TLS: Parse and validate BasicOCSPResponse

This adds the next step in completing TLS client support for OCSP
stapling. The BasicOCSPResponse is parsed, a signing certificate is
found, and the signature is verified. The actual sequence of OCSP
responses (SignleResponse) is not yet processed in this commit.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/tls/tlsv1_client_ocsp.c

@@ -10,7 +10,9 @@
 
 #include "common.h"
 #include "crypto/tls.h"
+#include "crypto/sha1.h"
 #include "asn1.h"
+#include "x509v3.h"
 #include "tlsv1_common.h"
 #include "tlsv1_record.h"
 #include "tlsv1_client.h"
@@ -45,12 +47,44 @@ static int is_oid_basic_ocsp_resp(struct asn1_oid *oid)
 }
 
 
+static int ocsp_responder_id_match(struct x509_certificate *signer,
+				   struct x509_name *name, const u8 *key_hash)
+{
+	if (key_hash) {
+		u8 hash[SHA1_MAC_LEN];
+		const u8 *addr[1] = { signer->public_key };
+		size_t len[1] = { signer->public_key_len };
+
+		if (sha1_vector(1, addr, len, hash) < 0)
+			return 0;
+		return os_memcmp(hash, key_hash, SHA1_MAC_LEN) == 0;
+	}
+
+	return x509_name_compare(&signer->subject, name) == 0;
+}
+
+
 static enum tls_ocsp_result
 tls_process_basic_ocsp_response(struct tlsv1_client *conn, const u8 *resp,
 				size_t len)
 {
+	struct asn1_hdr hdr;
+	const u8 *pos, *end;
+	const u8 *resp_data, *sign_value, *key_hash = NULL, *responses;
+	const u8 *resp_data_signed;
+	size_t resp_data_len, sign_value_len, responses_len;
+	size_t resp_data_signed_len;
+	struct x509_algorithm_identifier alg;
+	struct x509_certificate *certs = NULL, *last_cert = NULL;
+	struct x509_certificate *issuer, *signer;
+	struct x509_name name; /* used if key_hash == NULL */
+	char buf[100];
+	os_time_t produced_at;
+
 	wpa_hexdump(MSG_MSGDUMP, "OCSP: BasicOCSPResponse", resp, len);
 
+	os_memset(&name, 0, sizeof(name));
+
 	/*
 	 * RFC 6960, 4.2.1:
 	 * BasicOCSPResponse       ::= SEQUENCE {
@@ -60,8 +94,292 @@ tls_process_basic_ocsp_response(struct tlsv1_client *conn, const u8 *resp,
 	 *    certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
 	 */
 
