You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
282 lines
12 KiB
282 lines
12 KiB
From c927a3492698c254637da836762f9b1f86cffabc Mon Sep 17 00:00:00 2001
|
|
From: Viktor Dukhovni <openssl-users@dukhovni.org>
|
|
Date: Tue, 13 Dec 2022 08:49:13 +0100
|
|
Subject: [PATCH 01/18] Fix type confusion in nc_match_single()
|
|
|
|
This function assumes that if the "gen" is an OtherName, then the "base"
|
|
is a rfc822Name constraint. This assumption is not true in all cases.
|
|
If the end-entity certificate contains an OtherName SAN of any type besides
|
|
SmtpUtf8Mailbox and the CA certificate contains a name constraint of
|
|
OtherName (of any type), then "nc_email_eai" will be invoked, with the
|
|
OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING.
|
|
|
|
Reported by Corey Bonnell from Digicert.
|
|
|
|
CVE-2022-4203
|
|
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
---
|
|
crypto/x509/v3_ncons.c | 45 +++++++++++++++++++++++++++++-------------
|
|
1 file changed, 31 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
|
|
index 70a7e8304e..5101598512 100644
|
|
--- a/crypto/x509/v3_ncons.c
|
|
+++ b/crypto/x509/v3_ncons.c
|
|
@@ -31,7 +31,8 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
|
|
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
|
|
|
|
static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
|
|
-static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
|
|
+static int nc_match_single(int effective_type, GENERAL_NAME *sub,
|
|
+ GENERAL_NAME *gen);
|
|
static int nc_dn(const X509_NAME *sub, const X509_NAME *nm);
|
|
static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
|
|
static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
|
|
@@ -472,14 +473,17 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
|
{
|
|
GENERAL_SUBTREE *sub;
|
|
int i, r, match = 0;
|
|
+ int effective_type = gen->type;
|
|
+
|
|
/*
|
|
* We need to compare not gen->type field but an "effective" type because
|
|
* the otherName field may contain EAI email address treated specially
|
|
* according to RFC 8398, section 6
|
|
*/
|
|
- int effective_type = ((gen->type == GEN_OTHERNAME) &&
|
|
- (OBJ_obj2nid(gen->d.otherName->type_id) ==
|
|
- NID_id_on_SmtpUTF8Mailbox)) ? GEN_EMAIL : gen->type;
|
|
+ if (effective_type == GEN_OTHERNAME &&
|
|
+ (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox)) {
|
|
+ effective_type = GEN_EMAIL;
|
|
+ }
|
|
|
|
/*
|
|
* Permitted subtrees: if any subtrees exist of matching the type at
|
|
@@ -488,7 +492,10 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
|
|
|
for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
|
|
sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
|
|
- if (effective_type != sub->base->type)
|
|
+ if (effective_type != sub->base->type
|
|
+ || (effective_type == GEN_OTHERNAME &&
|
|
+ OBJ_cmp(gen->d.otherName->type_id,
|
|
+ sub->base->d.otherName->type_id) != 0))
|
|
continue;
|
|
if (!nc_minmax_valid(sub))
|
|
return X509_V_ERR_SUBTREE_MINMAX;
|
|
@@ -497,7 +504,7 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
|
continue;
|
|
if (match == 0)
|
|
match = 1;
|
|
- r = nc_match_single(gen, sub->base);
|
|
