diff --git a/certs/ocsp/imposter-root-ca-cert.der b/certs/ocsp/imposter-root-ca-cert.der new file mode 100644 index 0000000000..a9513dfc71 Binary files /dev/null and b/certs/ocsp/imposter-root-ca-cert.der differ diff --git a/certs/ocsp/imposter-root-ca-cert.pem b/certs/ocsp/imposter-root-ca-cert.pem new file mode 100644 index 0000000000..e4f17784b0 --- /dev/null +++ b/certs/ocsp/imposter-root-ca-cert.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 199 (0xc7) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com + Validity + Not Before: Apr 27 16:12:19 2026 GMT + Not After : Jan 21 16:12:19 2029 GMT + Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f3:c7:6e:93:4e:94:7d:9a:76:cb:3e:82:21:30: + a0:a5:4a:a2:6c:80:bf:e6:a0:7d:6c:cc:aa:e6:94: + f3:42:41:7f:1a:ba:5f:89:d2:84:67:81:4d:37:0b: + 26:ed:f8:f1:be:84:f5:33:9f:be:98:d1:88:86:c1: + 93:d3:8e:40:56:36:28:4f:14:c2:f7:a7:3b:ca:1d: + ae:59:6b:5f:79:54:b6:2e:6e:4d:7f:4c:71:0d:fb: + 3a:6e:95:8f:96:44:3c:f2:91:01:cb:68:17:07:33: + 97:cb:32:55:47:03:64:0c:4b:16:2e:20:f8:65:c7: + 6a:52:e4:fd:a9:2d:de:39:0c:5f:1a:14:10:9d:c3: + 2d:15:c4:88:2e:19:58:e1:fd:69:12:81:d2:af:f6: + 62:44:b0:89:82:b5:f5:17:23:2b:73:8e:e3:55:14: + 43:a5:4a:7e:cb:96:62:8f:96:bf:5f:c3:82:dc:86: + 86:85:89:f8:8e:68:b2:ef:e5:2e:8c:b9:8d:56:13: + 19:65:e9:79:c5:29:dc:89:0b:dd:23:35:fe:d5:48: + b6:2d:ad:ee:ee:6c:b8:3e:eb:79:1c:41:d1:b8:e5: + 0e:2f:2d:cf:d7:65:fa:71:6f:60:9b:90:30:43:da: + c3:e2:1b:8f:da:ab:37:c5:38:88:6b:85:15:5b:24: + 72:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 73:64:66:3E:9A:DE:12:EC:44:C2:5B:05:64:62:1D:63:23:43:55:E5 + X509v3 Authority Key Identifier: + keyid:73:64:66:3E:9A:DE:12:EC:44:C2:5B:05:64:62:1D:63:23:43:55:E5 + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com + serial:C7 + X509v3 Key Usage: + Certificate Sign, CRL Sign + Authority Information Access: + OCSP - URI:http://127.0.0.1:22220 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 35:b1:f0:64:89:fe:7e:b3:5f:80:15:57:a0:8f:cd:fc:a0:2d: + 36:29:39:a3:ee:d6:c0:f3:c2:e6:31:2e:ce:9b:d4:a1:3e:dc: + c7:0d:2a:ae:72:c6:fa:ee:77:d7:4b:98:c0:32:7e:d2:54:3f: + 41:34:09:22:f3:34:db:ff:4e:35:79:15:50:fa:e2:bd:37:1c: + 0e:dc:4e:b1:5a:5d:fd:be:bf:d1:75:02:9a:a8:61:da:d4:f1: + 35:b3:7e:9d:10:29:a8:cd:50:7c:3c:89:5e:a1:b2:51:e6:d8: + 4d:dd:cc:3d:b9:8e:5b:20:51:33:e0:03:57:e0:f7:5b:be:85: + 64:a7:8c:6d:40:56:cd:78:4f:6d:dc:04:f2:4a:f3:a1:29:3b: + 64:e5:db:a0:98:80:c8:6b:12:25:4c:18:40:2a:ce:b6:94:fe: + 58:bb:35:91:22:36:d7:29:70:53:2e:8b:be:e3:b7:08:d3:a8: + 66:19:ff:69:f0:c8:8f:b6:ea:21:bc:41:08:92:42:89:fd:d9: + 3a:9c:42:4b:c4:2e:81:4f:63:54:95:88:d9:56:66:08:dc:73: + 56:6a:97:5e:09:e5:fa:d2:52:3b:7f:bd:3b:1b:bb:f1:74:51: + 71:30:f3:ce:1c:21:75:89:97:7f:e4:38:f7:3e:66:c3:20:f3: + c0:f3:38:c9 +-----BEGIN CERTIFICATE----- +MIIE6DCCA9CgAwIBAgICAMcwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd29sZlNT +TCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2 +MDQyNzE2MTIxOVoXDTI5MDEyMTE2MTIxOVowgZcxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290 +IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA88duk06UfZp2yz6CITCgpUqibIC/5qB9bMyq +5pTzQkF/GrpfidKEZ4FNNwsm7fjxvoT1M5++mNGIhsGT045AVjYoTxTC96c7yh2u +WWtfeVS2Lm5Nf0xxDfs6bpWPlkQ88pEBy2gXBzOXyzJVRwNkDEsWLiD4ZcdqUuT9 +qS3eOQxfGhQQncMtFcSILhlY4f1pEoHSr/ZiRLCJgrX1FyMrc47jVRRDpUp+y5Zi +j5a/X8OC3IaGhYn4jmiy7+UujLmNVhMZZel5xSnciQvdIzX+1Ui2La3u7my4Put5 +HEHRuOUOLy3P12X6cW9gm5AwQ9rD4huP2qs3xTiIa4UVWyRyvwIDAQABo4IBOjCC +ATYwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUc2RmPpreEuxEwlsFZGIdYyNDVeUw +gcUGA1UdIwSBvTCBuoAUc2RmPpreEuxEwlsFZGIdYyNDVeWhgZ2kgZowgZcxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl +MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UE +AwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tggIAxzALBgNVHQ8EBAMCAQYwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB +hhZodHRwOi8vMTI3LjAuMC4xOjIyMjIwMA0GCSqGSIb3DQEBCwUAA4IBAQA1sfBk +if5+s1+AFVegj838oC02KTmj7tbA88LmMS7Om9ShPtzHDSqucsb67nfXS5jAMn7S +VD9BNAki8zTb/041eRVQ+uK9NxwO3E6xWl39vr/RdQKaqGHa1PE1s36dECmozVB8 +PIleobJR5thN3cw9uY5bIFEz4ANX4PdbvoVkp4xtQFbNeE9t3ATySvOhKTtk5dug +mIDIaxIlTBhAKs62lP5YuzWRIjbXKXBTLou+47cI06hmGf9p8MiPtuohvEEIkkKJ +/dk6nEJLxC6BT2NUlYjZVmYI3HNWapdeCeX60lI7f707G7vxdFFxMPPOHCF1iZd/ +5Dj3PmbDIPPA8zjJ +-----END CERTIFICATE----- diff --git a/certs/ocsp/imposter-root-ca-key.der b/certs/ocsp/imposter-root-ca-key.der new file mode 100644 index 0000000000..383300ad92 Binary files /dev/null and b/certs/ocsp/imposter-root-ca-key.der differ diff --git