1_oid *alg, const u8 *data,
68 size_t data_len, u8 *hash)
70 const u8 *addr[1] = { data };
71 size_t len[1] = { data_len };
74 if (x509_sha1_oid(alg)) {
75 if (sha1_vector(1, addr, len, hash) < 0)
77 wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA1)", hash, 20);
81 if (x509_sha256_oid(alg)) {
82 if (sha256_vector(1, addr, len, hash) < 0)
84 wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA256)", hash, 32);
88 if (x509_sha384_oid(alg)) {
89 if (sha384_vector(1, addr, len, hash) < 0)
91 wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA384)", hash, 48);
95 if (x509_sha512_oid(alg)) {
96 if (sha512_vector(1, addr, len, hash) < 0)
98 wpa_hexdump(MSG_MSGDUMP, "OCSP: Hash (SHA512)", hash, 64);
103 asn1_oid_to_str(alg, buf, sizeof(buf));
104 wpa_printf(MSG_DEBUG, "OCSP: Could not calculate hash with alg %s",
110 static int tls_process_ocsp_single_response(struct tlsv1_client *conn,
111 struct x509_certificate *cert,
112 struct x509_certificate *issuer,
113 const u8 *resp, size_t len,
114 enum tls_ocsp_result *res)
118 struct x509_algorithm_identifier alg;
119 const u8 *name_hash, *key_hash;
120 size_t name_hash_len, key_hash_len;
121 const u8 *serial_number;
122 size_t serial_number_len;
124 unsigned int hash_len;
125 unsigned int cert_status;
129 wpa_hexdump(MSG_MSGDUMP, "OCSP: SingleResponse", resp, len);
132 * SingleResponse ::= SEQUENCE {
134 * certStatus CertStatus,
135 * thisUpdate GeneralizedTime,
136 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
137 * singleExtensions [1] EXPLICIT Extensions OPTIONAL }
140 /* CertID ::= SEQUENCE */
141 if (asn1_get_next(resp, len, &hdr) < 0 ||
142 hdr.class != ASN1_CLASS_UNIVERSAL ||
143 hdr.tag != ASN1_TAG_SEQUENCE) {
144 wpa_printf(MSG_DEBUG,
145 "OCSP: Expected SEQUENCE (CertID) - found class %d tag 0x%x",
150 end = hdr.payload + hdr.length;
153 * CertID ::= SEQUENCE {
154 * hashAlgorithm AlgorithmIdentifier,
155 * issuerNameHash OCTET STRING,
156 * issuerKeyHash OCTET STRING,
157 * serialNumber CertificateSerialNumber }
160 /* hashAlgorithm AlgorithmIdentifier */
161 if (x509_parse_algorithm_identifier(pos, end - pos, &alg, &pos))
164 /* issuerNameHash OCTET STRING */
165 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
166 hdr.class != ASN1_CLASS_UNIVERSAL ||
167 hdr.tag != ASN1_TAG_OCTETSTRING) {
168 wpa_printf(MSG_DEBUG,
169 "OCSP: Expected OCTET STRING (issuerNameHash) - found class %d tag 0x%x",
173 name_hash = hdr.payload;
174 name_hash_len = hdr.length;
175 wpa_hexdump(MSG_DEBUG, "OCSP: issuerNameHash",
176 name_hash, name_hash_len);
177 pos = hdr.payload + hdr.length;
179 wpa_hexdump(MSG_DEBUG, "OCSP: Issuer subject DN",
180 issuer->subject_dn, issuer->subject_dn_len);
181 hash_len = ocsp_hash_data(&alg.oid, issuer->subject_dn,
182 issuer->subject_dn_len, hash);
183 if (hash_len == 0 || name_hash_len != hash_len ||
184 os_memcmp(name_hash, hash, hash_len) != 0) {
185 wpa_printf(MSG_DEBUG, "OCSP: issuerNameHash mismatch");
186 wpa_hexdump(MSG_DEBUG, "OCSP: Calculated issuerNameHash",
191 /* issuerKeyHash OCTET STRING */
192 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
193 hdr.class != ASN1_CLASS_UNIVERSAL ||
194 hdr.tag != ASN1_TAG_OCTETSTRING) {
195 wpa_printf(MSG_DEBUG,
