Merge pull request #10303 from julek-wolfssl/zd/21675

ocsp: bind responder authorization to CertID issuerKeyHash

Author: dgarske

certs/ocsp/imposter-root-ca-cert.der

@@ -0,0 +1,92 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 199 (0xc7)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Apr 27 16:12:19 2026 GMT
+            Not After : Jan 21 16:12:19 2029 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Engineering, CN = wolfSSL root CA, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:f3:c7:6e:93:4e:94:7d:9a:76:cb:3e:82:21:30:
+                    a0:a5:4a:a2:6c:80:bf:e6:a0:7d:6c:cc:aa:e6:94:
+                    f3:42:41:7f:1a:ba:5f:89:d2:84:67:81:4d:37:0b:
+                    26:ed:f8:f1:be:84:f5:33:9f:be:98:d1:88:86:c1:
+                    93:d3:8e:40:56:36:28:4f:14:c2:f7:a7:3b:ca:1d:
+                    ae:59:6b:5f:79:54:b6:2e:6e:4d:7f:4c:71:0d:fb:
+                    3a:6e:95:8f:96:44:3c:f2:91:01:cb:68:17:07:33:
+                    97:cb:32:55:47:03:64:0c:4b:16:2e:20:f8:65:c7:
+                    6a:52:e4:fd:a9:2d:de:39:0c:5f:1a:14:10:9d:c3:
+                    2d:15:c4:88:2e:19:58:e1:fd:69:12:81:d2:af:f6:
+                    62:44:b0:89:82:b5:f5:17:23:2b:73:8e:e3:55:14:
+                    43:a5:4a:7e:cb:96:62:8f:96:bf:5f:c3:82:dc:86:
+                    86:85:89:f8:8e:68:b2:ef:e5:2e:8c:b9:8d:56:13:
+                    19:65:e9:79:c5:29:dc:89:0b:dd:23:35:fe:d5:48:
+                    b6:2d:ad:ee:ee:6c:b8:3e:eb:79:1c:41:d1:b8:e5:
+                    0e:2f:2d:cf:d7:65:fa:71:6f:60:9b:90:30:43:da:
+                    c3:e2:1b:8f:da:ab:37:c5:38:88:6b:85:15:5b:24:
+                    72:bf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                73:64:66:3E:9A:DE:12:EC:44:C2:5B:05:64:62:1D:63:23:43:55:E5
+            X509v3 Authority Key Identifier: 
+                keyid:73:64:66:3E:9A:DE:12:EC:44:C2:5B:05:64:62:1D:63:23:43:55:E5
+                DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com
+                serial:C7
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            Authority Information Access: 
+                OCSP - URI:http://127.0.0.1:22220
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        35:b1:f0:64:89:fe:7e:b3:5f:80:15:57:a0:8f:cd:fc:a0:2d:
+        36:29:39:a3:ee:d6:c0:f3:c2:e6:31:2e:ce:9b:d4:a1:3e:dc:
+        c7:0d:2a:ae:72:c6:fa:ee:77:d7:4b:98:c0:32:7e:d2:54:3f:
+        41:34:09:22:f3:34:db:ff:4e:35:79:15:50:fa:e2:bd:37:1c:
+        0e:dc:4e:b1:5a:5d:fd:be:bf:d1:75:02:9a:a8:61:da:d4:f1:
+        35:b3:7e:9d:10:29:a8:cd:50:7c:3c:89:5e:a1:b2:51:e6:d8:
+        4d:dd:cc:3d:b9:8e:5b:20:51:33:e0:03:57:e0:f7:5b:be:85:
+        64:a7:8c:6d:40:56:cd:78:4f:6d:dc:04:f2:4a:f3:a1:29:3b:
+        64:e5:db:a0:98:80:c8:6b:12:25:4c:18:40:2a:ce:b6:94:fe:
+        58:bb:35:91:22:36:d7:29:70:53:2e:8b:be:e3:b7:08:d3:a8:
+        66:19:ff:69:f0:c8:8f:b6:ea:21:bc:41:08:92:42:89:fd:d9:
+        3a:9c:42:4b:c4:2e:81:4f:63:54:95:88:d9:56:66:08:dc:73:
+        56:6a:97:5e:09:e5:fa:d2:52:3b:7f:bd:3b:1b:bb:f1:74:51:
+        71:30:f3:ce:1c:21:75:89:97:7f:e4:38:f7:3e:66:c3:20:f3:
+        c0:f3:38:c9
+-----BEGIN CERTIFICATE-----
+MIIE6DCCA9CgAwIBAgICAMcwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd29sZlNT
+TCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2
+MDQyNzE2MTIxOVoXDTI5MDEyMTE2MTIxOVowgZcxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
+U1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd29sZlNTTCByb290
+IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA88duk06UfZp2yz6CITCgpUqibIC/5qB9bMyq
+5pTzQkF/GrpfidKEZ4FNNwsm7fjxvoT1M5++mNGIhsGT045AVjYoTxTC96c7yh2u
+WWtfeVS2Lm5Nf0xxDfs6bpWPlkQ88pEBy2gXBzOXyzJVRwNkDEsWLiD4ZcdqUuT9
+qS3eOQxfGhQQncMtFcSILhlY4f1pEoHSr/ZiRLCJgrX1FyMrc47jVRRDpUp+y5Zi
+j5a/X8OC3IaGhYn4jmiy7+UujLmNVhMZZel5xSnciQvdIzX+1Ui2La3u7my4Put5
+HEHRuOUOLy3P12X6cW9gm5AwQ9rD4huP2qs3xTiIa4UVWyRyvwIDAQABo4IBOjCC
+ATYwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUc2RmPpreEuxEwlsFZGIdYyNDVeUw
+gcUGA1UdIwSBvTCBuoAUc2RmPpreEuxEwlsFZGIdYyNDVeWhgZ2kgZowgZcxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
+MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UE
+AwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tggIAxzALBgNVHQ8EBAMCAQYwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB
+hhZodHRwOi8vMTI3LjAuMC4xOjIyMjIwMA0GCSqGSIb3DQEBCwUAA4IBAQA1sfBk
+if5+s1+AFVegj838oC02KTmj7tbA88LmMS7Om9ShPtzHDSqucsb67nfXS5jAMn7S
+VD9BNAki8zTb/041eRVQ+uK9NxwO3E6xWl39vr/RdQKaqGHa1PE1s36dECmozVB8
+PIleobJR5thN3cw9uY5bIFEz4ANX4PdbvoVkp4xtQFbNeE9t3ATySvOhKTtk5dug
+mIDIaxIlTBhAKs62lP5YuzWRIjbXKXBTLou+47cI06hmGf9p8MiPtuohvEEIkkKJ
+/dk6nEJLxC6BT2NUlYjZVmYI3HNWapdeCeX60lI7f707G7vxdFFxMPPOHCF1iZd/
+5Dj3PmbDIPPA8zjJ
+-----END CERTIFICATE-----

certs/ocsp/imposter-root-ca-cert.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDzx26TTpR9mnbL
+PoIhMKClSqJsgL/moH1szKrmlPNCQX8aul+J0oRngU03Cybt+PG+hPUzn76Y0YiG
+wZPTjkBWNihPFML3pzvKHa5Za195VLYubk1/THEN+zpulY+WRDzykQHLaBcHM5fL
+MlVHA2QMSxYuIPhlx2pS5P2pLd45DF8aFBCdwy0VxIguGVjh/WkSgdKv9mJEsImC
+tfUXIytzjuNVFEOlSn7LlmKPlr9fw4LchoaFifiOaLLv5S6MuY1WExll6XnFKdyJ
+C90jNf7VSLYtre7ubLg+63kcQdG45Q4vLc/XZfpxb2CbkDBD2sPiG4/aqzfFOIhr
+hRVbJHK/AgMBAAECggEAI3Y/7hrQvALDxCYYLPbTb6gPP6RtBgITrMeLFtbVGi7H
+7B3vdu+SRjJHhrnPFHARzoqt1rAmvDlC2IOBWxWG42OmcnaNNBR2PJ0btzNI5K//
+fnqaOGnoykVhByQnio7rpMeWUL4YF3qYWr08LYPfQnCLzfMK31dmbp+UDM+402hi
+HSGW/EZBbVrLLjVNUta1F7FKQYx2Eq3P+Xaga58thJAoILsJItyE0iI+qK9zVWmQ
+xFkV99xKqpIq/IFWd86Z8QvrhZV2OdvF5uduUytfxz9Bql8dgK1dhDJvz2i3SPxV
+oDDwo10gG7Hi0/lk2vIwsZUDci6eNn0BDLwVudClwQKBgQD+5nde7SM5J18MLNMp
+EGFDLDCbcjFQoVuVRCVu1+mmO/7zC1ozwYtU+SzNmLvpvZYtUgDBlsAlP+rtsUOX
+ltwhTI56mCGK3TbK3HvqCLz6O4K8ty2es6uDBezQagVygOoVG4AirHLlL4FeZ/S0
+uvH48jWCqsdBL1NygNt4Kov9fwKBgQD01K6yGKwm6Hgvs/qtHA7kMaD0yQWelX4M
+SJdf/Rjq3/Nh5Cpj8Peu8KIjomnkQisFHqHnAqAiy1IGo8NbjvM/H0JOSTWy2ths
+l6zncle/uGXbjxqqfKecsqAOigXzJQhXtHvh+pSu5mOb+incKyAJ0ZpvAZFhcWIA
+1LT12LyqwQKBgG1E4psg0N6pUAdqF8McsHUZNmUMmLNV2GquYdWYXSLTyUDq9uoE
+5/OvNVOVS8ixavVWl9hlBU1yjwUB3lXXZ9omdVV8bbSXi+t+hOgYgtpKNIstgzLr
+FnT+TzwwltE1DiOqPE2g20gAC1cq/S2UjjIHsoSnLO92mDEXp/1lT8mFAoGAYEY+
+CASRtZ8Wm9OPUIFHDc7CN1/RGOI6NcRZ2kIhiULVZvoc/T3ld+JiL9cPAtZOKm44
+RioPJH+FWt0M1jUpS/oTzcsWFaXfExy1vjGFdfuh+iuU1dO86W6IaA84dbtrQ2nS
+iTNLQleQdeZyjYRbzeChdONN8t5uJlt+aWp4DkECgYAG5w5yilDcQedV231V1fcG
+IgPLkrwUVNusevAe9Jzqs6L+GwCjuR1fQ7nxfRHZOwGQNz6sMQkhVc15PI5Oer+A
+vbWDr93IlBjtrc6hYqMO3MwpNz2JKVF2T5+33lbS26dxhvzaXNVZdBdDtwIgCQ78
+CBGsRUzILXd0N1/ou7ASOg==
+-----END PRIVATE KEY-----

certs/ocsp/imposter-root-ca-key.der

@@ -55,6 +55,10 @@ EXTRA_DIST += \
         certs/ocsp/root-ca-cert.pem \
         certs/ocsp/root-ca-cert.der \
         certs/ocsp/root-ca-crl.pem \
+        certs/ocsp/imposter-root-ca-key.pem \
+        certs/ocsp/imposter-root-ca-key.der \
+        certs/ocsp/imposter-root-ca-cert.pem \
+        certs/ocsp/imposter-root-ca-cert.der \
         certs/ocsp/test-response.der \
         certs/ocsp/test-response-rsapss.der \
         certs/ocsp/test-response-nointern.der \

certs/ocsp/imposter-root-ca-key.pem

@@ -60,6 +60,30 @@ rm root-ca-cert.csr
 openssl x509 -in root-ca-cert.pem -text > tmp.pem
 mv tmp.pem root-ca-cert.pem
 
+# imposter-root-ca: self-signed cert sharing the legitimate root-ca DN but
+# with a different key. Used to test that OCSP responder authorization is
+# bound to the CertID issuerKeyHash, not just the issuer name.
+openssl req                            \
+    -new                               \
+    -config "$WOLF_REQ_CONF"           \
+    -key  imposter-root-ca-key.pem     \
+    -out  imposter-root-ca-cert.csr    \
+    -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com"
+
+openssl x509                                \
+    -req -in imposter-root-ca-cert.csr      \
+    -extfile $1                             \
+    -extensions v3_ca                       \
+    -days 1000                              \
+    -signkey imposter-root-ca-key.pem       \
+    -set_serial 199                         \
+    -out imposter-root-ca-cert.pem          \
+    -sha256
+
+rm imposter-root-ca-cert.csr
+openssl x509 -in imposter-root-ca-cert.pem -text > imposter-root-ca-cert_tmp.pem
+mv imposter-root-ca-cert_tmp.pem imposter-root-ca-cert.pem
+
 update_cert intermediate1-ca "wolfSSL intermediate CA 1"       root-ca          v3_ca   01 $1
 update_cert intermediate2-ca "wolfSSL intermediate CA 2"       root-ca          v3_ca   02 $1
 update_cert intermediate3-ca "wolfSSL REVOKED intermediate CA" root-ca          v3_ca   03 $1 # REVOKED

certs/ocsp/include.am

@@ -54,6 +54,43 @@ check_result $? ""
 openssl rsa -in root-ca-key.pem -outform DER -out root-ca-key.der
 check_result $? ""
 
+# imposter-root-ca: self-signed cert sharing the legitimate root-ca DN but with
+# a different key. Used to test that OCSP responder authorization is bound to
+# the CertID issuerKeyHash, not just the issuer name.
+echo "OCSP renew certs imposter root step 1"
+openssl req                       \
+    -new                          \
+    -key  imposter-root-ca-key.pem \
+    -out  imposter-root-ca-cert.csr \
+    -config ../renewcerts/wolfssl.cnf \
+    -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com"
+check_result $? ""
+
+echo "OCSP renew certs imposter root step 2"
+openssl x509                            \
+    -req -in imposter-root-ca-cert.csr  \
+    -extfile openssl.cnf                \
+    -extensions v3_ca                   \
+    -days 1000                          \
+    -signkey imposter-root-ca-key.pem   \
+    -set_serial 199                     \
+    -out imposter-root-ca-cert.pem
+check_result $? ""
+
+rm imposter-root-ca-cert.csr
+echo "OCSP renew certs imposter root step 3"
+openssl x509 -in imposter-root-ca-cert.pem -text > tmp.pem
+check_result $? ""
+mv tmp.pem imposter-root-ca-cert.pem
+
+echo "OCSP renew certs imposter root step 4"
+openssl x509 -in imposter-root-ca-cert.pem -outform DER \
+    -out imposter-root-ca-cert.der
+check_result $? ""
+openssl rsa -in imposter-root-ca-key.pem -outform DER \
+    -out imposter-root-ca-key.der
+check_result $? ""
+
 # $1 cert, $2 name, $3 ca, $4 extensions, $5 serial
 update_cert() {
     echo "Updating certificate \"$1-cert.pem\""

certs/ocsp/renewcerts-for-test.sh

@@ -584,8 +584,8 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
 }
 
 #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
-static int CheckOcspResponderChain(OcspEntry* single, byte* issuerHash,
-        void* vp, Signer* pendingCAs) {
+static int CheckOcspResponderChain(OcspEntry* single, byte* issuerNameHash,
+        byte* issuerKeyHash, void* vp, Signer* pendingCAs) {
     /* Attempt to build a chain up to cert's issuer */
     WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
     Signer* ca = NULL;
@@ -602,54 +602,61 @@ static int CheckOcspResponderChain(OcspEntry* single, byte* issuerHash,
      *  in OCSP request
      */
 
-    /* Walk up the issuer chain from the responder's direct issuer toward a
-     * self-signed root, capturing prev before reassigning ca so the
-     * (ca == prev) self-signed termination check is meaningful. */
-    ca = GetCAByName(cm, single->issuerHash);
+    if (issuerKeyHash == NULL)
+        return 0;
+
+    /* Select CertID issuer by key hash so a same-DN / different-key trust
+     * anchor cannot hijack the starting point. */
+    ca = GetCAByKeyHash(cm, single->issuerKeyHash);
+    if (ca != NULL && XMEMCMP(ca->subjectNameHash, single->issuerHash,
+            OCSP_DIGEST_SIZE) != 0) {
+        ca = NULL;
+    }
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
     if (ca == NULL && pendingCAs != NULL) {
-        ca = findSignerByName(pendingCAs, single->issuerHash);
+        ca = findSignerByKeyHash(pendingCAs, single->issuerKeyHash);
+        if (ca != NULL && XMEMCMP(ca->subjectNameHash, single->issuerHash,
+                OCSP_DIGEST_SIZE) != 0) {
+            ca = NULL;
+        }
     }
 #else
     (void)pendingCAs;
 #endif
-    while (ca != NULL) {
-        if (XMEMCMP(issuerHash, ca->issuerNameHash, OCSP_DIGEST_SIZE) == 0) {
+    for (; ca != NULL && ca != prev;
+            prev = ca) {
+        Signer* parent = GetCAByName(cm, ca->issuerNameHash);
+#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+        if (parent == NULL && pendingCAs != NULL) {
+            parent = findSignerByName(pendingCAs, ca->issuerNameHash);
+        }
+#endif
+        if (parent == NULL || parent == ca)
+            break;
+
+        if (XMEMCMP(parent->subjectNameHash, issuerNameHash,
+                    OCSP_DIGEST_SIZE) == 0 &&
+            XMEMCMP(parent->subjectKeyHash, issuerKeyHash,
+                    KEYID_SIZE) == 0) {
             WOLFSSL_MSG("\tOCSP Response signed by authorized "
                     "responder delegated by issuer "
                     "(found in chain)");
             passed = 1;
             break;
         }
-        prev = ca;
-        ca = GetCAByName(cm, prev->issuerNameHash);
-#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-        /* Look up by the in-flight name (prev's issuer), not by
-         * single->issuerHash; the latter would re-anchor the pendingCAs
-         * walk to the bottom of the chain on every iteration. */
-        if (ca == NULL && pendingCAs != NULL) {
-            ca = findSignerByName(pendingCAs, prev->issuerNameHash);
-        }
-#endif
-        if (ca == prev) {
-            break;
-        }
+        ca = parent;
     }
     return passed;
 }
 #endif
 
-/**
- * Enforce https://www.rfc-editor.org/rfc/rfc6960#section-4.2.2.2
- * @param bs              The basic OCSP response to verify
- * @param subjectHash     The subject key hash of the OCSP responder certificate
- * @param extExtKeyUsage  The extended key usage bits of the responder certificate
- * @param issuerHash      The issuer name hash of the OCSP responder certificate
- * @param vp              Unused (reserved for future use)
- * @return 1 if the responder is authorized to sign the response, 0 otherwise
- */
-int CheckOcspResponder(OcspResponse *bs, byte* subjectHash,
-        byte extExtKeyUsage, byte* issuerHash, void* vp)
+/* Enforce https://www.rfc-editor.org/rfc/rfc6960#section-4.2.2.2. Both halves
+ * of CertID (issuerNameHash and issuerKeyHash) must match; name-only matching
+ * would authorize a same-DN / different-key CA. issuerKeyHash may be NULL when
+ * unavailable, which disables the delegated branch. */
+int CheckOcspResponder(OcspResponse *bs, byte* subjectNameHash,
+        byte* subjectKeyHash, byte extExtKeyUsage, byte* issuerNameHash,
+        byte* issuerKeyHash, void* vp)
 {
     int ret = 0;
     OcspEntry* single;
@@ -664,29 +671,34 @@ int CheckOcspResponder(OcspResponse *bs, byte* subjectHash,
     /* In the future if this API is used more then it could be beneficial to
      * implement calling InitDecodedCert and ParseCertRelative here
      * automatically when cert == NULL. */
-    if (bs == NULL || subjectHash == NULL || issuerHash == NULL)
+    if (bs == NULL || subjectNameHash == NULL || issuerNameHash == NULL)
         return BAD_FUNC_ARG;
 
-    /* Traverse the list and check that the cert has the authority to provide
-     * an OCSP response for each entry. */
     for (single = bs->single; single != NULL; single = single->next) {
         int passed = 0;
 
-        if (XMEMCMP(subjectHash, single->issuerHash, OCSP_DIGEST_SIZE) == 0) {
+        if (subjectKeyHash != NULL &&
+                XMEMCMP(subjectNameHash, single->issuerHash,
+                    OCSP_DIGEST_SIZE) == 0 &&
+                XMEMCMP(subjectKeyHash, single->issuerKeyHash,
+                    KEYID_SIZE) == 0) {
             WOLFSSL_MSG("\tOCSP Response signed by issuer");
             passed = 1;
         }
         else if ((extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) != 0) {
-            if (XMEMCMP(issuerHash, single->issuerHash, OCSP_DIGEST_SIZE)
-                    == 0) {
+            if (issuerKeyHash != NULL &&
+                    XMEMCMP(issuerNameHash, single->issuerHash,
+                        OCSP_DIGEST_SIZE) == 0 &&
+                    XMEMCMP(issuerKeyHash, single->issuerKeyHash,
+                        KEYID_SIZE) == 0) {
                 WOLFSSL_MSG("\tOCSP Response signed by authorized responder "
                             "delegated by issuer");
                 passed = 1;
             }
 #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
             else if (vp != NULL) {
-                passed = CheckOcspResponderChain(single, issuerHash, vp,
-                        bs->pendingCAs);
+                passed = CheckOcspResponderChain(single, issuerNameHash,
+                        issuerKeyHash, vp, bs->pendingCAs);
             }
 #endif
         }
@@ -1090,8 +1102,10 @@ static int OcspVerifySigner(WOLFSSL_OCSP_BASICRESP *resp, DecodedCert *cert,
     }
 #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
     if ((flags & WOLFSSL_OCSP_NOCHECKS) == 0) {
-        ret = CheckOcspResponder(resp, c->subjectHash, c->extExtKeyUsage,
-                c->issuerHash, st->cm);
+        ret = CheckOcspResponder(resp, c->subjectHash, c->subjectKeyHash,
+                c->extExtKeyUsage, c->issuerHash,
+                (c->ca != NULL) ? c->ca->subjectKeyHash : NULL,
+                st->cm);
     }
     else {
         ret = 0;

certs/ocsp/renewcerts.sh

@@ -40751,6 +40751,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_inject),
     TEST_DECL(test_ocsp_status_callback),
     TEST_DECL(test_ocsp_basic_verify),
+    TEST_DECL(test_ocsp_responder_keyhash_binding),
     TEST_DECL(test_ocsp_response_parsing),
     TEST_DECL(test_ocsp_certid_enc_dec),
     TEST_DECL(test_ocsp_certid_dup),