-	/* TODO */
+	if (asn1_get_next(resp, len, &hdr) < 0 ||
+	    hdr.class != ASN1_CLASS_UNIVERSAL ||
+	    hdr.tag != ASN1_TAG_SEQUENCE) {
+		wpa_printf(MSG_DEBUG,
+			   "OCSP: Expected SEQUENCE (BasicOCSPResponse) - found class %d tag 0x%x",
+			   hdr.class, hdr.tag);
+		return TLS_OCSP_INVALID;
+	}
+	pos = hdr.payload;
+	end = hdr.payload + hdr.length;
+
+	/* ResponseData ::= SEQUENCE */
+	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+	    hdr.class != ASN1_CLASS_UNIVERSAL ||
+	    hdr.tag != ASN1_TAG_SEQUENCE) {
+		wpa_printf(MSG_DEBUG,
+			   "OCSP: Expected SEQUENCE (ResponseData) - found class %d tag 0x%x",
+			   hdr.class, hdr.tag);
+		return TLS_OCSP_INVALID;
+	}
+	resp_data = hdr.payload;
+	resp_data_len = hdr.length;
+	resp_data_signed = pos;
+	pos = hdr.payload + hdr.length;
+	resp_data_signed_len = pos - resp_data_signed;
+
+	/* signatureAlgorithm  AlgorithmIdentifier */
+	if (x509_parse_algorithm_identifier(pos, end - pos, &alg, &pos))
+		return TLS_OCSP_INVALID;
+
+	/* signature  BIT STRING */
+	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+	    hdr.class != ASN1_CLASS_UNIVERSAL ||
+	    hdr.tag != ASN1_TAG_BITSTRING) {
+		wpa_printf(MSG_DEBUG,
+			   "OCSP: Expected BITSTRING (signature) - found class %d tag 0x%x",
+			   hdr.class, hdr.tag);
+		return TLS_OCSP_INVALID;
+	}
+	if (hdr.length < 1)
+		return TLS_OCSP_INVALID;
+	pos = hdr.payload;
+	if (*pos) {
+		wpa_printf(MSG_DEBUG, "OCSP: BITSTRING - %d unused bits", *pos);
+		/* PKCS #1 v1.5 10.2.1:
+		 * It is an error if the length in bits of the signature S is
+		 * not a multiple of eight.
+		 */
+		return TLS_OCSP_INVALID;
+	}
+	sign_value = pos + 1;
+	sign_value_len = hdr.length - 1;
+	pos += hdr.length;
+	wpa_hexdump(MSG_MSGDUMP, "OCSP: signature", sign_value, sign_value_len);
+
+	/* certs  [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL */
+	if (pos < end) {
+		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC ||
+		    hdr.tag != 0) {
+			wpa_printf(MSG_DEBUG,
+				   "OCSP: Expected [0] EXPLICIT (certs) - found class %d tag 0x%x",
+				   hdr.class, hdr.tag);
+			return TLS_OCSP_INVALID;
+		}
+		wpa_hexdump(MSG_MSGDUMP, "OCSP: certs",
+			    hdr.payload, hdr.length);
+		pos = hdr.payload;
+		end = hdr.payload + hdr.length;
+		while (pos < end) {
+			struct x509_certificate *cert;
+
+			if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+			    hdr.class != ASN1_CLASS_UNIVERSAL ||
+			    hdr.tag != ASN1_TAG_SEQUENCE) {
+				wpa_printf(MSG_DEBUG,
+					   "OCSP: Expected SEQUENCE (Certificate) - found class %d tag 0x%x",
+					   hdr.class, hdr.tag);
+				goto fail;
+			}
+
+			cert = x509_certificate_parse(hdr.payload, hdr.length);
+			if (!cert)
+				goto fail;
+			if (last_cert) {
+				last_cert->next = cert;
+				last_cert = cert;
+			} else {
+				last_cert = certs = cert;
+			}
+			pos = hdr.payload + hdr.length;
+		}
+	}
+
+	/*
+	 * ResponseData ::= SEQUENCE {
+	 *    version              [0] EXPLICIT Version DEFAULT v1,
+	 *    responderID              ResponderID,
+	 *    producedAt               GeneralizedTime,
+	 *    responses                SEQUENCE OF SingleResponse,
+	 *    responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+	 */
+	pos = resp_data;
+	end = resp_data + resp_data_len;
+	wpa_hexdump(MSG_MSGDUMP, "OCSP: ResponseData", pos, end - pos);
+
+	/*
+	 * version [0] EXPLICIT Version DEFAULT v1
+	 * Version ::= INTEGER { v1(0) }
+	 */
+	if (asn1_get_next(pos, end - pos, &hdr) < 0 &&
+	    hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC &&
+	    hdr.tag == 0) {
+		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+		    hdr.class != ASN1_CLASS_UNIVERSAL ||
+		    hdr.tag != ASN1_TAG_INTEGER ||
+		    hdr.length != 1) {
+			wpa_printf(MSG_DEBUG,
+				   "OCSP: No INTEGER (len=1) tag found for version field - found class %d tag 0x%x length %d",
+				   hdr.class, hdr.tag, hdr.length);
+			goto fail;
+		}
+		wpa_printf(MSG_DEBUG, "OCSP: ResponseData version %u",
+			   hdr.payload[0]);
+		if (hdr.payload[0] != 0) {
+			wpa_printf(MSG_DEBUG,
+				   "OCSP: Unsupported ResponseData version %u",
+				   hdr.payload[0]);
+			goto no_resp;
+		}
+		pos = hdr.payload + hdr.length;
+	} else {
+		wpa_printf(MSG_DEBUG,
+			   "OCSP: Default ResponseData version (v1)");
+	}
+
+	/*
+	 * ResponderID ::= CHOICE {
+	 *    byName              [1] Name,
+	 *    byKey               [2] KeyHash }
+	 */
+	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+	    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
+		wpa_printf(MSG_DEBUG,
+			   "OCSP: Expected CHOICE (ResponderID) - found class %d tag 0x%x",
+			   hdr.class, hdr.tag);
+		goto fail;
+	}
+
+	if (hdr.tag == 1) {
+		/* Name */
+		if (x509_parse_name(hdr.payload, hdr.length, &name, &pos) < 0)
+			goto fail;
+		x509_name_string(&name, buf, sizeof(buf));
+		wpa_printf(MSG_DEBUG, "OCSP: ResponderID byName Name: %s", buf);
+	} else if (hdr.tag == 2) {
+		/* KeyHash ::= OCTET STRING */
+		if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
+		    hdr.class != ASN1_CLASS_UNIVERSAL ||
+		    hdr.tag != ASN1_TAG_OCTETSTRING) {
+			wpa_printf(MSG_DEBUG,
+				   "OCSP: Expected OCTET STRING (KeyHash) - found class %d tag 0x%x",
+				   hdr.class, hdr.tag);
+			goto fail;
+		}
+		key_hash = hdr.payload;
+		wpa_hexdump(MSG_DEBUG, "OCSP: ResponderID byKey KeyHash",
+			    key_hash, hdr.length);
+		if (hdr.length != SHA1_MAC_LEN) {
+			wpa_printf(MSG_DEBUG,
+				   "OCSP: Unexpected byKey KeyHash length %u - expected %u for SHA-1",
+				   hdr.length, SHA1_MAC_LEN);
+			goto fail;
+		}
+		pos = hdr.payload + hdr.length;
+	} else {
+		wpa_printf(MSG_DEBUG, "OCSP: Unexpected ResponderID CHOICE %u",
+			   hdr.tag);
+		goto fail;
+	}
+
+	/* producedAt  GeneralizedTime */
+	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+	    hdr.class != ASN1_CLASS_UNIVERSAL ||
+	    hdr.tag != ASN1_TAG_GENERALIZEDTIME ||
+	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
+			    &produced_at) < 0) {
+		wpa_printf(MSG_DEBUG, "OCSP: Failed to parse producedAt");
+		goto fail;
+	}
+	wpa_printf(MSG_DEBUG, "OCSP: producedAt %lu",
+		   (unsigned long) produced_at);
+	pos = hdr.payload + hdr.length;
+
+	/* responses  SEQUENCE OF SingleResponse */
+	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
+	    hdr.class != ASN1_CLASS_UNIVERSAL ||
+	    hdr.tag != ASN1_TAG_SEQUENCE) {
+		wpa_printf(MSG_DEBUG,
+			   "OCSP: Expected SEQUENCE (responses) - found class %d tag 0x%x",
+			   hdr.class, hdr.tag);
+		goto fail;
+	}
+	responses = hdr.payload;
+	responses_len = hdr.length;
+	wpa_hexdump(MSG_MSGDUMP, "OCSP: responses", responses, responses_len);
+	pos = hdr.payload + hdr.length;
+
+	if (pos < end) {
+		/* responseExtensions  [1] EXPLICIT Extensions OPTIONAL */
+		wpa_hexdump(MSG_MSGDUMP, "OCSP: responseExtensions",
+			    pos, end - pos);
+		/* Ignore for now. */
+	}
+
+	if (!conn->server_cert) {
+		wpa_printf(MSG_DEBUG,
+			   "OCSP: Server certificate not known - cannot check OCSP response");
+		goto no_resp;
+	}
+
+	if (conn->server_cert->next) {
+		/* Issuer has already been verified in the chain */
+		issuer = conn->server_cert->next;
+	} else {
+		/* Find issuer from the set of trusted certificates */
+		for (issuer = conn->cred ? conn->cred->trusted_certs : NULL;
+		     issuer; issuer = issuer->next) {
+			if (x509_name_compare(&conn->server_cert->issuer,
+					      &issuer->subject) == 0)
+				break;
+		}
+	}
+	if (!issuer) {
+		wpa_printf(MSG_DEBUG,
+			   "OCSP: Server certificate issuer not known - cannot check OCSP response");
+		goto no_resp;
+	}
+
+	if (ocsp_responder_id_match(issuer, &name, key_hash)) {
+		wpa_printf(MSG_DEBUG,
+			   "OCSP: Server certificate issuer certificate matches ResponderID");
+		signer = issuer;
+	} else {
+		for (signer = certs; signer; signer = signer->next) {
+			if (!ocsp_responder_id_match(signer, &name, key_hash) ||
+			    x509_name_compare(&conn->server_cert->issuer,
+					      &issuer->subject) != 0 ||
+			    !(signer->ext_key_usage &
+			      X509_EXT_KEY_USAGE_OCSP) ||
+			    x509_certificate_check_signature(issuer, signer) <
+			    0)
+				continue;
+			wpa_printf(MSG_DEBUG,
+				   "OCSP: An extra certificate from the response matches ResponderID and is trusted as an OCSP signer");
+			break;
+		}
+		if (!signer) {
+			wpa_printf(MSG_DEBUG,
+				   "OCSP: Could not find OCSP signer certificate");
+			goto no_resp;
+		}
+	}
+
+	x509_free_name(&name);
+	os_memset(&name, 0, sizeof(name));
+	x509_certificate_chain_free(certs);
+	certs = NULL;
+
+	if (x509_check_signature(signer, &alg, sign_value, sign_value_len,
+				 resp_data_signed, resp_data_signed_len) < 0) {
+		    wpa_printf(MSG_DEBUG, "OCSP: Invalid signature");
+		    return TLS_OCSP_INVALID;
+	}
+
+	/* TODO: Check responses */
+
+no_resp:
+	x509_free_name(&name);
+	x509_certificate_chain_free(certs);
 	return TLS_OCSP_NO_RESPONSE;
+
+fail:
+	x509_free_name(&name);
+	x509_certificate_chain_free(certs);
+	return TLS_OCSP_INVALID;
 }
 