196 "OCSP: Expected OCTET STRING (issuerKeyHash) - found class %d tag 0x%x",
200 key_hash = hdr.payload;
201 key_hash_len = hdr.length;
202 wpa_hexdump(MSG_DEBUG, "OCSP: issuerKeyHash", key_hash, key_hash_len);
203 pos = hdr.payload + hdr.length;
205 hash_len = ocsp_hash_data(&alg.oid, issuer->public_key,
206 issuer->public_key_len, hash);
207 if (hash_len == 0 || key_hash_len != hash_len ||
208 os_memcmp(key_hash, hash, hash_len) != 0) {
209 wpa_printf(MSG_DEBUG, "OCSP: issuerKeyHash mismatch");
210 wpa_hexdump(MSG_DEBUG, "OCSP: Calculated issuerKeyHash",
215 /* serialNumber CertificateSerialNumber ::= INTEGER */
216 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
217 hdr.class != ASN1_CLASS_UNIVERSAL ||
218 hdr.tag != ASN1_TAG_INTEGER ||
219 hdr.length < 1 || hdr.length > X509_MAX_SERIAL_NUM_LEN) {
220 wpa_printf(MSG_DEBUG, "OCSP: No INTEGER tag found for serialNumber; class=%d tag=0x%x length=%u",
221 hdr.class, hdr.tag, hdr.length);
224 serial_number = hdr.payload;
225 serial_number_len = hdr.length;
226 while (serial_number_len > 0 && serial_number[0] == 0) {
230 wpa_hexdump(MSG_MSGDUMP, "OCSP: serialNumber", serial_number,
233 if (serial_number_len != cert->serial_number_len ||
234 os_memcmp(serial_number, cert->serial_number,
235 serial_number_len) != 0) {
236 wpa_printf(MSG_DEBUG, "OCSP: serialNumber mismatch");
243 /* certStatus CertStatus ::= CHOICE */
244 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
245 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
246 wpa_printf(MSG_DEBUG,
247 "OCSP: Expected CHOICE (CertStatus) - found class %d tag 0x%x",
251 cert_status = hdr.tag;
252 wpa_printf(MSG_DEBUG, "OCSP: certStatus=%u", cert_status);
253 wpa_hexdump(MSG_DEBUG, "OCSP: CertStatus additional data",
254 hdr.payload, hdr.length);
255 pos = hdr.payload + hdr.length;
258 /* thisUpdate GeneralizedTime */
259 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
260 hdr.class != ASN1_CLASS_UNIVERSAL ||
261 hdr.tag != ASN1_TAG_GENERALIZEDTIME ||
262 x509_parse_time(hdr.payload, hdr.length, hdr.tag, &update) < 0) {
263 wpa_printf(MSG_DEBUG, "OCSP: Failed to parse thisUpdate");
266 wpa_printf(MSG_DEBUG, "OCSP: thisUpdate %lu", (unsigned long) update);
267 pos = hdr.payload + hdr.length;
268 if ((unsigned long) now.sec < (unsigned long) update) {
269 wpa_printf(MSG_DEBUG,
270 "OCSP: thisUpdate time in the future (response not yet valid)");
274 /* nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL */
276 if (asn1_get_next(pos, end - pos, &hdr) < 0)
278 if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC && hdr.tag == 0) {
279 const u8 *next = hdr.payload + hdr.length;
281 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
282 hdr.class != ASN1_CLASS_UNIVERSAL ||
283 hdr.tag != ASN1_TAG_GENERALIZEDTIME ||
284 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
286 wpa_printf(MSG_DEBUG,
287 "OCSP: Failed to parse nextUpdate");
290 wpa_printf(MSG_DEBUG, "OCSP: nextUpdate %lu",
291 (unsigned long) update);
293 if ((unsigned long) now.sec > (unsigned long) update) {
294 wpa_printf(MSG_DEBUG, "OCSP: nextUpdate time in the past (response has expired)");
300 /* singleExtensions [1] EXPLICIT Extensions OPTIONAL */
302 wpa_hexdump(MSG_MSGDUMP, "OCSP: singleExtensions",
307 if (cert_status == 0 /* good */)
