search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.26k stars 2.57k forks source link

mbedTLS accepts a cert which has an empty subject and duplicate exts but no subjectAltName #4065

Open GOODPWDCETCSZ opened 3 years ago

GOODPWDCETCSZ commented 3 years ago

Description

Bug

OS
Mbed OS linux

mbed TLS build:
Version: 2.25.0 OS version: 18.04, 20.04
Configuration: no Compiler and options (if you used a pre-built binary, please indicate how you obtained it): gcc 9.3.0 Additional environment information: no

Peer device TLS stack and version
OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other

Version: GnuTLS v3.5.5 & v3.6.13, wolfSSL v4.6.0

Expected behavior

Consistent verification result between mbedTLS and GnuTLS+wolfSSL.

Actual behavior 

./cert_app mode=file ca_file=../../../../eclipse-workspace/DTCPV/certs_related/ca.pem filename=../../../../eclipse-workspace/DTCPV/certs/seed-4s18-12s35-155s28-584c21-990c22.pem
  . Loading the CA root certificate ... ok (0 skipped)

  . Loading the certificate(s) ... ok
  . Peer certificate information    ...
      cert. version     : 3
      serial number     : 02
      issuer name       : C=UN, ST=NYS, O=UNGA, OU=UNSC, CN=DT
      subject name      : 
      issued  on        : 2019-06-25 19:55:19
      expires on        : 2030-01-23 09:26:41
      signed using      : RSA with SHA-256
      RSA key size      : 4096 bits
      basic constraints : CA=false
      key usage         : Key Cert Sign

  . Verifying X.509 certificate...
Verify requested for (Depth 1):
cert. version     : 3
serial number     : 01
issuer name       : C=UN, ST=NYS, O=UNGA, OU=UNSC, CN=DT
subject name      : C=UN, ST=NYS, O=UNGA, OU=UNSC, CN=DT
issued  on        : 2019-06-19 08:55:59
expires on        : 2031-01-23 09:26:41
signed using      : RSA with SHA-256
RSA key size      : 4096 bits
basic constraints : CA=true
key usage         : Key Cert Sign
  This certificate has no flags

Verify requested for (Depth 0):
cert. version     : 3
serial number     : 02
issuer name       : C=UN, ST=NYS, O=UNGA, OU=UNSC, CN=DT
subject name      : 
issued  on        : 2019-06-25 19:55:19
expires on        : 2030-01-23 09:26:41
signed using      : RSA with SHA-256
RSA key size      : 4096 bits
basic constraints : CA=false
key usage         : Key Cert Sign
  This certificate has no flags
 ok

GnuTLS and wolfSSL reject it.

Steps to reproduce

./cert_app mode=file ca_file=ca.pem filename=seed-4s18-12s35-155s28-584c21-990c22.pem

Attachments

ca.zip

seed-4s18-12s35-155s28-584c21-990c22.zip

tom-daubney-arm commented 3 years ago

Hi, Thanks for raising the various certificate related bugs that you have raised today. Could you please tell us a little bit about the type of testing that you are doing at the moment? For example, are you doing compliance testing or fuzzing for example? A little information regarding this would be helpful for us. Thanks

GOODPWDCETCSZ commented 3 years ago

@tom-daubney-arm We thought a new differential testing approach for testing certificate validation in TLS implementations and have implemented the prototype software which found the reported bugs. We will improve our approach and supporting tools. Thanks!