[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Viktor Dukhovni viktor at openssl.org
Thu Oct 18 04:12:27 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  d46f9173bbd62ffa7ae0b20bf05c600e14722cc6 (commit)
       via  cc54a2a0f5a2455205ee236bb44458cc39366065 (commit)
      from  a76a41655e57b72b30a373aae6e75afedf920076 (commit)


- Log -----------------------------------------------------------------
commit d46f9173bbd62ffa7ae0b20bf05c600e14722cc6
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date:   Mon Oct 8 12:05:14 2018 -0400

    Apply self-imposed path length also to root CAs
    
    Also, some readers of the code find starting the count at 1 for EE
    cert confusing (since RFC5280 counts only non-self-issued intermediate
    CAs, but we also counted the leaf).  Therefore, never count the EE
    cert, and adjust the path length comparison accordinly.  This may
    be more clear to the reader.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6)

commit cc54a2a0f5a2455205ee236bb44458cc39366065
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date:   Thu Oct 4 23:53:01 2018 -0400

    Only CA certificates can be self-issued
    
    At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and
    top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph
    of above https://tools.ietf.org/html/rfc5280#section-3.3), we see:
    
       This specification covers two classes of certificates: CA
       certificates and end entity certificates.  CA certificates may be
       further divided into three classes: cross-certificates, self-issued
       certificates, and self-signed certificates.  Cross-certificates are
       CA certificates in which the issuer and subject are different
       entities.  Cross-certificates describe a trust relationship between
       the two CAs.  Self-issued certificates are CA certificates in which
       the issuer and subject are the same entity.  Self-issued certificates
       are generated to support changes in policy or operations.  Self-
       signed certificates are self-issued certificates where the digital
       signature may be verified by the public key bound into the
       certificate.  Self-signed certificates are used to convey a public
       key for use to begin certification paths.  End entity certificates
       are issued to subjects that are not authorized to issue certificates.
    
    that the term "self-issued" is only applicable to CAs, not end-entity
    certificates.  In https://tools.ietf.org/html/rfc5280#section-4.2.1.9
    the description of path length constraints says:
    
       The pathLenConstraint field is meaningful only if the cA boolean is
       asserted and the key usage extension, if present, asserts the
       keyCertSign bit (Section 4.2.1.3).  In this case, it gives the
       maximum number of non-self-issued intermediate certificates that may
       follow this certificate in a valid certification path.  (Note: The
       last certificate in the certification path is not an intermediate
       certificate, and is not included in this limit.  Usually, the last
       certificate is an end entity certificate, but it can be a CA
       certificate.)
    
    This makes it clear that exclusion of self-issued certificates from
    the path length count applies only to some *intermediate* CA
    certificates.  A leaf certificate whether it has identical issuer
    and subject or whether it is a CA or not is never part of the
    intermediate certificate count.  The handling of all leaf certificates
    must be the same, in the case of our code to post-increment the
    path count by 1, so that we ultimately reach a non-self-issued
    intermediate it will be the first one (not zeroth) in the chain
    of intermediates.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_vfy.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index f86871f..ba186d3 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -515,15 +515,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
         /* check_purpose() makes the callback as needed */
         if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
             return 0;
-        /* Check pathlen if not self issued */
-        if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-            && (x->ex_pathlen != -1)
-            && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+        /* Check pathlen */
+        if ((i > 1) && (x->ex_pathlen != -1)
+            && (plen > (x->ex_pathlen + proxy_path_length))) {
             if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
                 return 0;
         }
-        /* Increment path length if not self issued */
-        if (!(x->ex_flags & EXFLAG_SI))
+        /* Increment path length if not a self issued intermediate CA */
+        if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
             plen++;
         /*
          * If this certificate is a proxy certificate, the next certificate


More information about the openssl-commits mailing list