diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/v3_purp.c | 31 | ||||
-rw-r--r-- | crypto/x509/x509_txt.c | 4 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 42 |
3 files changed, 40 insertions, 37 deletions
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index b3401035f1..5d9b947a39 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -354,6 +354,7 @@ static int setup_crldp(X509 *x) #define ns_reject(x, usage) \ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) +/* this caches also further information, e.g., if the cert is self-issued */ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) { BASIC_CONSTRAINTS *bs; @@ -502,11 +503,10 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) x->ex_flags |= EXFLAG_INVALID; /* Does subject name match issuer ? */ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { - x->ex_flags |= EXFLAG_SI; - /* If SKID matches AKID also indicate self signed */ - if (X509_check_akid(x, x->akid) == X509_V_OK && - !ku_reject(x, KU_KEY_CERT_SIGN)) - x->ex_flags |= EXFLAG_SS; + x->ex_flags |= EXFLAG_SI; /* cert is self-issued */ + if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ + && !ku_reject(x, KU_KEY_CERT_SIGN)) + x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ } x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); if (x->altname == NULL && i != -1) @@ -559,7 +559,7 @@ int X509v3_cache_extensions(X509 *x, OPENSSL_CTX *libctx, const char *propq) * 1 is a CA * 2 Only possible in older versions of openSSL when basicConstraints are absent * new versions will not return this value. May be a CA - * 3 basicConstraints absent but self signed V1. + * 3 basicConstraints absent but self-signed V1. * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. * 5 Netscape specific CA Flags present */ @@ -803,17 +803,17 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) } /*- - * Various checks to see if one certificate issued the second. - * This can be used to prune a set of possible issuer certificates - * which have been looked up using some simple method such as by - * subject name. + * Various checks to see if one certificate potentially issued the second. + * This can be used to prune a set of possible issuer certificates which + * have been looked up using some simple method such as by subject name. * These are: * 1. Check issuer_name(subject) == subject_name(issuer) * 2. If akid(subject) exists, check that it matches issuer * 3. Check that issuer public key algorithm matches subject signature algorithm - * 4. If key_usage(issuer) exists, check that it supports certificate signing - * returns 0 for OK, positive for reason for mismatch, reasons match - * codes for X509_verify_cert() + * 4. Check that any key_usage(issuer) allows certificate signing + * Note that this does not include actually checking the signature. + * Returns 0 for OK, or positive for reason for mismatch + * where reason codes match those for X509_verify_cert(). */ int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx, @@ -833,11 +833,8 @@ int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx, return ret; } + /* check if the subject signature alg matches the issuer's PUBKEY alg */ { - /* - * Check if the subject signature algorithm matches the issuer's PUBKEY - * algorithm - */ EVP_PKEY *i_pkey = X509_get0_pubkey(issuer); X509_ALGOR *s_algor = &subject->cert_info.signature; int s_pknid = NID_undef, s_mdnid = NID_undef; diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 4897c4d5dd..6ce8a722cc 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -58,9 +58,9 @@ const char *X509_verify_cert_error_string(long n) case X509_V_ERR_OUT_OF_MEM: return "out of memory"; case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - return "self signed certificate"; + return "self-signed certificate"; case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - return "self signed certificate in certificate chain"; + return "self-signed certificate in certificate chain"; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: return "unable to get local issuer certificate"; case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 1e881ccfcd..ef149a2e28 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -111,7 +111,13 @@ static int null_callback(int ok, X509_STORE_CTX *e) return ok; } -/* Return 1 is a certificate is self signed, 0 if not, or -1 on error */ +/* + * Return 1 if given cert is considered self-signed, 0 if not, or -1 on error. + * This does not verify self-signedness but relies on x509v3_cache_extensions() + * matching issuer and subject names (i.e., the cert being self-issued) and any + * present authority key identifier matching the subject key identifier, etc. + * Moreover the key usage (if present) must allow certificate signing - TODO correct this wrong semantics of x509v3_cache_extensions() + */ static int cert_self_signed(X509_STORE_CTX *ctx, X509 *x) { if (!X509v3_cache_extensions(x, ctx->libctx, ctx->propq)) @@ -356,7 +362,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) if (ss < 0) return 0; - /* Special case: single self signed certificate */ + /* Special case: single (likely) self-signed certificate */ if (ss > 0 && sk_X509_num(ctx->chain) == 1) return 1; for (i = 0; i < sk_X509_num(ctx->chain); i++) { @@ -562,7 +568,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) return 0; } - /* Increment path length if not a self issued