openssl verify accepting CA certs issued by intermediate with CA:TRUE, pathlen:0

Peter Magnusson <blaufish.public.email@xxxxxxxxx> · Wed, 3 Oct 2018 14:51:57 +0200

Hi,
It is my understanding "openssl verify" should raise
X509_V_ERR_PATH_LENGTH_EXCEEDED should be raised if pathlen=0
intermediate issues a new CA, but that does not seem to occur when I
test with a couple pf openssl versions.

I am not sure due to limited understanding of the code, but I am
wonder if there isn't an off-by-one or out-of-order increment error in
x509_vfy.c in this check: (plen > (x->ex_pathlen + proxy_path_length +
1))). if plen=1 and x->ex_pathlen=0, the check would become 1>1
(false) while it was expected to raise an error?

openssl verify -verbose -CAfile root.pem -untrusted intermediate.pem evil.pem
evil.pem: OK

openssl x509 -text -in root.pem | egrep -a1 X509v3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:70:7B:56:F1:93:E9:CC:FD:15:EF:FA:64:67:41:99:6F:40:DA:C5
--
--
                A5:70:7B:56:F1:93:E9:CC:FD:15:EF:FA:64:67:41:99:6F:40:DA:C5
            X509v3 Authority Key Identifier:

keyid:A5:70:7B:56:F1:93:E9:CC:FD:15:EF:FA:64:67:41:99:6F:40:DA:C5
--
--
            X509v3 Key Usage:
                Certificate Sign, CRL Sign
--
--
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:1

openssl x509 -text -in intermediate.pem | egrep -a1 X509v3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:5A:8A:64:CE:A4:1E:51:6F:AB:E4:8E:E3:71:8D:EF:2D:42:A7:AD
--
--
                B5:5A:8A:64:CE:A4:1E:51:6F:AB:E4:8E:E3:71:8D:EF:2D:42:A7:AD
            X509v3 Authority Key Identifier:

keyid:A5:70:7B:56:F1:93:E9:CC:FD:15:EF:FA:64:67:41:99:6F:40:DA:C5
--
--
            X509v3 Key Usage:
                Certificate Sign, CRL Sign
--
--
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0

openssl x509 -text -in evil.pem | egrep -a1 X509v3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:3A:5A:BD:9E:6C:08:0F:C7:6A:31:A2:0D:0F:2A:02:62:BE:63:12
--
--
                81:3A:5A:BD:9E:6C:08:0F:C7:6A:31:A2:0D:0F:2A:02:62:BE:63:12
            X509v3 Authority Key Identifier:

keyid:B5:5A:8A:64:CE:A4:1E:51:6F:AB:E4:8E:E3:71:8D:EF:2D:42:A7:AD
--
--
            X509v3 Basic Constraints: critical
                CA:TRUE
--
--
                CA:TRUE
            X509v3 Key Usage:
                Certificate Sign, CRL Sign
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users