Topic: [SOLVED] Signature of OCSP response not verified?
I've set up my own CA with OpenSSL (1.0.1e). I created ECC-keys and issued the following certs:
cacert-ecc.pem
test3-ecc.pem
The following commands are all issued on my local laptop (which has 192.168.1.5 assigned).
I start my OpenSSL server:
D:\OpenSSL-CA-ECC>openssl s_server -CAfile cacert-ecc.pem -cert test3-ecc.pem -key test3-ecc-key.pem -debug -port 11111
I start my OpenSSL OCSP responder:
D:\OpenSSL-CA-ECC>openssl ocsp -index index.txt -port 192.168.1.5:8888 -rsigner cacert-ecc.pem -rkey private\cakey-ecc.pem -CA cacert-ecc.pem -text
Waiting for OCSP client connections...
I start my wolfSSL 2.8.0 test client on the same laptop inside a Cygwin environment (hence the unix style):
$ ./client -o -A /cygdrive/d/OpenSSL-CA-ECC/cacert-ecc.pem -c /cygdrive/d/OpenSSL-CA-ECC/test3-ecc.pem -k /cygdrive/d/OpenSSL-CA-ECC/test3-ecc-key.pem -h 192.168.1.5 -p 11111
The OCSP request and response dumped by the OpenSSL OCSP responder:
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 694F0EA887A109BF63EFD1420E7F0B501195929E
Issuer Key Hash: ACCCEC3C2E4DDCF100AFD46C6D085E8C92C80F81
Serial Number: 1003
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = DE, ST = Bayern, L = Regensburg, O = Daniel Zebralla, OU = A S&T CDS TCD, CN = ca.test.de, emailAddress = daniel.zebralla@continental-corporation.com
Produced At: Jan 24 11:35:15 2014 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 694F0EA887A109BF63EFD1420E7F0B501195929E
Issuer Key Hash: ACCCEC3C2E4DDCF100AFD46C6D085E8C92C80F81
Serial Number: 1003
Cert Status: good
This Update: Jan 24 11:35:15 2014 GMT
Signature Algorithm: ecdsa-with-SHA1
30:45:02:20:55:7c:09:e9:6b:09:15:ef:79:fc:55:5d:97:d4:
34:e1:db:f1:36:a6:01:b6:62:60:1f:3d:40:74:87:1a:fc:99:
02:21:00:b7:ae:b9:78:f1:69:5b:49:2b:88:95:2e:13:03:4c:
a3:63:83:2a:8f:65:6c:66:7e:f8:2c:80:23:b7:1e:94:d3
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8b:d4:04:ab:af:5b:65:69
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=DE, ST=Bayern, L=Regensburg, O=Daniel Zebralla, OU=A S&T CDS TCD, CN=ca.test.de/emailAddress=daniel.zebralla@continental-corporation.com
Validity
Not Before: Jan 14 07:47:23 2014 GMT
Not After : Jan 12 07:47:23 2024 GMT
Subject: C=DE, ST=Bayern, L=Regensburg, O=Daniel Zebralla, OU=A S&T CDS TCD, CN=ca.test.de/emailAddress=daniel.zebralla@continental-corporation.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:5d:a8:08:01:2e:b7:26:1e:6e:f3:36:16:70:b9:
c5:30:63:85:72:62:66:39:fe:ed:b8:71:6e:1c:ca:
30:62:be:d9:80:d2:f3:32:36:5b:08:8e:04:ad:29:
7d:b8:ce:ad:ab:14:e5:d5:9c:c9:24:5e:32:7f:52:
ab:6e:be:38:42
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:CC:EC:3C:2E:4D:DC:F1:00:AF:D4:6C:6D:08:5E:8C:92:C8:0F:81
X509v3 Authority Key Identifier:
keyid:AC:CC:EC:3C:2E:4D:DC:F1:00:AF:D4:6C:6D:08:5E:8C:92:C8:0F:81
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA1
30:45:02:20:61:f8:17:c9:45:89:0b:50:4d:6a:1e:92:e2:df:
09:14:e4:9d:1a:8b:c7:85:35:d3:de:77:b4:43:de:d8:b9:60:
02:21:00:9a:43:25:7b:8f:e6:13:21:18:26:5c:78:2e:5c:9a:
f1:55:36:8b:a5:2a:09:ac:26:ee:35:2e:77:bf:c7:53:2e
-----BEGIN CERTIFICATE-----
MIICszCCAlqgAwIBAgIJAIvUBKuvW2VpMAkGByqGSM49BAEwgbYxCzAJBgNVBAYT
AkRFMQ8wDQYDVQQIDAZCYXllcm4xEzARBgNVBAcMClJlZ2Vuc2J1cmcxGDAWBgNV
BAoMD0RhbmllbCBaZWJyYWxsYTEWMBQGA1UECwwNQSBTJlQgQ0RTIFRDRDETMBEG
A1UEAwwKY2EudGVzdC5kZTE6MDgGCSqGSIb3DQEJARYrZGFuaWVsLnplYnJhbGxh
QGNvbnRpbmVudGFsLWNvcnBvcmF0aW9uLmNvbTAeFw0xNDAxMTQwNzQ3MjNaFw0y
NDAxMTIwNzQ3MjNaMIG2MQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmF5ZXJuMRMw
EQYDVQQHDApSZWdlbnNidXJnMRgwFgYDVQQKDA9EYW5pZWwgWmVicmFsbGExFjAU
BgNVBAsMDUEgUyZUIENEUyBUQ0QxEzARBgNVBAMMCmNhLnRlc3QuZGUxOjA4Bgkq
hkiG9w0BCQEWK2RhbmllbC56ZWJyYWxsYUBjb250aW5lbnRhbC1jb3Jwb3JhdGlv
bi5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARdqAgBLrcmHm7zNhZwucUw
Y4VyYmY5/u24cW4cyjBivtmA0vMyNlsIjgStKX24zq2rFOXVnMkkXjJ/UqtuvjhC
o1AwTjAdBgNVHQ4EFgQUrMzsPC5N3PEAr9RsbQhejJLID4EwHwYDVR0jBBgwFoAU
rMzsPC5N3PEAr9RsbQhejJLID4EwDAYDVR0TBAUwAwEB/zAJBgcqhkjOPQQBA0gA
MEUCIGH4F8lFiQtQTWoekuLfCRTknRqLx4U10953tEPe2LlgAiEAmkMle4/mEyEY
Jlx4Llya8VU2i6UqCawm7jUud7/HUy4=
-----END CERTIFICATE-----
I am wondering, why the signature of the OCSP response seems NOT to get checked. Note the one line of debug output I've added in the wolfSSL embedded SSL debug messages further below, indicating an error in looking for OCSP extensions ( >>> DZ: In OcspResponseDecode, ret = -140). I'm missing a line like "About to verify certificate signature" while OCSP processing. As far as I debugged, the error code -140 results in OCSP response processing returning before the signature of its attached certificate would be checked. Is this the way it should be:
if (DecodeResponseData(source, &idx, resp, size) < 0)
return ASN_PARSE_E;
[...]
* see if there are certificates, they are optional.
*/
if (idx < end_index)
{
[...]
ret = ConfirmSignature(resp->response, resp->responseSz,
cert.publicKey, cert.pubKeySize, cert.keyOID,
resp->sig, resp->sigSz, resp->sigOID, NULL);
CyaSSL Entering CYASSL_CTX_new
CyaSSL Entering CyaSSL_CertManagerNew
CyaSSL Leaving CYASSL_CTX_new, return 0
CyaSSL Entering CyaSSL_CTX_OCSP_set_options
CyaSSL Entering CyaSSL_CTX_use_certificate_chain_file
Getting dynamic buffer
Checking cert signature type
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
ECDSA cert signature
CyaSSL Entering CyaSSL_CTX_use_PrivateKey_file
CyaSSL Entering GetMyVersion
CyaSSL Entering CyaSSL_CTX_load_verify_locations
Getting dynamic buffer
Processing CA PEM file
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Leaving DecodeCertExtensions, return 0
CyaSSL Entering GetAlgoId
Parsed new CA
Freeing Parsed CA
Freeing der CA
OK Freeing der CA
CyaSSL Leaving AddCA, return 0
Processed a CA
CyaSSL Entering SSL_new
CyaSSL Leaving SSL_new, return 0
CyaSSL Entering SSL_set_fd
CyaSSL Leaving SSL_set_fd, return 1
CyaSSL Entering SSL_connect()
growing output buffer
Shrinking output buffer
connect state: CLIENT_HELLO_SENT
growing input buffer
growing input buffer
received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing server hello
CyaSSL Leaving DoHandShakeMsgType(), return 0
CyaSSL Leaving DoHandShakeMsg(), return 0
growing input buffer
received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
Put another cert into chain
Put another cert into chain
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Leaving DecodeCertExtensions, return 0
CyaSSL Entering GetAlgoId