a/certs/ocsp/imposter-root-ca-key.pem b/certs/ocsp/imposter-root-ca-key.pem new file mode 100644 index 0000000000..334a8373c4 --- /dev/null +++ b/certs/ocsp/imposter-root-ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDzx26TTpR9mnbL +PoIhMKClSqJsgL/moH1szKrmlPNCQX8aul+J0oRngU03Cybt+PG+hPUzn76Y0YiG +wZPTjkBWNihPFML3pzvKHa5Za195VLYubk1/THEN+zpulY+WRDzykQHLaBcHM5fL +MlVHA2QMSxYuIPhlx2pS5P2pLd45DF8aFBCdwy0VxIguGVjh/WkSgdKv9mJEsImC +tfUXIytzjuNVFEOlSn7LlmKPlr9fw4LchoaFifiOaLLv5S6MuY1WExll6XnFKdyJ +C90jNf7VSLYtre7ubLg+63kcQdG45Q4vLc/XZfpxb2CbkDBD2sPiG4/aqzfFOIhr +hRVbJHK/AgMBAAECggEAI3Y/7hrQvALDxCYYLPbTb6gPP6RtBgITrMeLFtbVGi7H +7B3vdu+SRjJHhrnPFHARzoqt1rAmvDlC2IOBWxWG42OmcnaNNBR2PJ0btzNI5K// +fnqaOGnoykVhByQnio7rpMeWUL4YF3qYWr08LYPfQnCLzfMK31dmbp+UDM+402hi +HSGW/EZBbVrLLjVNUta1F7FKQYx2Eq3P+Xaga58thJAoILsJItyE0iI+qK9zVWmQ +xFkV99xKqpIq/IFWd86Z8QvrhZV2OdvF5uduUytfxz9Bql8dgK1dhDJvz2i3SPxV +oDDwo10gG7Hi0/lk2vIwsZUDci6eNn0BDLwVudClwQKBgQD+5nde7SM5J18MLNMp +EGFDLDCbcjFQoVuVRCVu1+mmO/7zC1ozwYtU+SzNmLvpvZYtUgDBlsAlP+rtsUOX +ltwhTI56mCGK3TbK3HvqCLz6O4K8ty2es6uDBezQagVygOoVG4AirHLlL4FeZ/S0 +uvH48jWCqsdBL1NygNt4Kov9fwKBgQD01K6yGKwm6Hgvs/qtHA7kMaD0yQWelX4M +SJdf/Rjq3/Nh5Cpj8Peu8KIjomnkQisFHqHnAqAiy1IGo8NbjvM/H0JOSTWy2ths +l6zncle/uGXbjxqqfKecsqAOigXzJQhXtHvh+pSu5mOb+incKyAJ0ZpvAZFhcWIA +1LT12LyqwQKBgG1E4psg0N6pUAdqF8McsHUZNmUMmLNV2GquYdWYXSLTyUDq9uoE +5/OvNVOVS8ixavVWl9hlBU1yjwUB3lXXZ9omdVV8bbSXi+t+hOgYgtpKNIstgzLr +FnT+TzwwltE1DiOqPE2g20gAC1cq/S2UjjIHsoSnLO92mDEXp/1lT8mFAoGAYEY+ +CASRtZ8Wm9OPUIFHDc7CN1/RGOI6NcRZ2kIhiULVZvoc/T3ld+JiL9cPAtZOKm44 +RioPJH+FWt0M1jUpS/oTzcsWFaXfExy1vjGFdfuh+iuU1dO86W6IaA84dbtrQ2nS +iTNLQleQdeZyjYRbzeChdONN8t5uJlt+aWp4DkECgYAG5w5yilDcQedV231V1fcG +IgPLkrwUVNusevAe9Jzqs6L+GwCjuR1fQ7nxfRHZOwGQNz6sMQkhVc15PI5Oer+A +vbWDr93IlBjtrc6hYqMO3MwpNz2JKVF2T5+33lbS26dxhvzaXNVZdBdDtwIgCQ78 +CBGsRUzILXd0N1/ou7ASOg== +-----END PRIVATE KEY----- diff --git a/certs/ocsp/include.am b/certs/ocsp/include.am index 5520eee942..29ab4dc3b8 100644 --- a/certs/ocsp/include.am +++ b/certs/ocsp/include.am @@ -55,6 +55,10 @@ EXTRA_DIST += \ certs/ocsp/root-ca-cert.pem \ certs/ocsp/root-ca-cert.der \ certs/ocsp/root-ca-crl.pem \ + certs/ocsp/imposter-root-ca-key.pem \ + certs/ocsp/imposter-root-ca-key.der \ + certs/ocsp/imposter-root-ca-cert.pem \ + certs/ocsp/imposter-root-ca-cert.der \ certs/ocsp/test-response.der \ certs/ocsp/test-response-rsapss.der \ certs/ocsp/test-response-nointern.der \ diff --git a/certs/ocsp/renewcerts-for-test.sh b/certs/ocsp/renewcerts-for-test.sh index 91b761376a..e278ce6c4f 100755 --- a/certs/ocsp/renewcerts-for-test.sh +++ b/certs/ocsp/renewcerts-for-test.sh @@ -60,6 +60,30 @@ rm root-ca-cert.csr openssl x509 -in root-ca-cert.pem -text > tmp.pem mv tmp.pem root-ca-cert.pem +# imposter-root-ca: self-signed cert sharing the legitimate root-ca DN but +# with a different key. Used to test that OCSP responder authorization is +# bound to the CertID issuerKeyHash, not just the issuer name. +openssl req \ + -new \ + -config "$WOLF_REQ_CONF" \ + -key imposter-root-ca-key.pem \ + -out imposter-root-ca-cert.csr \ + -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com" + +openssl x509 \ + -req -in imposter-root-ca-cert.csr \ + -extfile $1 \ + -extensions v3_ca \ + -days 1000 \ + -signkey imposter-root-ca-key.pem \ + -set_serial 199 \ + -out imposter-root-ca-cert.pem \ + -sha256 + +rm imposter-root-ca-cert.csr +openssl x509 -in imposter-root-ca-cert.pem -text > imposter-root-ca-cert_tmp.pem +mv imposter-root-ca-cert_tmp.pem imposter-root-ca-cert.pem + update_cert intermediate1-ca "wolfSSL intermediate CA 1" root-ca v3_ca 01 $1 update_cert intermediate2-ca "wolfSSL intermediate CA 2" root-ca v3_ca 02 $1 update_cert intermediate3-ca "wolfSSL REVOKED intermediate CA" root-ca v3_ca 03 $1 # REVOKED diff --git a/certs/ocsp/renewcerts.sh b/certs/ocsp/renewcerts.sh index deda8d6a24..24f8a0e493 100755 --- a/certs/ocsp/renewcerts.sh +++ b/certs/ocsp/renewcerts.sh @@ -54,6 +54,43 @@ check_result $? "" openssl rsa -in root-ca-key.pem -outform DER -out root-ca-key.der check_result $? "" +# imposter-root-ca: self-signed cert sharing the legitimate root-ca DN but with +# a different key. Used to test that OCSP responder authorization is bound to +# the CertID issuerKeyHash, not just the issuer name. +echo "OCSP renew certs imposter root step 1" +openssl req \ + -new \ + -key imposter-root-ca-key.pem \ + -out imposter-root-ca-cert.csr \ + -config ../renewcerts/wolfssl.cnf \ + -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com" +check_result $? "" + +echo "OCSP renew certs imposter root step 2" +openssl x509 \ + -req -in imposter-root-ca-cert.csr \ + -extfile openssl.cnf \ + -extensions v3_ca \ + -days 1000 \ + -signkey imposter-root-ca-key.pem \ + -set_serial 199 \ + -out imposter-root-ca-cert.pem +check_result $? "" + +rm imposter-root-ca-cert.csr +echo "OCSP renew certs imposter root step 3" +openssl x509 -in imposter-root-ca-cert.pem -text > tmp.pem +check_result $? "" +mv tmp.pem imposter-root-ca-cert.pem + +echo "OCSP renew certs imposter root step 4" +openssl x509 -in imposter-root-ca-cert.pem -outform DER \ + -out imposter-root-ca-cert.der +check_result $? "" +openssl rsa -in imposter-root-ca-key.pem -outform DER \ + -out imposter-root-ca-key.der +check_result $? "" + # $1 cert, $2 name, $3 ca, $4 extensions, $5 serial update_cert() { echo "Updating certificate \"$1-cert.pem\"" diff --git a/src/ocsp.c b/src/ocsp.c index 8c779c6247..bbcf2409f2 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -584,8 +584,8 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK -static int CheckOcspResponderChain(OcspEntry* single, byte* issuerHash, - void* vp, Signer* pendingCAs) { +static int CheckOcspResponderChain(OcspEntry* single, byte* issuerNameHash, + byte* issuerKeyHash, void* vp, Signer* pendingCAs) { /* Attempt to build a chain up to cert's issuer */ WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; Signer* ca = NULL; @@ -602,47 +602,62 @@ static int CheckOcspResponderChain(OcspEntry* single, byte* issuerHash, * in OCSP request */ - /* End loop if no more issuers found or if we have found a self - * signed cert (ca == prev) */ - ca = GetCAByName(cm, single->issuerHash); + if (issuerKeyHash == NULL) + return 0; + + /* Select CertID issuer by key hash so a same-DN / different-key trust + * anchor cannot hijack the starting point. */ + ca = GetCAByKeyHash(cm, single->issuerKeyHash); + if (ca != NULL && XMEMCMP(ca->subjectNameHash, single->issuerHash, + OCSP_DIGEST_SIZE) != 0) { + ca = NULL; + } #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (ca == NULL && pendingCAs != NULL) { - ca = findSignerByName(pendingCAs, single->issuerHash); + ca = findSignerByKeyHash(pendingCAs, single->issuerKeyHash); + if (ca != NULL && XMEMCMP(ca->subjectNameHash, single->issuerHash, + OCSP_DIGEST_SIZE) != 0) { + ca = NULL; + } } #else (void)pendingCAs; #endif for (; ca != NULL && ca != prev; prev = ca) { - if (XMEMCMP(issuerHash, ca->issuerNameHash, OCSP_DIGEST_SIZE) == 0) { + Signer* parent = GetCAByName(cm, ca->issuerNameHash); +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (parent == NULL && pendingCAs != NULL) { + parent = findSignerByName(pendingCAs, ca->issuerNameHash); + } +#endif + if (parent == NULL || parent == ca) + break; + + if (XMEMCMP(parent->subjectNameHash, issuerNameHash, + OCSP_DIGEST_SIZE) == 0 && + XMEMCMP(parent->subjectKeyHash, issuerKeyHash, + KEYID_SIZE) == 0) { WOLFSSL_MSG("\tOCSP Response signed by authorized " "responder delegated by issuer " "(found in chain)"); passed = 1; break; } - ca = GetCAByName(cm, ca->issuerNameHash); -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - if (ca == NULL && pendingCAs != NULL) { - ca = findSignerByName(pendingCAs, single->issuerHash); - } -#endif + + ca = parent; } return passed; } #endif -/** - * Enforce https://www.rfc-editor.org/rfc/rfc6960#section-4.2.2.2 - * @param bs The basic OCSP response to verify - * @param subjectHash The subject key hash of the OCSP responder certificate - * @param extExtKeyUsage The extended key usage bits of the responder certificate - * @param issuerHash The issuer name hash of the OCSP responder certificate - * @param vp Unused (reserved for future use) - * @return 1 if the responder is authorized to sign the response, 0 otherwise - */ -int CheckOcspResponder(OcspResponse *bs, byte* subjectHash, - byte extExtKeyUsage, byte* issuerHash, void* vp) +/* Enforce https://www.rfc-editor.org/rfc/rfc6960#section-4.2.2.2. Both halves + * of CertID (issuerNameHash and issuerKeyHash) must match; name-only matching + * would authorize a same-DN / different-key CA. issuerKeyHash may be NULL when + * unavailable, which disables the delegated branch. */ +int CheckOcspResponder(OcspResponse *bs, byte* subjectNameHash, + byte* subjectKeyHash, byte extExtKeyUsage, byte* issuerNameHash, + byte* issuerKeyHash, void* vp) { int ret = 0; OcspEntry* single; @@ -657,29 +672,34 @@ int CheckOcspResponder(OcspResponse *bs, byte* subjectHash, /* In the future if this API is