 

src/tls/x509v3.c

@@ -1,6 +1,6 @@
 /*
  * X.509v3 certificate parsing and processing (RFC 3280 profile)
- * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -14,7 +14,7 @@
 #include "x509v3.h"
 
 
-static void x509_free_name(struct x509_name *name)
+void x509_free_name(struct x509_name *name)
 {
 	size_t i;
 
@@ -177,9 +177,9 @@ int x509_name_compare(struct x509_name *a, struct x509_name *b)
 }
 
 
-static int x509_parse_algorithm_identifier(
+int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
-	const u8 *buf, size_t len,
+				    struct x509_algorithm_identifier *id,
-	struct x509_algorithm_identifier *id, const u8 **next)
+				    const u8 **next)
 {
 	struct asn1_hdr hdr;
 	const u8 *pos, *end;
@@ -288,8 +288,8 @@ static int x509_parse_public_key(const u8 *buf, size_t len,
 }
 
 
-static int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
+int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
-			   const u8 **next)
+		    const u8 **next)
 {
 	struct asn1_hdr hdr;
 	const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
@@ -536,8 +536,7 @@ done:
 }
 
 
-static int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag,
+int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val)
-			   os_time_t *val)
 {
 	const char *pos;
 	int year, month, day, hour, min, sec;
@@ -1122,6 +1121,15 @@ static int x509_id_kp_client_auth_oid(struct asn1_oid *oid)
 }
 
