Mbed TLS accepts v4 certificate, even though it has not beem used yet

RonEld commented 6 years ago

Description

Type: Bug
Priority: Minor Raised by Email by 不幻想了

Bug

OS
linux

mbed TLS build:
Version: 2.6.0
OS version: Ubuntu 16.04.03 Configuration: please attach config.h file where possible
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
Additional environment information:

Expected behavior
The V4 certificate has not been used yet, so MbedTLS should reject it. Actual behavior
V4 certificate，while MbedTLS accepts it. Steps to reproduce
(Test case: A v4 cert. the root ca is at the end)

ciarmcom commented 6 years ago

ARM Internal Ref: IOTSSL-2360

simonbutcher commented 6 years ago

I tried out the certificate with Mbed TLS and OpenSSL and it looks valid to me.

Extract from OpenSSL:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            fd:36:50:d3:43:21:05:90
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=cc, ST=cc, L=cc, O=cc, OU=cc, CN=cc/emailAddress=cccc
        Validity
            Not Before: Sep 19 06:07:38 2017 GMT
            Not After : Jul  9 06:07:38 2020 GMT
        Subject: C=cc, ST=cc, L=cc, O=cc, OU=cc, CN=cc/emailAddress=cccc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:be:73:31:cd:ff:6b:32:b2:8f:8e:2c:c5:c0:29:
                    bb:ea:56:b5:20:f0:3e:64:da:c7:67:58:16:8c:53:
                    9c:7f:f6:66:4c:93:74:4f:56:94:aa:83:8b:9b:09:
                    18:73:f9:3a:cc:21:2d:e9:21:78:6b:80:b0:1a:28:
                    4b:5d:90:ee:67:00:c6:22:ed:26:b9:36:06:e4:47:
                    71:32:0d:e5:3a:a3:a9:d9:e0:3a:52:01:30:c7:d5:
                    1a:a1:e2:dd:ad:9b:42:a0:ad:cd:4f:47:99:1f:52:
                    32:77:35:54:90:57:d9:78:89:c5:e0:0c:33:47:bc:
                    8d:5c:b3:2d:fc:5f:fb:00:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:85:1C:28:CA:6D:31:46:F6:27:6C:23:3A:34:FB:B9:FC:6E:4E:E8
            X509v3 Authority Key Identifier:
                keyid:9D:85:1C:28:CA:6D:31:46:F6:27:6C:23:3A:34:FB:B9:FC:6E:4E:E8

            X509v3 Basic Constraints:
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
    Signature Algorithm: sha256WithRSAEncryption
        36:6e:11:89:19:e4:67:a9:fe:af:40:57:11:d7:dd:ff:fd:fd:
        86:3b:de:92:a2:8b:6f:86:54:7d:2f:d8:43:f1:c5:5d:70:52:
        72:18:04:60:00:f1:15:8d:ef:b7:5d:99:7d:86:1f:4a:1b:7d:
        55:9b:5e:dd:e5:33:51:b5:f0:fd:c6:1a:04:f4:c1:71:56:ae:
        99:52:d2:e7:d0:ad:5e:f8:6d:66:28:7a:d9:0a:05:86:b5:08:
        92:39:0a:fe:c1:3f:f4:bc:f7:95:ea:45:f9:74:b6:09:97:e9:
        99:01:41:00:db:8b:21:a2:64:be:fc:ec:b8:15:a2:38:c8:23:
        74:67

And from Mbed TLS:

./programs/x509/cert_app mode=file filename=test.cert ca_file=ca.cert
  . Loading the CA root certificate ... ok (0 skipped)

  . Loading the certificate(s) ... ok
  . Peer certificate information    ...
      cert. version     : 3
      serial number     : FD:36:50:D3:43:21:05:90
      issuer name       : C=cc, ST=cc, L=cc, O=cc, OU=cc, CN=cc, emailAddress=cccc
      subject name      : C=cc, ST=cc, L=cc, O=cc, OU=cc, CN=cc, emailAddress=cccc
      issued  on        : 2017-09-19 06:07:38
      expires on        : 2020-07-09 06:07:38
      signed using      : RSA with SHA-256
      RSA key size      : 1024 bits
      basic constraints : CA=true
      key usage         : Key Cert Sign, CRL Sign

  . Verifying X.509 certificate...
Verify requested for (Depth 0):
cert. version     : 3
serial number     : FD:36:50:D3:43:21:05:90
issuer name       : C=cc, ST=cc, L=cc, O=cc, OU=cc, CN=cc, emailAddress=cccc
subject name      : C=cc, ST=cc, L=cc, O=cc, OU=cc, CN=cc, emailAddress=cccc
issued  on        : 2017-09-19 06:07:38
expires on        : 2020-07-09 06:07:38
signed using      : RSA with SHA-256
RSA key size      : 1024 bits
basic constraints : CA=true
key usage         : Key Cert Sign, CRL Sign
  ! The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

 failed
  ! The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

I also looked at the code - and we do reject v4 certificates.

Am I missing something? It looks like we reject v4 certificates, and are parsing this chain correctly.

RonEld commented 5 years ago

I have tried reproducing this issue again, and we return a failure on the v4 certificate:

./cert_app mode=file ca_file=rootCA_A.crt filename=cert_A.crt
  . Loading the CA root certificate ... ok (0 skipped)

  . Loading the certificate(s) ... failed
  !  mbedtls_x509_crt_parse_file returned -9600

error -9600 is:

./strerror 9600
Last error was: -0x2580 - X509 - CRT/CRL/CSR has an unsupported version number

I believe this was fixed in https://github.com/ARMmbed/mbedtls/commit/7ca4a039554670ce3011a1ef649b54a66e2cc7da , since version 2.9.0 Since we now reject such an invalid certificate, I am closing this issue

RonEld commented 5 years ago

Since this commit is since version 2.9.0, I checked on the LTS branch 2.7, and the issue is not reproduced there as well. The fix was backported in https://github.com/ARMmbed/mbedtls/commit/80164741e181a87ae18fa91a07f7201931b4d097

Mbed-TLS / mbedtls

Mbed TLS accepts v4 certificate, even though it has not beem used yet #1715

Description

Priority: Minor Raised by Email by 不幻想了

Bug