portable
portable copied to clipboard
libressl
Incorrect results returned when verifying pem file
The results (exit status & output) are incorrect when verifying pem file. I tested Libressl with openssl, and GnuTLS. openssl and GnuTLS returned exit status 1 while libressl returned 0.
Steps to Reproduce:
- build libressl 3.1.0
- run following command
openssl x509 -in $PoC -text -nooutPoC
Here's log
program : Libressl
version : 3.1.0
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=CN, ST=PN, L=CN, O=ON, OU=UN, CN=Herong Yang
Validity
Not Before: Jul 15 21:19:47 2005 GMT
Not After : Aug 14 21:19:47 2005 GMT
Subject: C=CN, ST=PN, L=CN, O=ON, OU=UN, CN=Herong Yang
Subject Public Key Info:
Public Key Algorithm: 1.2.840.113661.1.1.1
Unable to load Public Key
139987847909824:error:06FFF09C:digital envelope routines:CRYPTO_internal:unsupported algorithm:evp/p_lib.c:245:
139987847909824:error:0BFFF06F:x509 certificate routines:CRYPTO_internal:unsupported algorithm:asn1/x_pubkey.c:197:
X509v3 extensions:
X509v3 Subject Key Identifier:
55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04
X509v3 Authority Key Identifier:
0v..U..I+].....h$(G...w..[.Y0W1.0...U....CN1.0...U....PN1.0...U....CN1.0...U.
..ON1.0...U....UN1.0...U....Herong Yang...
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
3f:ba:0c:c1:ae:38:ca:f6:37:16:9c:35:5f:18:79:64:de:27:
0d:46:ad:28:57:b4:62:df:6c:ff:f8:74:17:eb:b6:91:7e:06:
6e:ec:a5:9d:23:e2:6e:5a:6e:c3:09:fa:cf:34:65:70:15:65:
10:3a:6b:0f:b9:ef:6b:64:18:0e
exit status : 0
program : openssl
version : commit 031c9bd3f3e9a02fa126c7dbc47f3d934678a195
unable to load certificate
40:F7:98:96:7E:7F:00:00:error:asn1 encoding routines:c2i_ibuf:illegal zero content:crypto/asn1/a_int.c:154:
40:F7:98:96:7E:7F:00:00:error:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:629:Field=serialNumber, Type=X509_CINF
40:F7:98:96:7E:7F:00:00:error:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:629:Field=cert_info, Type=X509
40:F7:98:96:7E:7F:00:00:error:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:
exit status : 1
program : GnuTLS
version : 3.6.13
Note that no verification profile was selected. In the future the medium profile will be enabled by default.
Use --verify-profile low to apply the default verification of NORMAL priority string.
Loaded system trust (133 CAs available)
Subject: CN=Herong Yang,OU=UN,O=ON,L=CN,ST=PN,C=CN
Issuer: CN=Herong Yang,OU=UN,O=ON,L=CN,ST=PN,C=CN
Signature algorithm: RSA-MD5
Output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. The certificate chain uses expired certificate.
Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. The certificate chain uses expired certificate.
exit status : 1
- Description: Ubuntu 18.04.1 LTS
- Release: 18.04
OpenSSL 1.0.2 (already EOS, though) exits with status 0, too. This behavior appears to remain since OpenSSL 1.0.1. Here is the log by OpenSSL 1.0.2t.
$ eopenssl version
OpenSSL 1.0.2t 10 Sep 2019
$ eopenssl x509 -in poc.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=CN, ST=PN, L=CN, O=ON, OU=UN, CN=Herong Yang
Validity
Not Before: Jul 15 21:19:47 2005 GMT
Not After : Aug 14 21:19:47 2005 GMT
Subject: C=CN, ST=PN, L=CN, O=ON, OU=UN, CN=Herong Yang
Subject Public Key Info:
Public Key Algorithm: 1.2.840.113661.1.1.1
Unable to load Public Key
16486596898208:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239:
16486596898208:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm:x_pubkey.c:148:
X509v3 extensions:
X509v3 Subject Key Identifier:
55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04
X509v3 Authority Key Identifier:
0v..U..I+].....h$(G...w..[.Y0W1.0...U....CN1.0...U....PN1.0...U....CN1.0...U.
..ON1.0...U....UN1.0...U....Herong Yang...
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
3f:ba:0c:c1:ae:38:ca:f6:37:16:9c:35:5f:18:79:64:de:27:
0d:46:ad:28:57:b4:62:df:6c:ff:f8:74:17:eb:b6:91:7e:06:
6e:ec:a5:9d:23:e2:6e:5a:6e:c3:09:fa:cf:34:65:70:15:65:
10:3a:6b:0f:b9:ef:6b:64:18:0e
$ echo $?
0
$
- openssl(1) subcommand x509 (in apps/openssl/x509.c) does not check the return value of X509_print_ex(). (same kind of ignore exist in ca, pkcs7, req, s_server, sess_id)
- X509_print_ex() (in crypto/asn1/t_x509.c) does not return 0 in case of X509_get_pubkey() returns NULL.
Then the inconsistency of x509 return values does not imply the semantic bug?
I tested poc on openssl-3.0.0dev and openssl-1.1.1f (released in 2020-Mar-31)
Here's the openssl-1.1.1f log
$ ./programs/openssl-1.1.1f/apps/openssl version
OpenSSL 1.1.1f 31 Mar 2020
$ ./programs/openssl-1.1.1f/apps/openssl x509 -in outputs/pem1/invalid/id\:000000 -text -noout
unable to load certificate
139892209887040:error:0D0E20DE:asn1 encoding routines:c2i_ibuf:illegal zero content:crypto/asn1/a_int.c:154:
139892209887040:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=serialNumber, Type=X509_CINF
139892209887040:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
139892209887040:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:
exit status: 1
I found this by fuzzing
In this case, command shows error message since Public Key Algorithm value is invalid. But it displays the rest of information in spite of after detecting that bad value. Command had run through from the beginning of x509 to an end, and showed all the info including message for erroneous value. Is this error or success ? I can't tell, but OpenSSL 1.0.x had appeared to treat this case as success.
OpenSSL 1.1.x and above seems to change the behavior around this, and no information is displayed if certificate has wrong value.