+ r = nc_match_single(effective_type, gen, sub->base);
|
|
if (r == X509_V_OK)
|
|
match = 2;
|
|
else if (r != X509_V_ERR_PERMITTED_VIOLATION)
|
|
@@ -511,12 +518,15 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
|
|
|
for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
|
|
sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
|
|
- if (effective_type != sub->base->type)
|
|
+ if (effective_type != sub->base->type
|
|
+ || (effective_type == GEN_OTHERNAME &&
|
|
+ OBJ_cmp(gen->d.otherName->type_id,
|
|
+ sub->base->d.otherName->type_id) != 0))
|
|
continue;
|
|
if (!nc_minmax_valid(sub))
|
|
return X509_V_ERR_SUBTREE_MINMAX;
|
|
|
|
- r = nc_match_single(gen, sub->base);
|
|
+ r = nc_match_single(effective_type, gen, sub->base);
|
|
if (r == X509_V_OK)
|
|
return X509_V_ERR_EXCLUDED_VIOLATION;
|
|
else if (r != X509_V_ERR_PERMITTED_VIOLATION)
|
|
@@ -528,15 +538,22 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
|
|
|
}
|
|
|
|
-static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
|
|
+static int nc_match_single(int effective_type, GENERAL_NAME *gen,
|
|
+ GENERAL_NAME *base)
|
|
{
|
|
switch (gen->type) {
|
|
case GEN_OTHERNAME:
|
|
- /*
|
|
- * We are here only when we have SmtpUTF8 name,
|
|
- * so we match the value of othername with base->d.rfc822Name
|
|
- */
|
|
- return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name);
|
|
+ switch (effective_type) {
|
|
+ case GEN_EMAIL:
|
|
+ /*
|
|
+ * We are here only when we have SmtpUTF8 name,
|
|
+ * so we match the value of othername with base->d.rfc822Name
|
|
+ */
|
|
+ return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name);
|
|
+
|
|
+ default:
|
|
+ return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
|
|
+ }
|
|
|
|
case GEN_DIRNAME:
|
|
return nc_dn(gen->d.directoryName, base->d.directoryName);
|
|
--
|
|
2.39.1
|
|
|
|
From fe6842f5a5dc2fb66da7fb24bf4343a3aeedd50a Mon Sep 17 00:00:00 2001
|
|
From: Tomas Mraz <tomas@openssl.org>
|
|
Date: Tue, 13 Dec 2022 19:45:09 +0100
|
|
Subject: [PATCH 02/18] Add testcase for nc_match_single type confusion
|
|
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
---
|
|
test/certs/bad-othername-cert.pem | 20 ++++++++++++++++++++
|
|
test/certs/nccaothername-cert.pem | 20 ++++++++++++++++++++
|
|
test/certs/nccaothername-key.pem | 28 ++++++++++++++++++++++++++++
|
|
test/certs/setup.sh | 11 +++++++++++
|
|
test/recipes/25-test_verify.t | 5 ++++-
|
|
5 files changed, 83 insertions(+), 1 deletion(-)
|
|
create mode 100644 test/certs/bad-othername-cert.pem
|
|
create mode 100644 test/certs/nccaothername-cert.pem
|
|
create mode 100644 test/certs/nccaothername-key.pem
|
|
|
|
diff --git a/test/certs/bad-othername-cert.pem b/test/certs/bad-othername-cert.pem
|
|
new file mode 100644
|
|
index 0000000000..cf279de5ea
|
|
--- /dev/null
|
|
+++ b/test/certs/bad-othername-cert.pem
|
|
@@ -0,0 +1,20 @@
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIDRDCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0
|
|
+IE5DIENBIG90aGVybmFtZTAgFw0yMjEyMTMxODMzMTZaGA8yMTIyMTIxNDE4MzMx
|
|
+NlowMTEvMC0GA1UECgwmTkMgZW1haWwgaW4gb3RoZXJuYW1lIFRlc3QgQ2VydGlm
|
|
+aWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgeoakqHk1zYt
|
|
