Skip to content

Regression in X509_verify_cert #13739

@stanislavlevin

Description

@stanislavlevin

OpenSSL 1.1.1i caused the regression in FreeIPA setups having enabled Anonymous PKINIT (https://pagure.io/freeipa/issue/8632).

The change 315c47e introduced new condition if (issuer != x which always fails in such setups.

FreeIPA uses kinit tool provided by MIT Kerberos https://github.com/krb5/krb5

(gdb) bt
#0  find_issuer (ctx=0x437a30, sk=0x43e680, x=0x43e4a0) at crypto/x509/x509_vfy.c:341
#1  0x00007ffff78e2980 in get_issuer_sk (issuer=0x7fffffffcbd0, ctx=<optimized out>, x=<optimized out>)
    at crypto/x509/x509_vfy.c:361
#2  0x00007ffff78e3e90 in get_issuer (cert=0x43e4a0, ctx=0x437a30, issuer=0x7fffffffcbd0)
    at crypto/x509/x509_vfy.c:2920
#3  build_chain (ctx=<optimized out>) at crypto/x509/x509_vfy.c:3059
#4  verify_chain (ctx=0x437a30) at crypto/x509/x509_vfy.c:217
#5  0x00007ffff78e50bc in X509_verify_cert (ctx=ctx@entry=0x437a30) at crypto/x509/x509_vfy.c:303
#6  0x00007ffff79e4913 in cms_signeddata_verify (context=context@entry=0x40dc10, plgctx=0x4357d0, 
    reqctx=0x436720, idctx=0x4368b0, cms_msg_type=cms_msg_type@entry=2, 
    require_crl_checking=<optimized out>, 
    signed_data=0x443330 "0\202\002\364\006\t*\206H\206\367\r\001\a\002\240\202\002\345\060\202\002\341\002\001\003\061\v0\t\006\005+\016\003\002\032\005", signed_data_len=760, data=0x7fffffffcef8, 
    data_len=0x7fffffffcef4, authz_data=0x0, authz_data_len=0x0, is_signed=0x0)
    at pkinit_crypto_openssl.c:1658
#7  0x00007ffff79da837 in pkinit_as_rep_parse (context=context@entry=0x40dc10, 
    plgctx=plgctx@entry=0x412140, reqctx=reqctx@entry=0x4366a0, pa_type=17, 
    request=request@entry=0x436550, as_rep=as_rep@entry=0x7fffffffcfa0, key_block=0x7fffffffd010, 
    etype=18, encoded_request=0x438b30) at pkinit_clnt.c:657
#8  0x00007ffff79dade0 in pa_pkinit_parse_rep (context=context@entry=0x40dc10, 
    plgctx=plgctx@entry=0x412140, reqctx=reqctx@entry=0x4366a0, request=request@entry=0x436550, 
    in_padata=in_padata@entry=0x43dc50, etype=<optimized out>, as_key=0x7fffffffd010, 
    encoded_request=0x438b30) at pkinit_clnt.c:446

...

(gdb) l
336             issuer = sk_X509_value(sk, i);
337             /*
338              * Below check 'issuer != x' is an optimization and safety precaution:
339              * Candidate issuer cert cannot be the same as the subject cert 'x'.
340              */
341             if (issuer != x && ctx->check_issued(ctx, x, issuer)
342                 && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
343                     || !sk_X509_contains(ctx->chain, issuer))) {
344                 rv = issuer;
345                 if (x509_check_cert_time(ctx, rv, -1))
(gdb) p issuer == x
$15 = 1

Similar reproducer is attached:
x509_verify.c.txt
kdc.crt.gz

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions