Folks,
While mopping up some residuals on CVE-2012-0654 I came across something which
looks like odd behaviour:
1) OpenSSL nicely verifies the authorityKeyIdentifier. Good.
2) It nicely rejects/fails if the SHA1 checksum is wrong.
BUT
3) It seems to NOT fail if the octedstring containing keyid:SHA1 is
intentionally corrupted value.
Is that the right behaviour ? It does do the right thing when marked critical
(unhandled critical extension).
Below is a test case that creates the three cases (normal, faulty, corrupted).
Any suggestions as how this should be interpreted ?
Thanks,
Dw.
#!/bin/sh
#
# Copyright 2012 Dirk-Willem van Gulik WebWeaving.org, All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Create config file
#
cat > ./openssl.cnf << EOM
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# Normal entry as one would expect.
[ usr_cert ]
authorityKeyIdentifier=keyid,issuer
# Put in a totally bogus value
#
[ usr_cert_corrupted_issuerid ]
authorityKeyIdentifier=DER:66:24:4E:97:D8:2C:62:E6:C6:6A:18:BF:96:56:69:F1:9A:81:C6:07
# Put in something structurally valid - yet with the wrong hash
#
[ usr_cert_invalid_issuerid ]
authorityKeyIdentifier=DER:30:16:80:14:de:ad:be:ef:de:ad:be:ee:ef:de:ad:be:ee:ef:de:ad:be:ee:ef:de
EOM
# Create CA, 3 requests and sign.
openssl req -new -x509 -keyout ca.key -out ca.pem -nodes -subj /CN=ca
-extensions v3_ca || exit 1
openssl req -new -keyout /dev/null -out test1.req -nodes -subj /CN=test
-extensions v3_ca || exit 1
openssl req -new -keyout /dev/null -out test2.req -nodes -subj /CN=test
-extensions v3_ca || exit 1
openssl req -new -keyout /dev/null -out test3.req -nodes -subj /CN=test
-extensions v3_ca || exit 1
openssl x509 -req -in test1.req -CAkey ca.key -CA ca.pem -set_serial 1 \
-extfile ./openssl.cnf -extensions usr_cert -out test1.pem || exit 1
openssl x509 -req -in test2.req -CAkey ca.key -CA ca.pem -set_serial 1 \
-extfile ./openssl.cnf -extensions usr_cert_corrupted_issuerid -out
test2.pem || exit 1
openssl x509 -req -in test3.req -CAkey ca.key -CA ca.pem -set_serial 1 \
-extfile ./openssl.cnf -extensions usr_cert_invalid_issuerid -out
test3.pem || exit 1
echo
echo Verify a valid chain - baseline. Should be ok.
openssl verify -CAfile ca.pem test1.pem
echo
echo Expect to fail - as issuer id has the wrong hash.
openssl verify -CAfile ca.pem test3.pem
echo
echo
echo Expect to fail too - as issuer id is corrupted. Yet it does not. Drat.
openssl verify -CAfile ca.pem test2.pem
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
