[openssl-dev] Possible deficiency verifying with indirect crl
weber at infotech.de
weber at infotech.de
Tue Apr 19 13:57:38 UTC 2016
Dear openssl developers,
using the older version 1.0.2d we recently stumbled upon a possible
deficiency in verifying a cert using an indirect crl.
We went through the scoring code and found the CRL_SCORE_AKID flag unset
although the crl issuers cert contained a skid.
Snippet
In the source x509_vfy.c, at the end of function crl_akid_check the
possible crl_issuer is being looked up from the untrusted certs stack.
But the untrusted certs aren't guaranteed to have the extensions cached.
So in our case the crl_issuer->skid was empty causing the function
X509_check_akid to return X509_V_ERR_AKID_SKID_MISMATCH.
Inserting a X509_check_purpose(crl_issuer, -1, 0); just before the call
fixed this issue.
We compared the source against the latest version 1.0.2g and found no
changes regarding this behavior.
Please consider applying following patch
+++ openssl-1.0.2d/crypto/x509/x509_vfy.c 2015-07-09 13:57 +0200
@@ -1234,6 +1234,7 @@ (excluded from the next commit)
crl_issuer = sk_X509_value(ctx->untrusted, i);
if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
continue;
+ X509_check_purpose(crl_issuer, -1, 0);
if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
*pissuer = crl_issuer;
*pcrl_score |= CRL_SCORE_AKID;
BTW: We didn't check if the certs taken from the chain happen to have
extension values cached (about 30 lines up).
Thanks in advance
--
Christian Weber
Snippet
More information about the openssl-dev
mailing list