308 *res = TLS_OCSP_GOOD;
309 else if (cert_status == 1 /* revoked */)
310 *res = TLS_OCSP_REVOKED;
317 static enum tls_ocsp_result
318 tls_process_ocsp_responses(struct tlsv1_client *conn,
319 struct x509_certificate *cert,
320 struct x509_certificate *issuer, const u8 *resp,
325 enum tls_ocsp_result res;
330 /* SingleResponse ::= SEQUENCE */
331 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
332 hdr.class != ASN1_CLASS_UNIVERSAL ||
333 hdr.tag != ASN1_TAG_SEQUENCE) {
334 wpa_printf(MSG_DEBUG,
335 "OCSP: Expected SEQUENCE (SingleResponse) - found class %d tag 0x%x",
337 return TLS_OCSP_INVALID;
339 if (tls_process_ocsp_single_response(conn, cert, issuer,
340 hdr.payload, hdr.length,
343 pos = hdr.payload + hdr.length;
346 wpa_printf(MSG_DEBUG,
347 "OCSP: Did not find a response matching the server certificate");
348 return TLS_OCSP_NO_RESPONSE;
352 static enum tls_ocsp_result
353 tls_process_basic_ocsp_response(struct tlsv1_client *conn,
354 struct x509_certificate *srv_cert,
355 const u8 *resp, size_t len)
359 const u8 *resp_data, *sign_value, *key_hash = NULL, *responses;
360 const u8 *resp_data_signed;
361 size_t resp_data_len, sign_value_len, responses_len;
362 size_t resp_data_signed_len;
363 struct x509_algorithm_identifier alg;
364 struct x509_certificate *certs = NULL, *last_cert = NULL;
365 struct x509_certificate *issuer, *signer;
366 struct x509_name name; /* used if key_hash == NULL */
368 os_time_t produced_at;
369 enum tls_ocsp_result res;
371 wpa_hexdump(MSG_MSGDUMP, "OCSP: BasicOCSPResponse", resp, len);
373 os_memset(&name, 0, sizeof(name));
377 * BasicOCSPResponse ::= SEQUENCE {
378 * tbsResponseData ResponseData,
379 * signatureAlgorithm AlgorithmIdentifier,
380 * signature BIT STRING,
381 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
384 if (asn1_get_next(resp, len, &hdr) < 0 ||
385 hdr.class != ASN1_CLASS_UNIVERSAL ||
386 hdr.tag != ASN1_TAG_SEQUENCE) {
387 wpa_printf(MSG_DEBUG,
388 "OCSP: Expected SEQUENCE (BasicOCSPResponse) - found class %d tag 0x%x",
390 return TLS_OCSP_INVALID;
393 end = hdr.payload + hdr.length;
395 /* ResponseData ::= SEQUENCE */
396 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
397 hdr.class != ASN1_CLASS_UNIVERSAL ||
398 hdr.tag != ASN1_TAG_SEQUENCE) {
399 wpa_printf(MSG_DEBUG,
400 "OCSP: Expected SEQUENCE (ResponseData) - found class %d tag 0x%x",
402 return TLS_OCSP_INVALID;
404 resp_data = hdr.payload;
405 resp_data_len = hdr.length;
406 resp_data_signed = pos;
407 pos = hdr.payload + hdr.length;
408 resp_data_signed_len = pos - resp_data_signed;
410 /* signatureAlgorithm AlgorithmIdentifier */
411 if (x509_parse_algorithm_identifier(pos, end - pos, &alg, &pos))
412 return TLS_OCSP_INVALID;
414 /* signature BIT STRING */
415 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
416 hdr.class != ASN1_CLASS_UNIVERSAL ||
417 hdr.tag != ASN1_TAG_BITSTRING) {
418 wpa_printf(MSG_DEBUG,
419 "OCSP: Expected BITSTRING (signature) - found class %d tag 0x%x",
421 return TLS_OCSP_INVALID;
424 return TLS_OCSP_INVALID;
427 wpa_printf(MSG_DEBUG, "OCSP: BITSTRING - %d unused bits", *pos);
428 /* PKCS #1 v1.5 10.2.1:
429 * It is an error if the length in bits of the signature S is
430 * not a multiple of eight.