 
+static int x509_id_kp_ocsp_oid(struct asn1_oid *oid)
+{
+	/* id-kp */
+	return oid->len == 9 &&
+		x509_id_kp_oid(oid) &&
+		oid->oid[8] == 9 /* id-kp-OCSPSigning */;
+}
+
+
 static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
 					const u8 *pos, size_t len)
 {
@@ -1164,6 +1172,9 @@ static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
 		} else if (x509_id_kp_client_auth_oid(&oid)) {
 			os_strlcpy(buf, "id-kp-clientAuth", sizeof(buf));
 			cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH;
+		} else if (x509_id_kp_ocsp_oid(&oid)) {
+			os_strlcpy(buf, "id-kp-OCSPSigning", sizeof(buf));
+			cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP;
 		} else {
 			asn1_oid_to_str(&oid, buf, sizeof(buf));
 		}
@@ -1704,6 +1715,17 @@ struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
  */
 int x509_certificate_check_signature(struct x509_certificate *issuer,
 				     struct x509_certificate *cert)
+{
+	return x509_check_signature(issuer, &cert->signature,
+				    cert->sign_value, cert->sign_value_len,
+				    cert->tbs_cert_start, cert->tbs_cert_len);
+}
+
+
+int x509_check_signature(struct x509_certificate *issuer,
+			 struct x509_algorithm_identifier *signature,
+			 const u8 *sign_value, size_t sign_value_len,
+			 const u8 *signed_data, size_t signed_data_len)
 {
 	struct crypto_public_key *pk;
 	u8 *data;
@@ -1713,10 +1735,12 @@ int x509_certificate_check_signature(struct x509_certificate *issuer,
 	struct asn1_oid oid;
 	u8 hash[64];
 	size_t hash_len;
+	const u8 *addr[1] = { signed_data };
+	size_t len[1] = { signed_data_len };
 
-	if (!x509_pkcs_oid(&cert->signature.oid) ||
+	if (!x509_pkcs_oid(&signature->oid) ||
-	    cert->signature.oid.len != 7 ||
+	    signature->oid.len != 7 ||
-	    cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
+	    signature->oid.oid[5] != 1 /* pkcs-1 */) {
 		wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
 			   "algorithm");
 		return -1;
@@ -1727,15 +1751,15 @@ int x509_certificate_check_signature(struct x509_certificate *issuer,
 	if (pk == NULL)
 		return -1;
 
-	data_len = cert->sign_value_len;
+	data_len = sign_value_len;
 	data = os_malloc(data_len);
 	if (data == NULL) {
 		crypto_public_key_free(pk);
 		return -1;
 	}
 
-	if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
+	if (crypto_public_key_decrypt_pkcs1(pk, sign_value,
-					    cert->sign_value_len, data,
+					    sign_value_len, data,
 					    &data_len) < 0) {
 		wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
 		crypto_public_key_free(pk);
@@ -1798,12 +1822,11 @@ int x509_certificate_check_signature(struct x509_certificate *issuer,
 	}
 
 	if (x509_sha1_oid(&oid)) {
-		if (cert->signature.oid.oid[6] !=
+		if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
-		    5 /* sha-1WithRSAEncryption */) {
 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
 				   "does not match with certificate "
 				   "signatureAlgorithm (%lu)",
-				   cert->signature.oid.oid[6]);
+				   signature->oid.oid[6]);
 			os_free(data);
 			return -1;
 		}
@@ -1811,12 +1834,12 @@ int x509_certificate_check_signature(struct x509_certificate *issuer,
 	}
 
 	if (x509_sha256_oid(&oid)) {
-		if (cert->signature.oid.oid[6] !=
+		if (signature->oid.oid[6] !=
 		    11 /* sha2561WithRSAEncryption */) {
 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
 				   "does not match with certificate "
 				   "signatureAlgorithm (%lu)",
-				   cert->signature.oid.oid[6]);
+				   signature->oid.oid[6]);
 			os_free(data);
 			return -1;
 		}
@@ -1824,12 +1847,11 @@ int x509_certificate_check_signature(struct x509_certificate *issuer,
 	}
 
 	if (x509_sha384_oid(&oid)) {
-		if (cert->signature.oid.oid[6] !=
+		if (signature->oid.oid[6] != 12 /* sha384WithRSAEncryption */) {
-		    12 /* sha384WithRSAEncryption */) {
 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA384 "
 				   "does not match with certificate "
 				   "signatureAlgorithm (%lu)",
-				   cert->signature.oid.oid[6]);
+				   signature->oid.oid[6]);
 			os_free(data);
 			return -1;
 		}
@@ -1837,12 +1859,11 @@ int x509_certificate_check_signature(struct x509_certificate *issuer,
 	}
 
