-
-
Notifications
You must be signed in to change notification settings - Fork 10k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WiP: x590_vfy.c: (Re-)check that the root of the constructed cert chain is directly trusted #13770
Conversation
1da5865
to
92c4576
Compare
crypto/x509/x509_vfy.c
Outdated
/* Make sure that the root of the chain is trusted */ | ||
CB_FAIL_IF(!X509_check_trust(xi, ctx->param->trust, ctx->param->flags), | ||
/* Make sure that the root of the chain is directly trusted */ | ||
CB_FAIL_IF(!directly_trusted(ctx, xi), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, on balance I think this PR should be abandoned. The internal_verify()
function is not the right place to second-guess the trust-path construction. Its job is solely to check chain integrity (signatures and dates).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As meanwhile discussed at #13780 (comment) the internal_verify()
function is not the right/best place to add the intended check, so I've disabled it there for now.
Yet where else to place it then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As meanwhile discussed at #13780 (comment) the
internal_verify()
function is not the right/best place to add the intended check, so I've disabled it there for now.
Yet where else to place it then?
Nowhere that comes to mind. Hence the suggestion to drop this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meanwhile think that the check is best done just before calling internal_verify()
, in verify_chain()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see how that solves my fundamental objection that the context for making decisions is no longer available, and we just need to make sure that the build_chain code is correct.
95ff73d
to
68cdf2a
Compare
I've adapted and rebased this PR, moving out the rather unrelated renaming of |
68cdf2a
to
57a337d
Compare
I'm placing on OTC hold on this PR. I don't think it should be merged, but if there's a consensus around a sound way forward, I'm willing to reconsider my objections. If you decide to just close this instead, that'd be fine too. |
This PR is in a state where it requires action by @openssl/otc but the last update was 30 days ago |
This PR is in a state where it requires action by @openssl/otc but the last update was 61 days ago |
This PR is in a state where it requires action by @openssl/otc but the last update was 92 days ago |
a1547d3
to
ae1dcdc
Compare
@@ -131,7 +131,7 @@ static int lookup_cert_match(X509 **result, X509_STORE_CTX *ctx, X509 *x) | |||
xtmp = NULL; | |||
} | |||
ret = xtmp != NULL; | |||
if (ret) { | |||
if (ret && result != NULL) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is not needed, or is not what you had in mind. The result
output parameter (pointer) is never NULL, we'd have crashed at *result = NULL
on line 119 if it were.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, right! Fixed that.
Also added a comment on the use of result
:
* If result is not NULL, on success *result will hold the up-ref'd found cert.
The idea is that the function can now also be used as follows:
static int directly_trusted(X509_STORE_CTX *ctx, X509 *cert)
{
return X509_check_trust(cert, ctx->param->trust,
ctx->param->flags) != X509_TRUST_REJECTED
&& lookup_cert_match(NULL, ctx, cert) != 0;
}
@@ -224,6 +231,15 @@ static int verify_chain(X509_STORE_CTX *ctx) | |||
ctx->param->flags); | |||
CB_FAIL_IF(err != X509_V_OK, ctx, NULL, ctx->error_depth, err); | |||
|
|||
/* In the non-DANE case (re-)check direct trust in the root of the chain */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The DANE case can be more strict than non-DANE when the matched TLSA record is PKIX-TA(0) or PKIX-EE(1) so such a check would need to also happen in that case (and not with DANE-TA(2)/DANE-EE(3)). BUT: I think this PR is not warranted. Test coverage should ensure that build chains correctly, and I don't see much point in doing duplicate work at runtime.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I suggest postponing the further handling of this PR including the fundamental discussion to post-3.0.
I just rebased this PR (and others) recently in order to fix merge conflicts before more such conflicts pile up.
…n-DANE Forms a safety-net making verification independendent of the chain building algorithm.
ae1dcdc
to
87d7b4b
Compare
At this point I don't see any remaining substantial bugs, but still question the need for this PR. The minor issues are:
|
OTC: We see no need for this PR. |
Did you intend to close this?
|
Yes, it was intentionally closed by OTC after a discussion on the meeting. |
Clearly I need to read better.
|
I think it would be good as a security precaution to
make
internal_verify()
verify_chain()
(re-)check the trust placed in the last element of the chain being verified (i.e., its trust anchor),such that the correctness of chain verification becomes independent of the checks done during chain building.