432 return TLS_OCSP_INVALID;
434 sign_value = pos + 1;
435 sign_value_len = hdr.length - 1;
437 wpa_hexdump(MSG_MSGDUMP, "OCSP: signature", sign_value, sign_value_len);
439 /* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL */
441 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
442 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC ||
444 wpa_printf(MSG_DEBUG,
445 "OCSP: Expected [0] EXPLICIT (certs) - found class %d tag 0x%x",
447 return TLS_OCSP_INVALID;
449 wpa_hexdump(MSG_MSGDUMP, "OCSP: certs",
450 hdr.payload, hdr.length);
452 end = hdr.payload + hdr.length;
454 struct x509_certificate *cert;
456 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
457 hdr.class != ASN1_CLASS_UNIVERSAL ||
458 hdr.tag != ASN1_TAG_SEQUENCE) {
459 wpa_printf(MSG_DEBUG,
460 "OCSP: Expected SEQUENCE (Certificate) - found class %d tag 0x%x",
465 cert = x509_certificate_parse(hdr.payload, hdr.length);
469 last_cert->next = cert;
472 last_cert = certs = cert;
474 pos = hdr.payload + hdr.length;
479 * ResponseData ::= SEQUENCE {
480 * version [0] EXPLICIT Version DEFAULT v1,
481 * responderID ResponderID,
482 * producedAt GeneralizedTime,
483 * responses SEQUENCE OF SingleResponse,
484 * responseExtensions [1] EXPLICIT Extensions OPTIONAL }
487 end = resp_data + resp_data_len;
488 wpa_hexdump(MSG_MSGDUMP, "OCSP: ResponseData", pos, end - pos);
491 * version [0] EXPLICIT Version DEFAULT v1
492 * Version ::= INTEGER { v1(0) }
494 if (asn1_get_next(pos, end - pos, &hdr) < 0 &&
495 hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC &&
497 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
498 hdr.class != ASN1_CLASS_UNIVERSAL ||
499 hdr.tag != ASN1_TAG_INTEGER ||
501 wpa_printf(MSG_DEBUG,
502 "OCSP: No INTEGER (len=1) tag found for version field - found class %d tag 0x%x length %d",
503 hdr.class, hdr.tag, hdr.length);
506 wpa_printf(MSG_DEBUG, "OCSP: ResponseData version %u",
508 if (hdr.payload[0] != 0) {
509 wpa_printf(MSG_DEBUG,
510 "OCSP: Unsupported ResponseData version %u",
514 pos = hdr.payload + hdr.length;
516 wpa_printf(MSG_DEBUG,
517 "OCSP: Default ResponseData version (v1)");
521 * ResponderID ::= CHOICE {
523 * byKey [2] KeyHash }
525 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
526 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
527 wpa_printf(MSG_DEBUG,
528 "OCSP: Expected CHOICE (ResponderID) - found class %d tag 0x%x",
535 if (x509_parse_name(hdr.payload, hdr.length, &name, &pos) < 0)
537 x509_name_string(&name, buf, sizeof(buf));
538 wpa_printf(MSG_DEBUG, "OCSP: ResponderID byName Name: %s", buf);
539 } else if (hdr.tag == 2) {
540 /* KeyHash ::= OCTET STRING */
541 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
542 hdr.class != ASN1_CLASS_UNIVERSAL ||
543 hdr.tag != ASN1_TAG_OCTETSTRING) {
544 wpa_printf(MSG_DEBUG,
545 "OCSP: Expected OCTET STRING (KeyHash) - found class %d tag 0x%x",
549 key_hash = hdr.payload;
550 wpa_hexdump(MSG_DEBUG, "OCSP: ResponderID byKey KeyHash",
551 key_hash, hdr.length);
552 if (hdr.length != SHA1_MAC_LEN) {
553 wpa_printf(MSG_DEBUG,
554 "OCSP: Unexpected byKey KeyHash length %u - expected %u for SHA-1",
555 hdr.length, SHA1_MAC_LEN);
