Fix verify out flags from x509_crt_verify_top()

This change fixes a regression introduced by an earlier commit that modified x509_crt_verify_top() to ensure that valid certificates that are after past or future valid in the chain are processed. However the change introduced a change in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the verification regardless of the cause. The fix maintains both behaviours: * Ensure that valid certificates after future and past are verified * Ensure that the correct verification flags are set. To do so, a temporary pointer to the first future or past valid certificate is maintained while traversing the chain. If a truly valid certificate is found then that one is used, otherwise if no valid certificate is found and the end of the chain is reached, the program reverts back to using the future or past valid certificate.
2024-11-22 12:05:36 +01:00 · 2016-12-09 17:26:23 +00:00 · 2016-12-09 17:26:23 +00:00 · d16506624a
commit d16506624a
parent cb587009d6
2 changed files with 30 additions and 12 deletions
--- a/9
+++ b/9
@ -1,5 +1,14 @@
 mbed TLS ChangeLog (Sorted per branch, date)

+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix output certificate verification flags set by x509_crt_verify_top() when
+     traversing a chain of trusted CA. The issue would cause both flags,
+     MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be
+     set when the verification conditions are not met regardless of the cause.
+     Found by Harm Verhagen and inestlerode. #665 #561
+
 = mbed TLS 2.4.1 branch released 2016-12-13

 Changes
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -1904,6 +1904,7 @@ static int x509_crt_verify_top(
    int check_path_cnt;
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
    const mbedtls_md_info_t *md_info;
+    mbedtls_x509_crt *future_past_ca = NULL;

    if( mbedtls_x509_time_is_past( &child->valid_to ) )
        *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
@ -1958,16 +1959,6 @@ static int x509_crt_verify_top(
            continue;
        }

-        if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
-        {
-            continue;
-        }
-
-        if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
-        {
-            continue;
-        }
-
        if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
                           child->sig_md, hash, mbedtls_md_get_size( md_info ),
                           child->sig.p, child->sig.len ) != 0 )
@ -1975,6 +1966,20 @@ static int x509_crt_verify_top(
            continue;
        }

+        if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ||
+            mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
+        {
+            if ( future_past_ca == NULL )
+                future_past_ca = trust_ca;
+
+            continue;
+        }
+
+        break;
+    }
+
+    if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL )
+    {
        /*
         * Top of chain is signed by a trusted CA
         */
@ -1982,8 +1987,6 @@ static int x509_crt_verify_top(

        if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 )
            *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
-        break;
    }

    /*
@ -2003,6 +2006,12 @@ static int x509_crt_verify_top(
        ((void) ca_crl);
 #endif

+        if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
+            ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+
+        if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
+            ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
+
        if( NULL != f_vrfy )
        {
            if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,