Regression in X509_verify_cert #13739
Description
OpenSSL 1.1.1i caused the regression in FreeIPA setups having enabled Anonymous PKINIT (https://pagure.io/freeipa/issue/8632).
The change 315c47e introduced new condition if (issuer != x which always fails in such setups.
FreeIPA uses kinit tool provided by MIT Kerberos https://github.com/krb5/krb5
(gdb) bt
#0 find_issuer (ctx=0x437a30, sk=0x43e680, x=0x43e4a0) at crypto/x509/x509_vfy.c:341
#1 0x00007ffff78e2980 in get_issuer_sk (issuer=0x7fffffffcbd0, ctx=<optimized out>, x=<optimized out>)
at crypto/x509/x509_vfy.c:361
#2 0x00007ffff78e3e90 in get_issuer (cert=0x43e4a0, ctx=0x437a30, issuer=0x7fffffffcbd0)
at crypto/x509/x509_vfy.c:2920
#3 build_chain (ctx=<optimized out>) at crypto/x509/x509_vfy.c:3059
#4 verify_chain (ctx=0x437a30) at crypto/x509/x509_vfy.c:217
#5 0x00007ffff78e50bc in X509_verify_cert (ctx=ctx@entry=0x437a30) at crypto/x509/x509_vfy.c:303
#6 0x00007ffff79e4913 in cms_signeddata_verify (context=context@entry=0x40dc10, plgctx=0x4357d0,
reqctx=0x436720, idctx=0x4368b0, cms_msg_type=cms_msg_type@entry=2,
require_crl_checking=<optimized out>,
signed_data=0x443330 "0\202\002\364\006\t*\206H\206\367\r\001\a\002\240\202\002\345\060\202\002\341\002\001\003\061\v0\t\006\005+\016\003\002\032\005", signed_data_len=760, data=0x7fffffffcef8,
data_len=0x7fffffffcef4, authz_data=0x0, authz_data_len=0x0, is_signed=0x0)
at pkinit_crypto_openssl.c:1658
#7 0x00007ffff79da837 in pkinit_as_rep_parse (context=context@entry=0x40dc10,
plgctx=plgctx@entry=0x412140, reqctx=reqctx@entry=0x4366a0, pa_type=17,
request=request@entry=0x436550, as_rep=as_rep@entry=0x7fffffffcfa0, key_block=0x7fffffffd010,
etype=18, encoded_request=0x438b30) at pkinit_clnt.c:657
#8 0x00007ffff79dade0 in pa_pkinit_parse_rep (context=context@entry=0x40dc10,
plgctx=plgctx@entry=0x412140, reqctx=reqctx@entry=0x4366a0, request=request@entry=0x436550,
in_padata=in_padata@entry=0x43dc50, etype=<optimized out>, as_key=0x7fffffffd010,
encoded_request=0x438b30) at pkinit_clnt.c:446
...
(gdb) l
336 issuer = sk_X509_value(sk, i);
337 /*
338 * Below check 'issuer != x' is an optimization and safety precaution:
339 * Candidate issuer cert cannot be the same as the subject cert 'x'.
340 */
341 if (issuer != x && ctx->check_issued(ctx, x, issuer)
342 && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
343 || !sk_X509_contains(ctx->chain, issuer))) {
344 rv = issuer;
345 if (x509_check_cert_time(ctx, rv, -1))
(gdb) p issuer == x
$15 = 1
Similar reproducer is attached:
x509_verify.c.txt
kdc.crt.gz