558 pos = hdr.payload + hdr.length;
560 wpa_printf(MSG_DEBUG, "OCSP: Unexpected ResponderID CHOICE %u",
565 /* producedAt GeneralizedTime */
566 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
567 hdr.class != ASN1_CLASS_UNIVERSAL ||
568 hdr.tag != ASN1_TAG_GENERALIZEDTIME ||
569 x509_parse_time(hdr.payload, hdr.length, hdr.tag,
571 wpa_printf(MSG_DEBUG, "OCSP: Failed to parse producedAt");
574 wpa_printf(MSG_DEBUG, "OCSP: producedAt %lu",
575 (unsigned long) produced_at);
576 pos = hdr.payload + hdr.length;
578 /* responses SEQUENCE OF SingleResponse */
579 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
580 hdr.class != ASN1_CLASS_UNIVERSAL ||
581 hdr.tag != ASN1_TAG_SEQUENCE) {
582 wpa_printf(MSG_DEBUG,
583 "OCSP: Expected SEQUENCE (responses) - found class %d tag 0x%x",
587 responses = hdr.payload;
588 responses_len = hdr.length;
589 wpa_hexdump(MSG_MSGDUMP, "OCSP: responses", responses, responses_len);
590 pos = hdr.payload + hdr.length;
593 /* responseExtensions [1] EXPLICIT Extensions OPTIONAL */
594 wpa_hexdump(MSG_MSGDUMP, "OCSP: responseExtensions",
596 /* Ignore for now. */
600 wpa_printf(MSG_DEBUG,
601 "OCSP: Server certificate not known - cannot check OCSP response");
605 if (srv_cert->next) {
606 /* Issuer has already been verified in the chain */
607 issuer = srv_cert->next;
609 /* Find issuer from the set of trusted certificates */
610 for (issuer = conn->cred ? conn->cred->trusted_certs : NULL;
611 issuer; issuer = issuer->next) {
612 if (x509_name_compare(&srv_cert->issuer,
613 &issuer->subject) == 0)
618 wpa_printf(MSG_DEBUG,
619 "OCSP: Server certificate issuer not known - cannot check OCSP response");
623 if (ocsp_responder_id_match(issuer, &name, key_hash)) {
624 wpa_printf(MSG_DEBUG,
625 "OCSP: Server certificate issuer certificate matches ResponderID");
628 for (signer = certs; signer; signer = signer->next) {
629 if (!ocsp_responder_id_match(signer, &name, key_hash) ||
630 x509_name_compare(&srv_cert->issuer,
631 &issuer->subject) != 0 ||
632 !(signer->ext_key_usage &
633 X509_EXT_KEY_USAGE_OCSP) ||
634 x509_certificate_check_signature(issuer, signer) <
637 wpa_printf(MSG_DEBUG,
638 "OCSP: An extra certificate from the response matches ResponderID and is trusted as an OCSP signer");
642 wpa_printf(MSG_DEBUG,
643 "OCSP: Could not find OCSP signer certificate");
648 x509_free_name(&name);
649 os_memset(&name, 0, sizeof(name));
650 x509_certificate_chain_free(certs);
653 if (x509_check_signature(signer, &alg, sign_value, sign_value_len,
654 resp_data_signed, resp_data_signed_len) < 0) {
655 wpa_printf(MSG_DEBUG, "OCSP: Invalid signature");
656 return TLS_OCSP_INVALID;
659 res = tls_process_ocsp_responses(conn, srv_cert, issuer,
660 responses, responses_len);
661 if (res == TLS_OCSP_REVOKED)
662 srv_cert->ocsp_revoked = 1;
663 else if (res == TLS_OCSP_GOOD)
664 srv_cert->ocsp_good = 1;
668 x509_free_name(&name);
669 x509_certificate_chain_free(certs);
670 return TLS_OCSP_NO_RESPONSE;
673 x509_free_name(&name);
674 x509_certificate_chain_free(certs);
675 return TLS_OCSP_INVALID;
679 enum tls_ocsp_result tls_process_ocsp_response(struct tlsv1_client *conn,
680 const u8 *resp, size_t len)
687 struct x509_certificate *cert;
688 enum tls_ocsp_result res = TLS_OCSP_NO_RESPONSE;
689 enum tls_ocsp_result res_first = res;
691 wpa_hexdump(MSG_MSGDUMP, "TLSv1: OCSPResponse", resp, len);
695 * OCSPResponse ::= SEQUENCE {
696 * responseStatus OCSPResponseStatus,
697 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
700 if (asn1_get_next(resp, len, &hdr) < 0 ||
701 hdr.class != ASN1_CLASS_UNIVERSAL ||
702 hdr.tag != ASN1_TAG_SEQUENCE) {
703 wpa_printf(MSG_DEBUG,
704 "OCSP: Expected SEQUENCE (OCSPResponse) - found class %d tag 0x%x",
706 return TLS_OCSP_INVALID;
709 end = hdr.payload + hdr.length;
711 /* OCSPResponseStatus ::= ENUMERATED */
712 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
713 hdr.class != ASN1_CLASS_UNIVERSAL ||
714 hdr.tag != ASN1_TAG_ENUMERATED ||
716 wpa_printf(MSG_DEBUG,
717 "OCSP: Expected ENUMERATED (responseStatus) - found class %d tag 0x%x length %u",
718 hdr.class, hdr.tag, hdr.length);
719 return TLS_OCSP_INVALID;
721 resp_status = hdr.payload[0];
722 wpa_printf(MSG_DEBUG, "OCSP: responseStatus %u", resp_status);
723 pos = hdr.payload + hdr.length;
724 if (resp_status != OCSP_RESP_STATUS_SUCCESSFUL) {
725 wpa_printf(MSG_DEBUG, "OCSP: No stapling result");
726 return TLS_OCSP_NO_RESPONSE;
729 /* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL */
731 return TLS_OCSP_NO_RESPONSE;
733 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
734 hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC ||
736 wpa_printf(MSG_DEBUG,
737 "OCSP: Expected [0] EXPLICIT (responseBytes) - found class %d tag 0x%x",
739 return TLS_OCSP_INVALID;
743 * ResponseBytes ::= SEQUENCE {
744 * responseType OBJECT IDENTIFIER,
745 * response OCTET STRING }
748 if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
749 hdr.class != ASN1_CLASS_UNIVERSAL ||
750 hdr.tag != ASN1_TAG_SEQUENCE) {
751 wpa_printf(MSG_DEBUG,
752 "OCSP: Expected SEQUENCE (ResponseBytes) - found class %d tag 0x%x",
754 return TLS_OCSP_INVALID;
757 end = hdr.payload + hdr.length;
759 /* responseType OBJECT IDENTIFIER */
760 if (asn1_get_oid(pos, end - pos, &oid, &pos)) {
761 wpa_printf(MSG_DEBUG,
762 "OCSP: Failed to parse OID (responseType)");
763 return TLS_OCSP_INVALID;
765 asn1_oid_to_str(&oid, obuf, sizeof(obuf));
766 wpa_printf(MSG_DEBUG, "OCSP: responseType %s", obuf);
767 if (!is_oid_basic_ocsp_resp(&oid)) {
768 wpa_printf(MSG_DEBUG, "OCSP: Ignore unsupported response type");
769 return TLS_OCSP_NO_RESPONSE;
772 /* response OCTET STRING */
773 if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
774 hdr.class != ASN1_CLASS_UNIVERSAL ||
775 hdr.tag != ASN1_TAG_OCTETSTRING) {
776 wpa_printf(MSG_DEBUG,
777 "OCSP: Expected OCTET STRING (response) - found class %d tag 0x%x",
779 return TLS_OCSP_INVALID;
782 cert = conn->server_cert;
784 if (!cert->ocsp_good && !cert->ocsp_revoked) {
787 x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
788 wpa_printf(MSG_DEBUG,
789 "OCSP: Trying to find certificate status for %s",
792 res = tls_process_basic_ocsp_response(conn, cert,
795 if (cert == conn->server_cert)
798 if (res == TLS_OCSP_REVOKED || cert->issuer_trusted)
802 return res == TLS_OCSP_REVOKED ? res : res_first;