used more then it could be beneficial to * implement calling InitDecodedCert and ParseCertRelative here * automatically when cert == NULL. */ - if (bs == NULL || subjectHash == NULL || issuerHash == NULL) + if (bs == NULL || subjectNameHash == NULL || issuerNameHash == NULL) return BAD_FUNC_ARG; - /* Traverse the list and check that the cert has the authority to provide - * an OCSP response for each entry. */ for (single = bs->single; single != NULL; single = single->next) { int passed = 0; - if (XMEMCMP(subjectHash, single->issuerHash, OCSP_DIGEST_SIZE) == 0) { + if (subjectKeyHash != NULL && + XMEMCMP(subjectNameHash, single->issuerHash, + OCSP_DIGEST_SIZE) == 0 && + XMEMCMP(subjectKeyHash, single->issuerKeyHash, + KEYID_SIZE) == 0) { WOLFSSL_MSG("\tOCSP Response signed by issuer"); passed = 1; } else if ((extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) != 0) { - if (XMEMCMP(issuerHash, single->issuerHash, OCSP_DIGEST_SIZE) - == 0) { + if (issuerKeyHash != NULL && + XMEMCMP(issuerNameHash, single->issuerHash, + OCSP_DIGEST_SIZE) == 0 && + XMEMCMP(issuerKeyHash, single->issuerKeyHash, + KEYID_SIZE) == 0) { WOLFSSL_MSG("\tOCSP Response signed by authorized responder " "delegated by issuer"); passed = 1; } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK else if (vp != NULL) { - passed = CheckOcspResponderChain(single, issuerHash, vp, - bs->pendingCAs); + passed = CheckOcspResponderChain(single, issuerNameHash, + issuerKeyHash, vp, bs->pendingCAs); } #endif } @@ -1083,8 +1103,10 @@ static int OcspVerifySigner(WOLFSSL_OCSP_BASICRESP *resp, DecodedCert *cert, } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK if ((flags & WOLFSSL_OCSP_NOCHECKS) == 0) { - ret = CheckOcspResponder(resp, c->subjectHash, c->extExtKeyUsage, - c->issuerHash, st->cm); + ret = CheckOcspResponder(resp, c->subjectHash, c->subjectKeyHash, + c->extExtKeyUsage, c->issuerHash, + (c->ca != NULL) ? c->ca->subjectKeyHash : NULL, + st->cm); } else { ret = 0; diff --git a/tests/api.c b/tests/api.c index 00a3d82644..c9266c14c6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -37520,6 +37520,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_inject), TEST_DECL(test_ocsp_status_callback), TEST_DECL(test_ocsp_basic_verify), + TEST_DECL(test_ocsp_responder_keyhash_binding), TEST_DECL(test_ocsp_response_parsing), TEST_DECL(test_ocsp_certid_enc_dec), TEST_DECL(test_ocsp_certid_dup), diff --git a/tests/api/create_ocsp_test_blobs.py b/tests/api/create_ocsp_test_blobs.py index 51313162e7..92cd0cba87 100644 --- a/tests/api/create_ocsp_test_blobs.py +++ b/tests/api/create_ocsp_test_blobs.py @@ -266,6 +266,23 @@ def create_response(rd: dict) -> rfc6960.OCSPResponse: for entry in rd.get('responses', []): if entry.get('certificate'): sr = single_response_from_cert(entry['certificate'], entry['status']) + elif entry.get('name_cert') and entry.get('key_cert'): + # Forge a CertID where issuerNameHash and issuerKeyHash are taken + # from different certificates. Used to test that responder + # authorization is bound to BOTH halves of the CertID. + name_der = cert_pem_to_der(entry['name_cert']) + name_cert, _ = decode(bytes(name_der), asn1Spec=rfc6960.Certificate()) + key_der = cert_pem_to_der(entry['key_cert']) + key_cert, _ = decode(bytes(key_der), asn1Spec=rfc6960.Certificate()) + issuer_name_hash = sha1(encode(get_name(name_cert))).digest() + issuer_key_hash = sha1(get_key(key_cert).asOctets()).digest() + cid = cert_id_from_hash(issuer_name_hash, issuer_key_hash, + entry['serial']) + sr = rfc6960.SingleResponse().clone() + sr.setComponentByName('certID', cid) + sr['certStatus'] = cert_status(entry['status']) + sr['thisUpdate'] = useful.GeneralizedTime().fromDateTime( + datetime.now() - timedelta(days=1)) else: sr = single_response(entry['issuer_cert'], entry['serial'], entry['status']) responses.append(sr) @@ -480,6 +497,28 @@ def create_bad_response(rd: dict) -> bytes: 'responder_key': WOLFSSL_OCSP_CERT_PATH + '../ca-key.pem', 'name': 'resp_server_cert_unknown' }, + { + # Forged response: CertID's issuerNameHash points at the legitimate + # root CA, but issuerKeyHash points at the imposter root CA (same + # DN, different key). Signed by the legitimate ocsp-responder so + # the response signature alone verifies. Used to confirm that + # responder authorization rejects mismatched CertID halves. + 'response_status': 0, + 'signature_algorithm': signature_algorithm(), + 'certs_path': [WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-cert.pem'], + 