From 89f13ca4342be5b541b0885e3058617e5cce0de8 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Tue, 25 Aug 2020 16:13:40 +0200 Subject: check_chain_extensions(): Add check that AKID and SKID are not marked critical Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12478) --- crypto/x509/v3_purp.c | 22 +++++++++++++++++----- crypto/x509/x509_txt.c | 4 ++++ crypto/x509/x509_vfy.c | 6 ++++-- 3 files changed, 25 insertions(+), 7 deletions(-) (limited to 'crypto') diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index 2f9890d..bced482 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -401,7 +401,6 @@ int x509v3_cache_extensions(X509 *x) ASN1_BIT_STRING *usage; ASN1_BIT_STRING *ns; EXTENDED_KEY_USAGE *extusage; - X509_EXTENSION *ex; int i; int res; @@ -588,17 +587,30 @@ int x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; #endif for (i = 0; i < X509_get_ext_count(x); i++) { - ex = X509_get_ext(x, i); - if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_freshest_crl) + X509_EXTENSION *ex = X509_get_ext(x, i); + int nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); + + if (nid == NID_freshest_crl) x->ex_flags |= EXFLAG_FRESHEST; if (!X509_EXTENSION_get_critical(ex)) continue; - if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_basic_constraints) - x->ex_flags |= EXFLAG_BCONS_CRITICAL; if (!X509_supported_extension(ex)) { x->ex_flags |= EXFLAG_CRITICAL; break; } + switch (nid) { + case NID_basic_constraints: + x->ex_flags |= EXFLAG_BCONS_CRITICAL; + break; + case NID_authority_key_identifier: + x->ex_flags |= EXFLAG_AKID_CRITICAL; + break; + case NID_subject_key_identifier: + x->ex_flags |= EXFLAG_SKID_CRITICAL; + break; + default: + break; + } } /* Set x->siginf, ignoring errors due to unsupported algos */ diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 042211e..d4bf316 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -200,6 +200,10 @@ const char *X509_verify_cert_error_string(long n) return "Empty Subject Alternative Name extension"; case X509_V_ERR_CA_BCONS_NOT_CRITICAL: return "Basic Constraints of CA cert not marked critical"; + case X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL: + return "Authority Key Identifier marked critical"; + case X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL: + return "Subject Key Identifier marked critical"; default: /* Printing an error number into a static buffer is not thread-safe */ diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index d058401..48c0a2d 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -562,6 +562,10 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) /* Check sig alg consistency acc. to RFC 5280 section 4.1.1.2 */ if (X509_ALGOR_cmp(&x->sig_alg, &x->cert_info.signature) != 0) ctx->error = X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY; + if (x->akid != NULL && (x->ex_flags & EXFLAG_AKID_CRITICAL) != 0) + ctx->error = X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL; + if (x->skid != NULL && (x->ex_flags & EXFLAG_SKID_CRITICAL) != 0) + ctx->error = X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL; if (X509_get_version(x) >= 2) { /* at least X.509v3 */ /* Check AKID presence acc. to RFC 5280 section 4.2.1.1 */ if (i + 1 < num /* @@ -570,11 +574,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) */ && (x->akid == NULL || x->akid->keyid == NULL)) ctx->error = X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER; - /* TODO check that AKID extension is not critical */ /* Check SKID presence acc. to RFC 5280 section 4.2.1.2 */ if ((x->ex_flags & EXFLAG_CA) != 0 && x->skid == NULL) ctx->error = X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER; - /* TODO check that SKID extension is not be critical */ } } if (ctx->error != X509_V_OK) -- cgit v1.1