About to verify certificate signature
ECC Verify did match
Verified CA from chain and already had it
Verifying Peer's cert
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering DecodeAuthInfo
Extension type not handled, skipping
CyaSSL Entering DecodeSubjKeyId
CyaSSL Entering DecodeAuthKeyId
CyaSSL Leaving DecodeCertExtensions, return 0
CyaSSL Entering GetAlgoId
About to verify certificate signature
ECC Verify did match
Verified Peer's cert
Add a new OCSP entry
CyaSSL Entering InitOCSP_Entry
CyaSSL Entering InitOcspRequest
CyaSSL Entering EncodeOcspRequest
CyaSSL Entering SetSerialNumber
CyaSSL Entering InitOcspResponse
CyaSSL Entering OcspResponseDecode
CyaSSL Entering GetEnumerated
CyaSSL Entering DecodeBasicOcspResponse
CyaSSL Entering DecodeResponseData
CyaSSL Entering GetBasicDate
CyaSSL Entering DecodeSingleResponse
CyaSSL Entering GetAlgoId
CyaSSL Entering GetBasicDate
CyaSSL Entering DecodeOcspRespExtensions
>>> DZ: In OcspResponseDecode, ret = -140
CyaSSL Entering CompareOcspReqResp
CyaSSL Leaving DoHandShakeMsgType(), return 0
CyaSSL Leaving DoHandShakeMsg(), return 0
received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing server key exchange
CyaSSL Leaving DoHandShakeMsgType(), return 0
CyaSSL Leaving DoHandShakeMsg(), return 0
received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing server hello done
CyaSSL Leaving DoHandShakeMsgType(), return 0
CyaSSL Leaving DoHandShakeMsg(), return 0
connect state: HELLO_AGAIN
connect state: HELLO_AGAIN_REPLY
connect state: FIRST_REPLY_DONE
connect state: FIRST_REPLY_FIRST
growing output buffer
Shrinking output buffer
sent: client key exchange
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
growing output buffer
Shrinking output buffer
sent: change cipher spec
connect state: FIRST_REPLY_FOURTH
growing output buffer
Shrinking output buffer
sent: finished
connect state: FINISHED_DONE
received record layer msg
got CHANGE CIPHER SPEC
received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing finished
CyaSSL Leaving DoHandShakeMsgType(), return 0
CyaSSL Leaving DoHandShakeMsg(), return 0
connect state: SECOND_REPLY_DONE
Shrinking input buffer
CyaSSL Leaving SSL_connect(), return 1
CyaSSL Entering SSL_get_version
SSL version is TLSv1.2
CyaSSL Entering SSL_get_current_cipher
CyaSSL Entering SSL_CIPHER_get_name
SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
CyaSSL Entering SSL_write()
growing output buffer
Shrinking output buffer
CyaSSL Leaving SSL_write(), return 13
CyaSSL Entering CyaSSL_read()
CyaSSL Entering CyaSSL_read_internal()
CyaSSL Entering ReceiveData()
growing input buffer
growing input buffer
received record layer msg
got app DATA
Shrinking input buffer
CyaSSL Leaving ReceiveData(), return 13
CyaSSL Leaving CyaSSL_read_internal(), return 13
Server response: I hear you!
CyaSSL Entering SSL_shutdown()
growing output buffer
Shrinking output buffer
CyaSSL Leaving SSL_shutdown(), return 0
CyaSSL Entering SSL_free
CTX ref count not 0 yet, no free
CyaSSL Leaving SSL_free, return 0
CyaSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
CyaSSL Entering CyaSSL_CertManagerFree
CyaSSL Entering FreeOCSP_Entry
CyaSSL Leaving SSL_CTX_free, return 0
CyaSSL Entering CyaSSL_Cleanup
Best regards
- Daniel