 	if (x509_sha512_oid(&oid)) {
-		if (cert->signature.oid.oid[6] !=
+		if (signature->oid.oid[6] != 13 /* sha512WithRSAEncryption */) {
-		    13 /* sha512WithRSAEncryption */) {
 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA512 "
 				   "does not match with certificate "
 				   "signatureAlgorithm (%lu)",
-				   cert->signature.oid.oid[6]);
+				   signature->oid.oid[6]);
 			os_free(data);
 			return -1;
 		}
@@ -1856,12 +1877,11 @@ int x509_certificate_check_signature(struct x509_certificate *issuer,
 	}
 	switch (oid.oid[5]) {
 	case 5: /* md5 */
-		if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
+		if (signature->oid.oid[6] != 4 /* md5WithRSAEncryption */) {
-		{
 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
 				   "not match with certificate "
 				   "signatureAlgorithm (%lu)",
-				   cert->signature.oid.oid[6]);
+				   signature->oid.oid[6]);
 			os_free(data);
 			return -1;
 		}
@@ -1892,38 +1912,33 @@ skip_digest_oid:
 	wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
 		    hdr.payload, hdr.length);
 
-	switch (cert->signature.oid.oid[6]) {
+	switch (signature->oid.oid[6]) {
 	case 4: /* md5WithRSAEncryption */
-		md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
+		md5_vector(1, addr, len, hash);
-			   hash);
 		hash_len = 16;
 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
 			    hash, hash_len);
 		break;
 	case 5: /* sha-1WithRSAEncryption */
-		sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
+		sha1_vector(1, addr, len, hash);
-			    hash);
 		hash_len = 20;
 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
 			    hash, hash_len);
 		break;
 	case 11: /* sha256WithRSAEncryption */
-		sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
+		sha256_vector(1, addr, len, hash);
-			      hash);
 		hash_len = 32;
 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
 			    hash, hash_len);
 		break;
 	case 12: /* sha384WithRSAEncryption */
-		sha384_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
+		sha384_vector(1, addr, len, hash);
-			      hash);
 		hash_len = 48;
 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA384)",
 			    hash, hash_len);
 		break;
 	case 13: /* sha512WithRSAEncryption */
-		sha512_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
+		sha512_vector(1, addr, len, hash);
-			      hash);
 		hash_len = 64;
 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA512)",
 			    hash, hash_len);
@@ -1931,7 +1946,7 @@ skip_digest_oid:
 	case 2: /* md2WithRSAEncryption */
 	default:
 		wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
-			   "algorithm (%lu)", cert->signature.oid.oid[6]);
+			   "algorithm (%lu)", signature->oid.oid[6]);
 		os_free(data);
 		return -1;
 	}

src/tls/x509v3.h

@@ -91,6 +91,7 @@ struct x509_certificate {
 #define X509_EXT_KEY_USAGE_ANY			(1 << 0)
 #define X509_EXT_KEY_USAGE_SERVER_AUTH		(1 << 1)
 #define X509_EXT_KEY_USAGE_CLIENT_AUTH		(1 << 2)
+#define X509_EXT_KEY_USAGE_OCSP			(1 << 3)
 
 	/*
 	 * The DER format certificate follows struct x509_certificate. These
@@ -113,10 +114,21 @@ enum {
 };
 
 void x509_certificate_free(struct x509_certificate *cert);
+int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
+				    struct x509_algorithm_identifier *id,
+				    const u8 **next);
+int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
+		    const u8 **next);
+int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val);
 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
+void x509_free_name(struct x509_name *name);
 void x509_name_string(struct x509_name *name, char *buf, size_t len);
 int x509_name_compare(struct x509_name *a, struct x509_name *b);
 void x509_certificate_chain_free(struct x509_certificate *cert);
+int x509_check_signature(struct x509_certificate *issuer,
+			 struct x509_algorithm_identifier *signature,
+			 const u8 *sign_value, size_t sign_value_len,
+			 const u8 *signed_data, size_t signed_data_len);
 int x509_certificate_check_signature(struct x509_certificate *issuer,
 				     struct x509_certificate *cert);
 int x509_certificate_chain_validate(struct x509_certificate *trusted,