intermediate CA */ + /* Increment path length if not a self-issued intermediate CA */ if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0) plen++; /* @@ -628,7 +634,7 @@ static int check_name_constraints(X509_STORE_CTX *ctx) X509 *x = sk_X509_value(ctx->chain, i); int j; - /* Ignore self issued certs unless last in chain */ + /* Ignore self-issued certs unless last in chain */ if (i && (x->ex_flags & EXFLAG_SI)) continue; @@ -1527,7 +1533,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) int cnum = ctx->error_depth; int chnum = sk_X509_num(ctx->chain) - 1; - /* if we have an alternative CRL issuer cert use that */ + /* If we have an alternative CRL issuer cert use that */ if (ctx->current_issuer) issuer = ctx->current_issuer; /* @@ -1538,7 +1544,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) issuer = sk_X509_value(ctx->chain, cnum + 1); else { issuer = sk_X509_value(ctx->chain, chnum); - /* If not self signed, can't check signature */ + /* If not self-issued, can't check signature */ if (!ctx->check_issued(ctx, issuer, issuer) && !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER)) return 0; @@ -1753,7 +1759,7 @@ static int internal_verify(X509_STORE_CTX *ctx) goto check_cert; } - if (ctx->check_issued(ctx, xi, xi)) + if (ctx->check_issued(ctx, xi, xi)) /* the last cert appears self-signed */ xs = xi; else { if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { @@ -1776,9 +1782,9 @@ static int internal_verify(X509_STORE_CTX *ctx) EVP_PKEY *pkey; /* - * Skip signature check for self signed certificates unless explicitly - * asked for. It doesn't add any security and just wastes time. If - * the issuer's public key is unusable, report the issuer certificate + * Skip signature check for self-signed certificates unless explicitly + * asked for because it does not add any security and just wastes time. + * If the issuer's public key is unusable, report the issuer certificate * and its depth (rather than the depth of the subject). */ if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { @@ -2803,7 +2809,7 @@ static int check_dane_issuer(X509_STORE_CTX *ctx, int depth) return X509_TRUST_UNTRUSTED; /* - * Record any DANE trust-anchor matches, for the first depth to test, if + * Record any DANE trust anchor matches, for the first depth to test, if * there's one at that depth. (This'll be false for length 1 chains looking * for an exact match for the leaf certificate). */ @@ -2889,7 +2895,7 @@ static int dane_verify(X509_STORE_CTX *ctx) * When testing the leaf certificate, if we match a DANE-EE(3) record, * dane_match() returns 1 and we're done. If however we match a PKIX-EE(1) * record, the match depth and matching TLSA record are recorded, but the - * return value is 0, because we still need to find a PKIX trust-anchor. + * return value is 0, because we still need to find a PKIX trust anchor. * Therefore, when DANE authentication is enabled (required), we're done * if: * + matched < 0, internal error. @@ -3012,7 +3018,7 @@ static int build_chain(X509_STORE_CTX *ctx) } /* - * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add + * If we got any "DANE-TA(2) Cert(0) Full(0)" trust anchors from DNS, add * them to our working copy of the untrusted certificate stack. Since the * caller of X509_STORE_CTX_init() may have provided only a leaf cert with * no corresponding stack of untrusted certificates, we may need to create @@ -3045,7 +3051,7 @@ static int build_chain(X509_STORE_CTX *ctx) ctx->param->depth = INT_MAX/2; /* - * Try to Extend the chain until we reach an ultimately trusted issuer. + * Try to extend the chain until we reach an ultimately trusted issuer. * Build chains up to one longer the limit, later fail if we hit the limit, * with an X509_V_ERR_CERT_CHAIN_TOO_LONG error code. */ @@ -3059,7 +3065,7 @@ static int build_chain(X509_STORE_CTX *ctx) * Look in the trust store if enabled for first lookup, or we've run * out of untrusted issuers and search here is not disabled. When we * reach the depth limit, we stop extending the chain, if by that point - * we've not found a trust-anchor, any trusted chain would be too long. + * we've not found a trust anchor, any trusted chain would be too long. * * The error reported to the application verify callback is at the * maximal valid depth with the current certificate equal to the last @@ -3105,8 +3111,8 @@ static int build_chain(X509_STORE_CTX *ctx) * Alternative trusted issuer for a mid-chain untrusted cert? * Pop the untrusted cert's successors and retry. We might now * be able to complete a valid chain via the trust store. Note - * that despite the current trust-store match we might still - * fail complete the chain to a suitable trust-anchor, in which + * that despite the current trust store match we might still + * fail complete the chain to a suitable trust anchor, in which * case we may prune some more untrusted certificates and try * again. Thus the S_DOALTERNATE bit may yet be turned on * again with an even shorter untrusted chain! @@ -3163,7 +3169,7 @@ static int build_chain(X509_STORE_CTX *ctx) /* * We have a self-signed certificate that has the same * subject name (and perhaps keyid and/or serial number) as - * a trust-anchor. We must have an exact match to avoid + * a trust anchor. We must have an exact match to avoid * possible impersonation via key substitution etc. */ if (X509_cmp(x, xtmp) != 0) { |