CDRIVER-3408 OCSP stapling support for OpenSSL

Author: bazile-clyde

src/libmongoc/src/mongoc/mongoc-openssl-private.h

@@ -26,9 +26,13 @@
 
 #include "mongoc-ssl.h"
 
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(OPENSSL_NO_OCSP) && \
+   !defined(LIBRESSL_VERSION_NUMBER)
+#define MONGOC_ENABLE_OCSP
+#endif
 
-BSON_BEGIN_DECLS
 
+BSON_BEGIN_DECLS
 
 bool
 _mongoc_openssl_check_cert (SSL *ssl,
@@ -43,6 +47,11 @@ _mongoc_openssl_init (void);
 void
 _mongoc_openssl_cleanup (void);
 
+#ifdef MONGOC_ENABLE_OCSP
+int
+_mongoc_ocsp_tlsext_status_cb (SSL *ssl, void *arg);
+#endif
+
 
 BSON_END_DECLS
 

src/libmongoc/src/mongoc/mongoc-openssl.c

@@ -23,17 +23,19 @@
 #include <openssl/bio.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/ocsp.h>
 #include <openssl/x509v3.h>
 #include <openssl/crypto.h>
 
 #include <string.h>
 
 #include "mongoc-init.h"
+#include "mongoc-openssl-private.h"
 #include "mongoc-socket.h"
 #include "mongoc-ssl.h"
-#include "mongoc-openssl-private.h"
-#include "mongoc-trace-private.h"
+#include "mongoc-stream-tls-openssl-private.h"
 #include "mongoc-thread-private.h"
+#include "mongoc-trace-private.h"
 #include "mongoc-util-private.h"
 
 #ifdef _WIN32
@@ -451,6 +453,189 @@ _mongoc_openssl_setup_pem_file (SSL_CTX *ctx,
    return 1;
 }
 
