From bb377c8d6c61920d889b961bd5c862eaac8b28e4 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Tue, 25 Aug 2020 16:58:36 +0200
Subject: [PATCH 1/1] check_chain_extensions(): Add check that CA cert includes
 key usage extension

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)
---
 crypto/x509/x509_txt.c     |  2 ++
 crypto/x509/x509_vfy.c     | 12 ++++++++----
 include/openssl/x509_vfy.h |  1 +
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 85782a2f86..9cb6c8b739 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -206,6 +206,8 @@ const char *X509_verify_cert_error_string(long n)
         return "Authority Key Identifier marked critical";
     case X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL:
         return "Subject Key Identifier marked critical";
+    case X509_V_ERR_CA_CERT_MISSING_KEY_USAGE:
+        return "CA cert does not include key usage extension";
 
     default:
         /* Printing an error number into a static buffer is not thread-safe */
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 966733dbb7..e8ca44a903 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -536,10 +536,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                     && (x->ex_flags & EXFLAG_BCONS) != 0
                     && (x->ex_flags & EXFLAG_BCONS_CRITICAL) == 0)
                 ctx->error = X509_V_ERR_CA_BCONS_NOT_CRITICAL;
-            /* Check keyCertSign according to RFC 5280 section 4.2.1.3 */
-            if ((x->ex_flags & EXFLAG_CA) == 0
-                    && (x->ex_kusage & KU_KEY_CERT_SIGN) != 0)
-                ctx->error = X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA;
+            /* Check key usages according to RFC 5280 section 4.2.1.3 */
+            if ((x->ex_flags & EXFLAG_CA) != 0) {
+                if ((x->ex_flags & EXFLAG_KUSAGE) == 0)
+                    ctx->error = X509_V_ERR_CA_CERT_MISSING_KEY_USAGE;
+            } else {
+                if ((x->ex_kusage & KU_KEY_CERT_SIGN) != 0)
+                    ctx->error = X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA;
+            }
             /* Check issuer is non-empty acc. to RFC 5280 section 4.1.2.4 */
             if (X509_NAME_entry_count(X509_get_issuer_name(x)) == 0)
                 ctx->error = X509_V_ERR_ISSUER_NAME_EMPTY;
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 53dff234ce..50ae14f240 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -232,6 +232,7 @@ X509_LOOKUP_ctrl_with_libctx((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_CA_BCONS_NOT_CRITICAL                89
 # define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL    90
 # define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL      91
+# define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
-- 
2.34.1