diff options
| author | Adam Langley <agl@google.com> | 2015-01-08 23:26:55 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-01-09 22:41:59 +0300 |
| commit | ca9a538aa0f2ebdd261783efa032e69a2ea17fbc (patch) | |
| tree | 14529d1f4faf65fadd64b61f1c4c1423b6e0d416 /include/openssl/x509.h | |
| parent | 44e2709cd65fbd2172b9516c79e56f1875f60300 (diff) | |
Fix various certificate fingerprint issues.
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.
1. Reject signatures with non zero unused bits.
If the BIT STRING containing the signature has non zero unused bits reject the
signature. All current signature algorithms require zero unused bits.
2. Check certificate algorithm consistency.
Check the AlgorithmIdentifier inside TBS matches the one in the certificate
signature. NB: this will result in signature failure errors for some broken
certificates.
3. Check DSA/ECDSA signatures use DER.
Reencode DSA/ECDSA signatures and compare with the original received signature.
Return an error if there is a mismatch.
This will reject various cases including garbage after signature (thanks to
Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for
discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or
with leading zeroes).
CVE-2014-8275
(Imported from upstream's 85cfc188c06bd046420ae70dd6e302f9efe022a9 and
4c52816d35681c0533c25fdd3abb4b7c6962302d)
Change-Id: Ic901aea8ea6457df27dc542a11c30464561e322b
Reviewed-on: https://boringssl-review.googlesource.com/2783
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include/openssl/x509.h')
| -rw-r--r-- | include/openssl/x509.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d9c2ae13..475f7473 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -720,6 +720,7 @@ OPENSSL_EXPORT int X509_ALGOR_set0(X509_ALGOR *alg, const ASN1_OBJECT *aobj, int OPENSSL_EXPORT void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_ALGOR *algor); OPENSSL_EXPORT void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +OPENSSL_EXPORT int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *xn); OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); @@ -834,9 +835,6 @@ OPENSSL_EXPORT X509_INFO * X509_INFO_new(void); OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a); OPENSSL_EXPORT char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); -OPENSSL_EXPORT int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, - ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); - OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data, unsigned char *md,unsigned int *len); @@ -1306,5 +1304,6 @@ OPENSSL_EXPORT int PKCS7_bundle_certificates( #define X509_R_CRL_ALREADY_DELTA 135 #define X509_R_ERR_ASN1_LIB 136 #define X509_R_AKID_MISMATCH 137 +#define X509_R_INVALID_BIT_STRING_BITS_LEFT 138 #endif |