'responder_by_name': True, + 'responses': [ + { + 'name_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem', + 'key_cert': WOLFSSL_OCSP_CERT_PATH + + 'imposter-root-ca-cert.pem', + 'serial': 0x01, + 'status': CERT_GOOD + } + ], + 'responder_key': WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem', + 'name': 'resp_certid_keyhash_mismatch' + }, ] with open('./tests/api/test_ocsp_test_blobs.h', 'w') as f: @@ -517,6 +556,7 @@ def create_bad_response(rd: dict) -> bytes: add_certificate(WOLFSSL_OCSP_CERT_PATH + '../ca-cert.pem', f) add_certificate(WOLFSSL_OCSP_CERT_PATH + '../server-cert.pem', f) add_certificate(WOLFSSL_OCSP_CERT_PATH + 'intermediate1-ca-cert.pem', f) + add_certificate(WOLFSSL_OCSP_CERT_PATH + 'imposter-root-ca-cert.pem', f) br = create_bad_response({ 'response_status': 0, 'responder_by_key': True, diff --git a/tests/api/test_ocsp.c b/tests/api/test_ocsp.c index 02938adfd3..bd4a0633bb 100644 --- a/tests/api/test_ocsp.c +++ b/tests/api/test_ocsp.c @@ -382,6 +382,48 @@ int test_ocsp_basic_verify(void) } #endif /* HAVE_OCSP && (OPENSSL_ALL || OPENSSL_EXTRA) */ +#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ + !defined(NO_RSA) && !defined(WOLFSSL_NO_OCSP_ISSUER_CHECK) +/* Verify that OCSP responder authorization is bound to BOTH halves of the + * CertID (issuerNameHash AND issuerKeyHash). The forged response in + * resp_certid_keyhash_mismatch was signed by the legitimate ocsp-responder + * (so the response signature itself verifies) but its CertID pairs the + * legitimate root CA's name hash with the imposter root CA's key hash. With + * a name-only authorization check the response would be incorrectly + * accepted; the CertID-bound check must reject it. */ +int test_ocsp_responder_keyhash_binding(void) +{ + EXPECT_DECLS; + WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL; + WOLFSSL_X509_STORE* store = NULL; + const unsigned char* ptr = NULL; + OcspResponse* response = NULL; + + ExpectIntEQ(test_ocsp_create_x509store(&store, root_ca_cert_pem, + sizeof(root_ca_cert_pem)), + TEST_SUCCESS); + ExpectIntEQ(test_create_stack_of_x509(&certs, ocsp_responder_cert_pem, + sizeof(ocsp_responder_cert_pem)), + TEST_SUCCESS); + + ptr = (const unsigned char*)resp_certid_keyhash_mismatch; + ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, + sizeof(resp_certid_keyhash_mismatch))); + ExpectIntNE(wolfSSL_OCSP_basic_verify(response, certs, store, 0), + WOLFSSL_SUCCESS); + + wolfSSL_OCSP_RESPONSE_free(response); + wolfSSL_sk_X509_pop_free(certs, wolfSSL_X509_free); + wolfSSL_X509_STORE_free(store); + return EXPECT_RESULT(); +} +#else +int test_ocsp_responder_keyhash_binding(void) +{ + return TEST_SKIPPED; +} +#endif + #if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) && \ defined(OPENSSL_ALL) && !defined(WOLFSSL_SMALL_CERT_VERIFY) diff --git a/tests/api/test_ocsp.h b/tests/api/test_ocsp.h index 6df114b873..a139f56824 100644 --- a/tests/api/test_ocsp.h +++ b/tests/api/test_ocsp.h @@ -26,6 +26,7 @@ int test_ocsp_certid_enc_dec(void); int test_ocsp_certid_dup(void); int test_ocsp_status_callback(void); int test_ocsp_basic_verify(void); +int test_ocsp_responder_keyhash_binding(void); int test_ocsp_response_parsing(void); int test_ocsp_tls_cert_cb(void); int test_ocsp_cert_unknown_crl_fallback(void); diff --git a/tests/api/test_ocsp_test_blobs.h b/tests/api/test_ocsp_test_blobs.h index db50b1a493..78d8b956e5 100644 --- a/tests/api/test_ocsp_test_blobs.h +++ b/tests/api/test_ocsp_test_blobs.h @@ -1414,6 +1414,159 @@ unsigned char resp_server_cert_unknown[] = { 0x4f, 0x6b, 0xb9, 0xec, 0xc8, 0x29, }; +unsigned char resp_certid_keyhash_mismatch[] = { + 0x30, 0x82, 0x07, 0x04, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0xfd, 0x30, + 0x82, 0x06, 0xf9, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x06, 0xea, 0x30, 0x82, 0x06, 0xe6, 0x30, 0x82, + 0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, + 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, + 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, + 0x32, 0x30, 0x32, 0x36, 0x30, 0x34, 0x32, 0x36, 0x31, 0x38, 0x32, 0x36, + 0x33, 0x32, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, + 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, + 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0x64, 0x66, 0x3e, 0x9a, 0xde, + 0x12, 0xec, 0x44, 0xc2, 0x5b, 0x05, 0x64, 0x62, 0x1d, 0x63, 0x23, 0x43, + 0x55, 0xe5, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, + 0x36, 0x30, 0x34, 0x32, 0x36, 0x31, 0x38, 0x32, 0x36, 0x33, 0x32, 0x5a, + 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x45, 0x7f, 0xe9, 0x4a, 0x3b, 0x66, + 0x29, 0x88, 0xfb, 0x2a, 0xce, 0x7a, 0xd4, 0xcf, 0xe0, 0x98, 0xec, 0xd4, + 0x52, 0xb4, 0x98, 0x95, 0xd1, 0x0a, 0x60, 0x37, 0xae, 0x48, 0x9d, 0xc9, + 0x93, 0x49, 0xb1, 0x39, 0x2e, 0x03, 0x66, 0xb4, 0x97, 0x21, 0xc9, 0x60, + 0x1b, 0xda, 0x7d, 0xbd, 0x64, 0xb3, 0xf1, 0xc6, 0x73, 0xff, 0x48, 0xb1, + 0x5c, 0xe0, 0xa1, 0x2d, 0xd7, 0xab, 0x4e, 0x15, 0x51, 0x78, 0xab, 0x8c, + 0x1c, 0x47, 0x0f, 0x03, 0xfe, 0x49, 0xe2, 0x80, 0x94, 0xfe, 0x03, 0x62, + 0x16, 0x09, 0xf8, 0xda, 0x12, 0x12, 0x08, 0xf6, 0x8e, 0xea, 0x8e, 0x7c, + 0xdf, 0xbf, 0x17, 0xe2, 0xe8, 0x34, 0xb7, 0xef, 0x54, 0x51, 0xb1, 0x0e, + 0xd4, 0xec, 0x47, 0xcb, 0x3b, 0xc4, 0x1b, 0x7e, 0xd0, 0x2e, 0x61, 0x83, + 0x35, 0x1b, 0xec, 0x0d, 0xc0, 0xea, 0x62, 0xa2, 0x92, 0x8b, 0xff, 0x2e, + 0x6b, 0x96, 0x94, 0x29, 0x28, 0xe0, 0x7d, 0x33, 0x77, 0x09, 0xa4, 0xc4, + 0xd3, 0x89, 0x9d, 0x34, 0xce, 0xbc, 0xff, 0x46, 0xbf, 0x14, 0x7c, 0x87, + 0xdf, 0x96, 0xb8, 0xe9, 0x2d, 0x79, 0x49, 0xba, 0x9b, 0xcf, 0xf6, 0x86, + 0x13, 0x04, 0xab, 0x9f, 0x93, 0xf5, 0x3c, 0x01, 0x06, 0x05, 0x39, 0xa4, + 0xeb, 0xbc, 0xb2, 0x6b, 0xf9, 0x38, 0x60, 0xeb, 0xfd, 0x96, 0xf3, 0x85, + 0xb4, 0xca, 0x89, 0xf9, 0x16, 0x8a, 0xdd, 0x9c, 0xbc, 0x13, 0x75, 0xe8, + 0x5e, 0x86, 0x50, 0x5b, 0x29, 0x12, 0x7f, 0xbc, 0xfc, 0xe1, 0xf3, 0x10, + 0xb3, 0xf6, 0x20, 0x42, 0xe0, 0x58, 0xbc, 0x78, 0x87, 0x14, 0x56, 0xf4, + 0x68, 0xe4, 0x34, 0x11, 0xe9, 0x9e, 0x16, 0x17, 0x9f, 0x43, 0xe3, 0x69, + 0xcf, 0x91, 0x33, 0xfb, 0x2e, 0xef, 0x0a, 0xd0, 0xd5, 0x10, 0x32, 0x69, + 0x82, 0xe6, 0x50, 0x73, 0xfb, 0x58, 0x2d, 0x25, 0x56, 0x97, 0xa0, 0x82, + 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, + 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, + 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, + 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33, 0x32, 0x30, 0x34, + 0x31, 0x33, 0x35, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, 0x38, 0x30, 0x39, + 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, + 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, + 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, + 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, + 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, + 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, + 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, + 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, + 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, + 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, + 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, + 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, + 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, + 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, + 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, + 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, + 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, + 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, + 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, + 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, + 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, + 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, + 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, + 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, + 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, + 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x22, 0xcf, 0xe2, 0xc4, + 0x3c, 0x0e, 0xcf, 0x43, 0xc2, 0x2b, 0x77, 0xd9, 0x53, 0xbb, 0xbf, 0x46, + 0x5a, 0x67, 0x26, 0x1f, 0xd6, 0x8c, 0xe2, 0xae, 0xd3, 0x6b, 0xda, 0x7c, + 0xa5, 0xb4, 0x79, 0x29, 0x0f, 0xb8, 0xf0, 0x14, 0x71, 0x90, 0x21, 0x7c, + 0x3c, 0x23, 0x2e, 0x5b, 0xb6, 0xb6, 0x66, 0xb5, 0xd2, 0xfd, 0x96, 0x21, + 0x4c, 0x7c, 0x9d, 0x9f, 0x85, 0x69, 0x8c, 0xd8, 0xc2, 0xbf, 0x3b, 0x1f, + 0x7b, 0xaf, 0x27, 0xb9, 0x30, 0x5b, 0x51, 0x4a, 0x16, 0x07, 0xa0, 0x14, + 0x80, 0x47, 0x31, 0x45, 0xf0, 0x31, 0x35, 0xb9, 0x93, 0x39, 0x77, 0x32, + 0x51, 0xa0, 0x8b, 0x93, 0x91, 0x96, 0x77, 0x41, 0x1a, 0x30, 0x15, 0xb8, + 0xe6, 0xeb, 0x49, 0x8e, 0x3c, 0xa5, 0x11, 0x46, 0x68, 0x13, 0xf5, 0x61, + 0x07, 0xac, 0x42, 0x3e, 0x69, 0xf3, 0x9f, 0x6b, 0x64, 0xd5, 0xe4, 0x42, + 0x1d, 0xed, 0x6c, 0xb7, 0x3b, 0xb1, 0x78, 0xc6, 0x9a, 0xb0, 0x38, 0xe2, + 0xe6, 0xfe, 0x5b, 0xc3, 0x87, 0x11, 0x49, 0x1e, 0x48, 0x73, 0x5a, 0x88, + 0x77, 0x89, 0xfb, 0xc7, 0x87, 0xef, 0x87, 0xe1, 0x17, 0x8b, 0x66, 0x16, + 0x44, 0x7c, 0x6e, 0x5f, 0x2d, 0x5a, 0x2f, 0xd0, 0xbe, 0x76, 0x69, 0x84, + 0xda, 0x3c, 0xa3, 0x4f, 0xbf, 0x00, 0xff, 0xcc, 0x67, 0x06, 0x16, 0x40, + 0x0f, 0x75, 0xdc, 0xe3, 0x20, 0xd6, 0x7b, 0x99, 0xc7, 0xbf, 0x38, 0x21, + 0x51, 0x30, 0x4a, 0x4b, 0x77, 0xd7, 0x39, 0xd3, 0xe2, 0x4d, 0x67, 0x68, + 0x0e, 0x7c, 0x95, 0xc4, 0x51, 0x22, 0xc4, 0x0f, 0x74, 0xa5, 0xdd, 0xf5, + 0xac, 0xa8, 0xf5, 0x8c, 0xfb, 0x90, 0xba, 0xff, 0x5e, 0x3e, 0x1f, 0xaa, + 0x7d, 0x61, 0xbb, 0xa4, 0x22, 0x35, 0x16, 0x64, 0xfc, 0x42, 0x27, 0x0b, + 0xc9, 0xe3, 0xba, 0x21, 0xad, 0x7b, 0x24, 0x2a, 0xa5, 0x25, 0xb7, 0xc4, +}; + unsigned char ocsp_responder_cert_pem[] = { 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, @@ -1954,6 +2107,114 @@ unsigned char intermediate1_ca_cert_pem[] = { 0xfb, 0xb8, 0x77, 0x01, 0x34, 0xaf, 0xcc, 0x0e, }; +unsigned char imposter_root_ca_cert_pem[] = { + 0x30, 0x82, 0x04, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x02, 0x00, 0xc7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, + 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, + 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, + 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, + 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, + 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, + 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x36, + 0x30, 0x34, 0x32, 0x37, 0x31, 0x36, 0x31, 0x32, 0x31, 0x39, 0x5a, 0x17, + 0x0d, 0x32, 0x39, 0x30, 0x31, 0x32, 0x31, 0x31, 0x36, 0x31, 0x32, 0x31, + 0x39, 0x5a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf3, 0xc7, 0x6e, + 0x93, 0x4e, 0x94, 0x7d, 0x9a, 0x76, 0xcb, 0x3e, 0x82, 0x21, 0x30, 0xa0, + 0xa5, 0x4a, 0xa2, 0x6c, 0x80, 0xbf, 0xe6, 0xa0, 0x7d, 0x6c, 0xcc, 0xaa, + 0xe6, 0x94, 0xf3, 0x42, 0x41, 0x7f, 0x1a, 0xba, 0x5f, 0x89, 0xd2, 0x84, + 0x67, 0x81, 0x4d, 0x37, 0x0b, 0x26, 0xed, 0xf8, 0xf1, 0xbe, 0x84, 0xf5, + 0x33, 0x9f, 0xbe, 0x98, 0xd1, 0x88, 0x86, 0xc1, 0x93, 0xd3, 0x8e, 0x40, + 0x56, 0x36, 0x28, 0x4f, 0x14, 0xc2, 0xf7, 0xa7, 0x3b, 0xca, 0x1d, 0xae, + 0x59, 0x6b, 0x5f, 0x79, 0x54, 0xb6, 0x2e, 0x6e, 0x4d, 0x7f, 0x4c, 0x71, + 0x0d, 0xfb, 0x3a, 0x6e, 0x95, 0x8f, 0x96, 0x44, 0x3c, 0xf2, 0x91, 0x01, + 0xcb, 0x68, 0x17, 0x07, 0x33, 0x97, 0xcb, 0x32, 0x55, 0x47, 0x03, 0x64, + 0x0c, 0x4b, 0x16, 0x2e, 0x20, 0xf8, 0x65, 0xc7, 0x6a, 0x52, 0xe4, 0xfd, + 0xa9, 0x2d, 0xde, 0x39, 0x0c, 0x5f, 0x1a, 0x14, 0x10, 0x9d, 0xc3, 0x2d, + 0x15, 0xc4, 0x88, 0x2e, 0x19, 0x58, 0xe1, 0xfd, 0x69, 0x12, 0x81, 0xd2, + 0xaf, 0xf6, 0x62, 0x44, 0xb0, 0x89, 0x82, 0xb5, 0xf5, 0x17, 0x23, 0x2b, + 0x73, 0x8e, 0xe3, 0x55, 0x14, 0x43, 0xa5, 0x4a, 0x7e, 0xcb, 0x96, 0x62, + 0x8f, 0x96, 0xbf, 0x5f, 0xc3, 0x82, 0xdc, 0x86, 0x86, 0x85, 0x89, 0xf8, + 0x8e, 0x68, 0xb2, 0xef, 0xe5, 0x2e, 0x8c, 0xb9, 0x8d, 0x56, 0x13, 0x19, + 0x65, 0xe9, 0x79, 0xc5, 0x29, 0xdc, 0x89, 0x0b, 0xdd, 0x23, 0x35, 0xfe, + 0xd5, 0x48, 0xb6, 0x2d, 0xad, 0xee, 0xee, 0x6c, 0xb8, 0x3e, 0xeb, 0x79, + 0x1c, 0x41, 0xd1, 0xb8, 0xe5, 0x0e, 0x2f, 0x2d, 0xcf, 0xd7, 0x65, 0xfa, + 0x71, 0x6f, 0x60, 0x9b, 0x90, 0x30, 0x43, 0xda, 0xc3, 0xe2, 0x1b, 0x8f, + 0xda, 0xab, 0x37, 0xc5, 0x38, 0x88, 0x6b, 0x85, 0x15, 0x5b, 0x24, 0x72, + 0xbf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x3a, 0x30, 0x82, + 0x01, 0x36, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x73, 0x64, 0x66, 0x3e, 0x9a, 0xde, 0x12, 0xec, 0x44, + 0xc2, 0x5b, 0x05, 0x64, 0x62, 0x1d, 0x63, 0x23, 0x43, 0x55, 0xe5, 0x30, + 0x81, 0xc5, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbd, 0x30, 0x81, + 0xba, 0x80, 0x14, 0x73, 0x64, 0x66, 0x3e, 0x9a, 0xde, 0x12, 0xec, 0x44, + 0xc2, 0x5b, 0x05, 0x64, 0x62, 0x1d, 0x63, 0x23, 0x43, 0x55, 0xe5, 0xa1, + 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, + 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x82, 0x02, 0x00, 0xc7, 0x30, 0x0b, 0x06, 0x03, 0x55, + 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, + 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, + 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, + 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x35, 0xb1, 0xf0, 0x64, + 0x89, 0xfe, 0x7e, 0xb3, 0x5f, 0x80, 0x15, 0x57, 0xa0, 0x8f, 0xcd, 0xfc, + 0xa0, 0x2d, 0x36, 0x29, 0x39, 0xa3, 0xee, 0xd6, 0xc0, 0xf3, 0xc2, 0xe6, + 0x31, 0x2e, 0xce, 0x9b, 0xd4, 0xa1, 0x3e, 0xdc, 0xc7, 0x0d, 0x2a, 0xae, + 0x72, 0xc6, 0xfa, 0xee, 0x77, 0xd7, 0x4b, 0x98, 0xc0, 0x32, 0x7e, 0xd2, + 0x54, 0x3f, 0x41, 0x34, 0x09, 0x22, 0xf3, 0x34, 0xdb, 0xff, 0x4e, 0x35, + 0x79, 0x15, 0x50, 0xfa, 0xe2, 0xbd, 0x37, 0x1c, 0x0e, 0xdc, 0x4e, 0xb1, + 0x5a, 0x5d, 0xfd, 0xbe, 0xbf, 0xd1, 0x75, 0x02, 0x9a, 0xa8, 0x61, 0xda, + 0xd4, 0xf1, 0x35, 0xb3, 0x7e, 0x9d, 0x10, 0x29, 0xa8, 0xcd, 0x50, 0x7c, + 0x3c, 0x89, 0x5e, 0xa1, 0xb2, 0x51, 0xe6, 0xd8, 0x4d, 0xdd, 0xcc, 0x3d, + 0xb9, 0x8e, 0x5b, 0x20, 0x51, 0x33, 0xe0, 0x03, 0x57, 0xe0, 0xf7, 0x5b, + 0xbe, 0x85, 0x64, 0xa7, 0x8c, 0x6d, 0x40, 0x56, 0xcd, 0x78, 0x4f, 0x6d, + 0xdc, 0x04, 0xf2, 0x4a, 0xf3, 0xa1, 0x29, 0x3b, 0x64, 0xe5, 0xdb, 0xa0, + 0x98, 0x80, 0xc8, 0x6b, 0x12, 0x25, 0x4c, 0x18, 0x40, 0x2a, 0xce, 0xb6, + 0x94, 0xfe, 0x58, 0xbb, 0x35, 0x91, 0x22, 0x36, 0xd7, 0x29, 0x70, 0x53, + 0x2e, 0x8b, 0xbe, 0xe3, 0xb7, 0x08, 0xd3, 0xa8, 0x66, 0x19, 0xff, 0x69, + 0xf0, 0xc8, 0x8f, 0xb6, 0xea, 0x21, 0xbc, 0x41, 0x08, 0x92, 0x42, 0x89, + 0xfd, 0xd9, 0x3a, 0x9c, 0x42, 0x4b, 0xc4, 0x2e, 0x81, 0x4f, 0x63, 0x54, + 0x95, 0x88, 0xd9, 0x56, 0x66, 0x08, 0xdc, 0x73, 0x56, 0x6a, 0x97, 0x5e, + 0x09, 0xe5, 0xfa, 0xd2, 0x52, 0x3b, 0x7f, 0xbd, 0x3b, 0x1b, 0xbb, 0xf1, + 0x74, 0x51, 0x71, 0x30, 0xf3, 0xce, 0x1c, 0x21, 0x75, 0x89, 0x97, 0x7f, + 0xe4, 0x38, 0xf7, 0x3e, 0x66, 0xc3, 0x20, 0xf3, 0xc0, 0xf3, 0x38, 0xc9, +}; + unsigned char resp_bad[] = { 0x30, 0x82, 0x01, 0xa9, 0xa0, 0x82, 0x01, 0xa5, 0x30, 0x82, 0x01, 0xa1, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index cbd2a9901b..3c38997c04 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -22546,17 +22546,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, } #ifdef HAVE_OCSP - if (type != CA_TYPE && - type != TRUSTED_PEER_TYPE) { - /* Need the CA's public key hash for OCSP */ - if (cert->ca) { - XMEMCPY(cert->issuerKeyHash, cert->ca->subjectKeyHash, - KEYID_SIZE); - } - else if (cert->selfSigned) { - XMEMCPY(cert->issuerKeyHash, cert->subjectKeyHash, - KEYID_SIZE); - } + /* Needed for OCSP requests, and for binding responder authorization + * to CertID's issuerKeyHash when this cert becomes a Signer. */ + if (cert->ca) { + XMEMCPY(cert->issuerKeyHash, cert->ca->subjectKeyHash, + KEYID_SIZE); + } + else if (cert->selfSigned) { + XMEMCPY(cert->issuerKeyHash, cert->subjectKeyHash, + KEYID_SIZE); } #endif /* HAVE_OCSP */ } @@ -22859,6 +22857,8 @@ int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der) #ifdef HAVE_OCSP XMEMCPY(signer->subjectKeyHash, cert->subjectKeyHash, KEYID_SIZE); + XMEMCPY(signer->issuerKeyHash, cert->issuerKeyHash, + KEYID_SIZE); #endif signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage : 0xFFFF; @@ -32876,7 +32876,8 @@ static int OcspRespCheck(OcspResponse *resp, Signer *responder, void* vp) return -1; ret = CheckOcspResponder(resp, responder->subjectNameHash, - responder->extKeyUsage, responder->issuerNameHash, vp); + responder->subjectKeyHash, responder->extKeyUsage, + responder->issuerNameHash, responder->issuerKeyHash, vp); if (ret != 0) return -1; @@ -32964,8 +32965,9 @@ static int OcspCheckCert(OcspResponse *resp, int noVerify, #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK if (ret == 0 && !noVerify) { - ret = CheckOcspResponder(resp, cert->subjectHash, cert->extExtKeyUsage, - cert->issuerHash, cm); + ret = CheckOcspResponder(resp, cert->subjectHash, cert->subjectKeyHash, + cert->extExtKeyUsage, cert->issuerHash, + (cert->ca != NULL) ? cert->ca->subjectKeyHash : NULL, cm); if (ret != 0) { WOLFSSL_MSG("\tOCSP Responder certificate issuer check failed"); goto err; diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 525e067883..8778a144ec 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -74,8 +74,9 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp OcspEntry *entry, OcspRequest *ocspRequest, void* heap); -WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, byte* subjectHash, - byte extExtKeyUsage, byte* issuerHash, void* vp); +WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, byte* subjectNameHash, + byte* subjectKeyHash, byte extExtKeyUsage, byte* issuerNameHash, + byte* issuerKeyHash, void* vp); /* Allocates and initializes a WOLFSSL_OCSP object */ WOLFSSL_API WOLFSSL_OCSP* wc_NewOCSP(WOLFSSL_CERT_MANAGER* cm); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index b3028c9c99..80cb3ee25f 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2152,6 +2152,11 @@ struct Signer { #endif #ifdef HAVE_OCSP byte subjectKeyHash[KEYID_SIZE]; + byte issuerKeyHash[KEYID_SIZE]; /* subject key hash of the immediate + * issuer CA (i.e. the parent that signed + * this cert), used to bind OCSP CertID + * issuerKeyHash matching during responder + * authorization checks */ #endif #if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL) byte serialHash[SIGNER_DIGEST_SIZE]; /* serial number hash */