+JZpEC0qkJPU/X0lfI+6GY2LHFY9KOSFqqmTXxrUtjQc3SdpQvBZhPuMZ8p82Jid2
|
|
+kkRHnWs0uqX9NtLO923yQalYvP6Mt3fokcYgw/C9b+I/q1PKUyN0kPB6McROguD5
|
|
+Jz2DcEufJBhbpyay1bFjEI2DAQJKDP/U7uH0EA7kH/27UMk0vfvL5uVjDvlo8i6S
|
|
+Ul8+u0cDV5ZFJW2VAJKLU3wp6IY4fZl9UqkHZuRQpMJGqAjAleWOIEpyyvfGGh0b
|
|
+75n3GJ+4YZ7CIBEgY7K0nIbKxtcDZPvmtbYg3g1tkPMTHcodFT7yEdqkBTJ5AGL7
|
|
+6U850OhjAgMBAAGjdzB1MB0GA1UdDgQWBBTBz0k+q6d4c3aM+s2IyOF/QP6zCTAf
|
|
+BgNVHSMEGDAWgBTwhghX7uNdMejZ3f4XorqOQoMqwTAJBgNVHRMEAjAAMCgGA1Ud
|
|
+EQQhMB+gHQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEB
|
|
+CwUAA4IBAQAhxbCEVH8pq0aUMaLWaodyXdCqA0AKTFG6Mz9Rpwn89OwC8FylTEru
|
|
+t+Bqx/ZuTo8YzON8h9m7DIrQIjZKDLW/g5YbvIsxIVV9gWhAGohdsIyMKRBepSmr
|
|
+NxJQkO74RLBTamfl0WUCVM4HqroflFjBBG67CTJaQ9cH9ug3TKxaXCK1L6iQAXtq
|
|
+enILGai98Byo0LCFH4MQOhmhV1BDT2boIG/iYb5VKCTSX25vhaF+PNBhUoysjW0O
|
|
+vhQX8vrw42QRr4Qi7VfUBXzrbRTzxjOc4yqki7h2DcEdpginqe+aGyaFY+H9m/ka
|
|
+1AR5KN8h5SYKltSXknjs0pp1w4k49aHl
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/test/certs/nccaothername-cert.pem b/test/certs/nccaothername-cert.pem
|
|
new file mode 100644
|
|
index 0000000000..f9b9b07b80
|
|
--- /dev/null
|
|
+++ b/test/certs/nccaothername-cert.pem
|
|
@@ -0,0 +1,20 @@
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIDPjCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
|
|
+IENBMCAXDTIyMTIxMzE4MTgwM1oYDzIxMjIxMjE0MTgxODAzWjAfMR0wGwYDVQQD
|
|
+DBRUZXN0IE5DIENBIG90aGVybmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
|
+AQoCggEBAN0Dx+ei8CgtRKnDcYiLwX4vrA48at/o/zfX24X/WZZM1o9HUKo1FQBN
|
|
+vhESJu+gqPxuIePrk+/L25XdRqwCKk8wkWX0XIz18q5orOHUUFAWNK3g0FDj6N8H
|
|
+d8urNIbDJ44FCx+/0n8Ppiht/EYN3aVOW5enqbgZ+EEt+3AUG6ibieRdGri9g4oh
|
|
+IIx60MmVHLbuT/TcVZxaeWyTl6iWmsYosUyqlhTtu1uGtbVtkCAhBYloVvz4J5eA
|
|
+mVu/JuJbsNxbxVeO9Q8Kj6nb4jPPdGvZ3JPcabbWrz5LwaereBf5IPrXEVdQTlYB
|
|
+gI0pTz2CEDHSIrd7jzRUX/9EC2gMk6UCAwEAAaOBjzCBjDAPBgNVHRMBAf8EBTAD
|
|
+AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU8IYIV+7jXTHo2d3+F6K6jkKDKsEw
|
|
+HwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwLAYDVR0eBCUwI6EhMB+g
|
|
+HQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IB
|
|
+AQDPI5uZd8DhSNKMvYF5bxOshd6h6UJ7YzZS7K6fhiygltdqzkHQ/5+4yiuUkDe4
|
|
+hOZlH8MCfXQy5jVZDTk24yNchpdfie5Bswn4SmQVQh3QyzOLxizoh0rLCf2PHueu
|
|
+dNVNhfiiJNJ5kd8MIuVG7CPK68dP0QrVR+DihROuJgvGB3ClKttLrgle19t4PFRR
|
|
+2wW6hJT9aXEjzLNyN1QFZKoShuiGX4xwjZh7VyKkV64p8hjojhcLk6dQkel+Jw4y
|
|
+OP26XbVfM8/6KG8f6WAZ8P0qJwHlhmi0EvRTnEpAM8WuenOeZH6ERZ9uZbRGh6xx
|
|
+LKQu2Aw2+bOEZ2vUtz0dBhX8
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/test/certs/nccaothername-key.pem b/test/certs/nccaothername-key.pem
|
|
new file mode 100644
|
|
index 0000000000..d3e300ac2f
|
|
--- /dev/null
|
|
+++ b/test/certs/nccaothername-key.pem
|
|
@@ -0,0 +1,28 @@
|
|
+-----BEGIN PRIVATE KEY-----
|
|
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDdA8fnovAoLUSp
|
|
+w3GIi8F+L6wOPGrf6P8319uF/1mWTNaPR1CqNRUATb4REibvoKj8biHj65Pvy9uV
|
|
+3UasAipPMJFl9FyM9fKuaKzh1FBQFjSt4NBQ4+jfB3fLqzSGwyeOBQsfv9J/D6Yo
|
|
+bfxGDd2lTluXp6m4GfhBLftwFBuom4nkXRq4vYOKISCMetDJlRy27k/03FWcWnls
|
|
+k5eolprGKLFMqpYU7btbhrW1bZAgIQWJaFb8+CeXgJlbvybiW7DcW8VXjvUPCo+p
|
|
+2+Izz3Rr2dyT3Gm21q8+S8Gnq3gX+SD61xFXUE5WAYCNKU89ghAx0iK3e480VF//
