From f4569b14c477efc28f7793246d4ad8877ed941d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
<manuel.pegourie-gonnard@arm.com>
Date: Thu, 19 Nov 2015 09:23:06 +0100
Subject: [PATCH] Fix bug checking pathlen on first intermediate
Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.
The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)
fixes #280
---
ChangeLog | 7 +++++++
library/x509_crt.c | 10 ----------
2 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 8a736f971..6d8a5bca7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 2.x branch
+
+Bugfix
+ * Fix bug in certificate validation that caused valid chains to be rejected
+ when the first intermediate certificate has pathLenConstraint=0. Found by
+ Nicholas Wilson. Introduced in mbed TLS 2.2.0. #280
+
= mbed TLS 2.2.0 released 2015-11-04
Security
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 91e4f50b9..6dc5ad34f 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2253,18 +2253,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
{
/* Look for a parent upwards the chain */
for( parent = crt->next; parent != NULL; parent = parent->next )
- {
- /* +2 because the current step is not yet accounted for
- * and because max_pathlen is one higher than it should be */
- if( parent->max_pathlen > 0 &&
- parent->max_pathlen < 2 + pathlen )
- {
- continue;
- }
-
if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
break;
- }
/* Are we part of the chain or at the top? */
if( parent != NULL )