+#ifdef MONGOC_ENABLE_OCSP
+
+static X509 *
+_get_issuer (X509 *cert, STACK_OF (X509) * chain)
+{
+   X509 *issuer = NULL, *candidate = NULL;
+   X509_NAME *issuer_name = NULL, *candidate_name = NULL;
+   int i;
+
+   issuer_name = X509_get_issuer_name (cert);
+   for (i = 0; i < sk_X509_num (chain) && issuer == NULL; i++) {
+      candidate = sk_X509_value (chain, i);
+      candidate_name = X509_get_subject_name (candidate);
+      if (0 == X509_NAME_cmp (candidate_name, issuer_name)) {
+         issuer = candidate;
+      }
+   }
+   return issuer;
+}
+
+#define ERR_STR (ERR_error_string (ERR_get_error (), NULL))
+
+int
+_mongoc_ocsp_tlsext_status_cb (SSL *ssl, void *arg)
+{
+   const int ERROR = -1, FAILURE = 0, SUCCESS = 1;
+   OCSP_RESPONSE *resp = NULL;
+   OCSP_BASICRESP *basic = NULL;
+   X509_STORE *store = NULL;
+   X509 *peer = NULL, *issuer = NULL;
+   STACK_OF (X509) *cert_chain = NULL;
+   const unsigned char *r = NULL;
+   int cert_status, reason, len, status, ret;
+   OCSP_CERTID *id = NULL;
+   mongoc_openssl_ocsp_opt_t *opts = (mongoc_openssl_ocsp_opt_t *) arg;
+   ASN1_GENERALIZEDTIME *produced_at = NULL, *this_update = NULL,
+                        *next_update = NULL;
+
+   if (opts->weak_cert_validation) {
+      return SUCCESS;
+   }
+
+   if (!(peer = SSL_get_peer_certificate (ssl))) {
+      MONGOC_ERROR ("No certificate was presented by the peer: %s", ERR_STR);
+      ret = ERROR;
+      goto done;
+   }
+
+   /* Get the stapled OCSP response returned by the server */
+   len = SSL_get_tlsext_status_ocsp_resp (ssl, &r);
+   if (!r) {
+      bool must_staple = X509_get_ext_d2i (peer, NID_tlsfeature, 0, 0) != NULL;
+      if (must_staple) {
+         MONGOC_ERROR ("Server must contain a stapled response: %s", ERR_STR);
+         ret = FAILURE;
+         goto done;
+      }
+      ret = SUCCESS; // TODO: contact OCSP responder
+      goto done;
+   }
+
+   /* obtain an OCSP_RESPONSE object from the OCSP response */
+   if (!d2i_OCSP_RESPONSE (&resp, &r, len)) {
+      MONGOC_ERROR ("Failed to parse OCSP response: %s", ERR_STR);
+      ret = ERROR;
+      goto done;
+   }
+
+   /* Validate the OCSP response status of the OCSP_RESPONSE object */
+   status = OCSP_response_status (resp);
+   if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+      MONGOC_ERROR ("OCSP response error %d %s",
+                    status,
+                    OCSP_response_status_str (status));
+      ret = ERROR;
+      goto done;
+   }
+
+   /* Get the OCSP_BASICRESP structure contained in OCSP_RESPONSE object for the
+    * peer cert */
+   basic = OCSP_response_get1_basic (resp);
+   if (!basic) {
+      MONGOC_ERROR ("Could not find BasicOCSPResponse: %s", ERR_STR);
+      ret = ERROR;
+      goto done;
+   }
+
+   store = SSL_CTX_get_cert_store (SSL_get_SSL_CTX (ssl));
+
+   /* Get a STACK_OF(X509) certs forming the cert chain of the peer, including
+    * the peer's cert */
+   if (!(cert_chain = SSL_get0_verified_chain (ssl))) {
+      MONGOC_ERROR ("No certificate was presented by the peer: %s", ERR_STR);
+      ret = ERROR;
+      goto done;
+   }
+
+   /*
+    * checks that the basic response message is correctly signed and that the
+    * signer certificate can be validated.
+    * 1. The function first verifies the signer cert of the response is in the
+    * given cert chain.
+    * 2. Next, the function verifies the signature of the basic response.
+    * 3. Finally, the function validates the signer cert, constructing the
+    * validation path via the untrusted cert chain.
+    */
+   if (SUCCESS != OCSP_basic_verify (basic, cert_chain, store, 0)) {
+      MONGOC_ERROR ("OCSP response failed verification: %s", ERR_STR);
+      ret = ERROR;
+      goto done;
+   }
+
+   if (!(issuer = _get_issuer (peer, cert_chain))) {
+      MONGOC_ERROR ("Could not get issuer from peer cert");
+      ret = ERROR;
+      goto done;
+   }
+
+   if (!(id = OCSP_cert_to_id (NULL /* SHA1 */, peer, issuer))) {
+      MONGOC_ERROR ("Could not obtain a valid OCSP_CERTID for peer: %s",
+                    ERR_STR);
+      ret = ERROR;
+      goto done;
+   }
+
+   /* searches the basic response for an OCSP response for the given cert ID */
+   if (!OCSP_resp_find_status (basic,
+                               id,
+                               &cert_status,
+                               &reason,
+                               &produced_at,
+                               &this_update,
+                               &next_update)) {
+      MONGOC_ERROR ("No OCSP response found for the peer certificate: %s",
+                    ERR_STR);
+      ret = ERROR;
+      goto done;
+   }
+
+   /* checks the validity of this_update and next_update values */
+   if (!OCSP_check_validity (this_update, next_update, 0L, -1L)) {
+      MONGOC_ERROR ("OCSP response has expired: %s", ERR_STR);
+      ret = ERROR;
+      goto done;
+   }
+
+   switch (cert_status) {
+   case V_OCSP_CERTSTATUS_GOOD:
+      /* TODO: cache response */
+      break;
+
+   case V_OCSP_CERTSTATUS_REVOKED:
+      MONGOC_ERROR ("OCSP Certificate Status: Revoked. Reason %d", reason);
+      ret = FAILURE;
+      goto done;
+
+   default: /* V_OCSP_CERTSTATUS_UNKNOWN */
+      break;
+   }
+
+   /* Validate hostname matches cert */
+   if (!opts->allow_invalid_hostname &&
+       X509_check_host (peer, opts->host, 0, 0, NULL) != SUCCESS &&
+       X509_check_ip_asc (peer, opts->host, 0) != SUCCESS) {
+      ret = FAILURE;
+      goto done;
+   }
+
+   ret = SUCCESS;
+done:
+   if (basic)
+      OCSP_BASICRESP_free (basic);
+   if (resp)
+      OCSP_RESPONSE_free (resp);
+   if (id)
+       OCSP_CERTID_free (id);
+   if (peer)
+       X509_free (peer);
+   if (issuer)
+       X509_free (issuer);
+   return ret;
+}
+#endif
 
 /**
  * _mongoc_openssl_ctx_new:
@@ -493,7 +678,8 @@ _mongoc_openssl_ctx_new (mongoc_ssl_opt_t *opt)
    ssl_ctx_options |= SSL_OP_NO_COMPRESSION;
 #endif
 
-/* man SSL_get_options says: "SSL_OP_NO_RENEGOTIATION options were added in OpenSSL 1.1.1". */
+/* man SSL_get_options says: "SSL_OP_NO_RENEGOTIATION options were added in
+ * OpenSSL 1.1.1". */
 #ifdef SSL_OP_NO_RENEGOTIATION
    ssl_ctx_options |= SSL_OP_NO_RENEGOTIATION;
 #endif

src/libmongoc/src/mongoc/mongoc-stream-tls-openssl-private.h

@@ -24,6 +24,11 @@
 
 BSON_BEGIN_DECLS
 
+typedef struct {
+    const char *host;
+    bool allow_invalid_hostname;
+    bool weak_cert_validation;
+} mongoc_openssl_ocsp_opt_t;
 
 /**
  * mongoc_stream_tls_openssl_t:
@@ -34,6 +39,7 @@ typedef struct {
    BIO *bio;
    BIO_METHOD *meth;
    SSL_CTX *ctx;
+   mongoc_openssl_ocsp_opt_t *ocsp_opts;
 } mongoc_stream_tls_openssl_t;
 
 

src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c

@@ -45,7 +45,8 @@
 
 #define MONGOC_STREAM_TLS_OPENSSL_BUFFER_SIZE 4096
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+   (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
 static void
 BIO_meth_free (BIO_METHOD *meth)
 {
@@ -93,6 +94,11 @@ _mongoc_stream_tls_openssl_destroy (mongoc_stream_t *stream)
    SSL_CTX_free (openssl->ctx);
    openssl->ctx = NULL;
 
+   if (openssl->ocsp_opts)
+       bson_free ((char *) openssl->ocsp_opts->host);
+   bson_free (openssl->ocsp_opts);
+   openssl->ocsp_opts = NULL;
+
    bson_free (openssl);
    bson_free (stream);
 
@@ -540,11 +546,11 @@ _mongoc_stream_tls_openssl_check_closed (mongoc_stream_t *stream) /* IN */
 /**
  * mongoc_stream_tls_openssl_handshake:
  */
-bool
-mongoc_stream_tls_openssl_handshake (mongoc_stream_t *stream,
-                                     const char *host,
-                                     int *events,
-                                     bson_error_t *error)
+static bool
+_mongoc_stream_tls_openssl_handshake (mongoc_stream_t *stream,
+                                      const char *host,
+                                      int *events,
+                                      bson_error_t *error)
 {
    mongoc_stream_tls_t *tls = (mongoc_stream_tls_t *) stream;
    mongoc_stream_tls_openssl_t *openssl =
@@ -558,10 +564,21 @@ mongoc_stream_tls_openssl_handshake (mongoc_stream_t *stream,
    BIO_get_ssl (openssl->bio, &ssl);
 
    if (BIO_do_handshake (openssl->bio) == 1) {
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
+      X509 *peer = NULL;
+      peer = SSL_get_peer_certificate (ssl);
+
+      if (tls->ssl_opts.allow_invalid_hostname ||
+         X509_check_host (peer, host, 0, 0, NULL) == 1 ||
+         X509_check_ip_asc (peer, host, 0) == 1) {
+         RETURN (true);
+      }
+#else
       if (_mongoc_openssl_check_cert (
              ssl, host, tls->ssl_opts.allow_invalid_hostname)) {
          RETURN (true);
       }
+#endif
 
       *events = 0;
       bson_set_error (error,
@@ -674,6 +691,7 @@ mongoc_stream_tls_openssl_new (mongoc_stream_t *base_stream,
 {
    mongoc_stream_tls_t *tls;
    mongoc_stream_tls_openssl_t *openssl;
+   mongoc_openssl_ocsp_opt_t *ocsp_opts = NULL;
    SSL_CTX *ssl_ctx = NULL;
    BIO *bio_ssl = NULL;
    BIO *bio_mongoc_shim = NULL;
@@ -712,6 +730,21 @@ mongoc_stream_tls_openssl_new (mongoc_stream_t *base_stream,
        * Set a callback to get the SNI, if provided */
       SSL_CTX_set_tlsext_servername_callback (ssl_ctx,
                                               _mongoc_stream_tls_openssl_sni);
+#ifdef MONGOC_ENABLE_OCSP
+   } else {
+      if (!SSL_CTX_set_tlsext_status_type (ssl_ctx, TLSEXT_STATUSTYPE_ocsp)) {
+         SSL_CTX_free (ssl_ctx);
+         RETURN (NULL);
+      }
+
+      ocsp_opts = bson_malloc(sizeof(mongoc_openssl_ocsp_opt_t));
+      ocsp_opts->allow_invalid_hostname = opt->allow_invalid_hostname;
+      ocsp_opts->weak_cert_validation = opt->weak_cert_validation;
+      ocsp_opts->host = bson_strdup(host);
+
+      SSL_CTX_set_tlsext_status_arg (ssl_ctx, ocsp_opts);
+      SSL_CTX_set_tlsext_status_cb (ssl_ctx, _mongoc_ocsp_tlsext_status_cb);
+#endif
    }
 
    if (opt->weak_cert_validation) {
@@ -750,6 +783,7 @@ mongoc_stream_tls_openssl_new (mongoc_stream_t *base_stream,
    openssl->bio = bio_ssl;
    openssl->meth = meth;
    openssl->ctx = ssl_ctx;
+   openssl->ocsp_opts = ocsp_opts;
 
    tls = (mongoc_stream_tls_t *) bson_malloc0 (sizeof *tls);
    tls->parent.type = MONGOC_STREAM_TLS;
@@ -765,7 +799,7 @@ mongoc_stream_tls_openssl_new (mongoc_stream_t *base_stream,
    tls->parent.timed_out = _mongoc_stream_tls_openssl_timed_out;
    tls->parent.should_retry = _mongoc_stream_tls_openssl_should_retry;
    memcpy (&tls->ssl_opts, opt, sizeof tls->ssl_opts);
-   tls->handshake = mongoc_stream_tls_openssl_handshake;
+   tls->handshake = _mongoc_stream_tls_openssl_handshake;
    tls->ctx = (void *) openssl;
    tls->timeout_msec = -1;
    tls->base_stream = base_stream;