|
|
+RAtoDJOlAgMBAAECggEAMFSJlCyEFlER3Qq9asXe9eRgXEuXdmfZ2aEVIuf8M/sR
|
|
+B0tpxxKtCUA24j5FL+0CzxKZTCFBnDRIzCyTbf1aOa9t+CzXyUZmP3/p4EdgmabF
|
|
+dcl93FZ+X7kfF/VUGu0Vmv+c12BH3Fu0cs5cVohlMecg7diu6zCYok43F+L5ymRy
|
|
+2mTcKkGc0ShWizj8Z9R3WJGssZOlxbxa/Zr4rZwRC24UVhfN8AfGWYx/StyQPQIw
|
|
+gtbbtOmwbyredQmY4jwNqgrnfZS9bkWwJbRuCmD5l7lxubBgcHQpoM+DQVeOLZIq
|
|
+uksFXeNfal9G5Bo747MMzpD7dJMCGmX+gbMY5oZF+QKBgQDs2MbY4nbxi+fV+KuV
|
|
+zUvis8m8Lpzf3T6NLkgSkUPRN9tGr95iLIrB/bRPJg5Ne02q/cT7d86B9rpE42w7
|
|
+eeIF9fANezX2AF8LUqNZhIR23J3tfB/eqGlJRZeMNia+lD09a7SWGwrS7sufY1I+
|
|
+JQGcHx77ntt+eQT1MUJ1skF06QKBgQDu4z+TW4QIA5ItxIReVdcfh5e3xLkzDEVP
|
|
+3KNo9tpXxvPwqapdeBh6c9z4Lqe3MKr5UPlDvVW+o40t6OjKxDCXczB8+JAM0OyX
|
|
+8V+K3zXXUxRgieSd3oMncTylSWIvouPP3aW37B67TKdRlRHgaBrpJT2wdk3kYR4t
|
|
+62J1eDdjXQKBgQDMsY0pZI/nskJrar7geM1c4IU5Xg+2aj/lRFqFsYYrC1s3fEd2
|
|
+EYjan6l1vi4eSLKXVTspGiIfsFzLrMGdpXjyLduJyzKXqTp7TrBebWkOUR0sYloo
|
|
+1OQprzuKskJJ81P6AVvRXw27vyW8Wtp5WwJJK5xbWq/YXj8qqagGkEiCAQKBgQCc
|
|
+RK3XAFurPmLGa7JHX5Hc/z8BKMAZo6JHrsZ6qFiGaRA0U1it0hz5JYfcFfECheSi
|
|
+ORUF+fn4PlbhPGXkFljPCbwjVBovOBA9CNl+J6u50pAW4r1ZhDB5gbqxSQLgtIaf
|
|
++JcqbFxiG6+sT36lNJS+BO2I3KrxhZJPaZY7z8szxQKBgQDRy70XzwOk8jXayiF2
|
|
+ej2IN7Ow9cgSE4tLEwR/vCjxvOlWhA3jC3wxoggshGJkpbP3DqLkQtwQm0h1lM8J
|
|
+QNtFwKzjtpf//bTlfFq08/YxWimTPMqzcV2PgRacB8P3yf1r8T7M4fA5TORCDWpW
|
|
+5FtOCFEmwQHTR8lu4c63qfxkEQ==
|
|
+-----END PRIVATE KEY-----
|
|
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
|
|
index b9766aab20..2240cd9df0 100755
|
|
--- a/test/certs/setup.sh
|
|
+++ b/test/certs/setup.sh
|
|
@@ -388,6 +388,17 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
|
|
"email.1 = good@good.org" "email.2 = any@good.com" \
|
|
"IP = 127.0.0.1" "IP = 192.168.0.1"
|
|
|
|
+# Certs for CVE-2022-4203 testcase
|
|
+
|
|
+NC="excluded;otherName:SRVName;UTF8STRING:foo@example.org" ./mkcert.sh genca \
|
|
+ "Test NC CA othername" nccaothername-key nccaothername-cert \
|
|
+ root-key root-cert
|
|
+
|
|
+./mkcert.sh req alt-email-key "O = NC email in othername Test Certificate" | \
|
|
+ ./mkcert.sh geneealt bad-othername-key bad-othername-cert \
|
|
+ nccaothername-key nccaothername-cert \
|
|
+ "otherName.1 = SRVName;UTF8STRING:foo@example.org"
|
|
+
|
|
# RSA-PSS signatures
|
|
# SHA1
|
|
./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \
|
|
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
|
index 4613489f57..e6a2bca731 100644
|
|
--- a/test/recipes/25-test_verify.t
|
|
+++ b/test/recipes/25-test_verify.t
|
|
@@ -29,7 +29,7 @@ sub verify {
|
|
run(app([@args]));
|
|
}
|
|
|
|
-plan tests => 162;
|
|
+plan tests => 163;
|
|
|
|
# Canonical success
|
|
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
|
|
@@ -402,6 +402,9 @@ ok(!verify("badalt9-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
|
|
ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
|
|
"Name constraints nested DNS name excluded");
|
|
|
|
+ok(!verify("bad-othername-cert", "", ["root-cert"], ["nccaothername-cert"], ),
|
|
+ "CVE-2022-4203 type confusion test");
|
|
+
|
|
#Check that we get the expected failure return code
|
|
with({ exit_checker => sub { return shift == 2; } },
|
|
sub {
|
|
--
|
|
2.39.1
|
|
|