[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

On Wednesday 07 September 2011 22:06:55 Raphael Geissert wrote:
> On Wednesday 07 September 2011 10:57:51 Raphael Geissert wrote:
> > On Monday 05 September 2011 14:55:50 Kurt Roeckx wrote:
> > > So you're basicly saying that X509_verify_cert() should give an
> > > error in case it finds DigiNotar somewhere in the chain?
> > > 
> > > I'm not opposed to such a change, but would like to see a better
> > > option in the future.
> > 
> > Yes. I will try to spend some time with a debugger later today to find
> > the right place to implement such check. Or do you have any hint? (the
> > cn validation functions didn't seem to be executed in one case I tried)
> 
> Attached is the first version of patch against the 1.0.0 series that does
> that. I implemented it in check_name_constraints, but given that 0.9.8
> doesn't have support for name constraints I might as well move it to a
> separate function. I've tested it on the rogue *.google.com cert  with
> verify(1) and a few others with different clients (tried the urls
> mentioned on the bug report, of which only ingcommercialbanking still uses
> a DigiNotar cert.)
> Attached are a bundle of the certs needed to verify(1) the rogue google
> cert, and the rogue cert itself. Perhaps they could be included in the
> test suite.

I somehow ended up adding an O instead of a 0 in the exported patch for 1.0.0. 
Attached are the fixed 1.0.0 patch (as v2, to avoid confusions) and the 
previous patch for 0.9.8.

> The patch for 0.9.8 is also attached, but I haven't tested it yet. It was
> made based on squeeze's openssl and it seems to apply fine to lenny's
> openssl (just a few lines of difference.)
> 
> Kurt, what do you think? would upstream be interested in the patch, or at
> least in reviewing it?

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Description: make X509_verify_cert indicate that any certificate whose
 name contains "DigiNotar" is revoked.
Origin: vendor
Forwarded: no
Last-Update: 2011-09-07
Bug: http://bugs.debian.org/639744

diff -urpN openssl-0.9.8o-4squeeze1.orig/crypto/x509/x509_vfy.c openssl-0.9.8o-4squeeze1/crypto/x509/x509_vfy.c
--- openssl-0.9.8o-4squeeze1.orig/crypto/x509/x509_vfy.c	2009-06-26 06:34:21.000000000 -0500
+++ openssl-0.9.8o-4squeeze1/crypto/x509/x509_vfy.c	2011-09-07 21:23:58.000000000 -0500
@@ -78,6 +78,7 @@ static int check_trust(X509_STORE_CTX *c
 static int check_revocation(X509_STORE_CTX *ctx);
 static int check_cert(X509_STORE_CTX *ctx);
 static int check_policy(X509_STORE_CTX *ctx);
+static int check_ca_blacklist(X509_STORE_CTX *ctx);
 static int internal_verify(X509_STORE_CTX *ctx);
 const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
 
@@ -312,6 +313,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
 		ok=internal_verify(ctx);
 	if(!ok) goto end;
 
+	ok = check_ca_blacklist(ctx);
+	if(!ok) goto end;
+
 #ifndef OPENSSL_NO_RFC3779
 	/* RFC 3779 path validation, now that CRL check has been done */
 	ok = v3_asid_validate_path(ctx);
@@ -661,6 +665,29 @@ static int check_crl_time(X509_STORE_CTX
 	return 1;
 	}
 
+static int check_ca_blacklist(X509_STORE_CTX *ctx)
+	{
+	X509 *x;
+	int i;
+	/* Check all certificates against the blacklist */
+	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+		{
+		x = sk_X509_value(ctx->chain, i);
+		/* Mark DigiNotar certificates as revoked, no matter                                                                            
+		 * where in the chain they are.                                                                                                 
+		 */
+		if (x->name && strstr(x->name, "DigiNotar"))
+			{
+			ctx->error = X509_V_ERR_CERT_REVOKED;
+			ctx->error_depth = i;
+			ctx->current_cert = x;
+			if (!ctx->verify_cb(0,ctx))
+				return 0;
+			}
+		}
+	return 1;
+	}
+
 /* Lookup CRLs from the supplied list. Look for matching isser name
  * and validity. If we can't find a valid CRL return the last one
  * with matching name. This gives more meaningful error codes. Otherwise

Description: make X509_verify_cert indicate that any certificate whose
 name contains "DigiNotar" is revoked.
Origin: vendor
Forwarded: no
Last-Update: 2011-09-07
Bug: http://bugs.debian.org/639744

diff --git a/crypto/x509/x509_vfy.c.orig b/crypto/x509/x509_vfy.c
index bd6695d..1aaf5d3 100644
--- a/crypto/x509/x509_vfy.c.orig
+++ b/crypto/x509/x509_vfy.c
@@ -617,6 +617,17 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
 	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
 		{
 		x = sk_X509_value(ctx->chain, i);
+		/* Mark DigiNotar certificates as revoked, no matter
+		 * where in the chain they are.
+		 */
+		if (x->name && strstr(x->name, "DigiNotar"))
+			{
+			ctx->error = X509_V_ERR_CERT_REVOKED;
+			ctx->error_depth = i;
+			ctx->current_cert = x;
+			if (!ctx->verify_cb(0,ctx))
+				return 0;
+			}
 		/* Ignore self issued certs unless last in chain */
 		if (i && (x->ex_flags & EXFLAG_SI))
 			continue;
Reply to: