Update from 0.9.8-stable.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 15 Jun 2009 15:01:00 +0000 (15:01 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 15 Jun 2009 15:01:00 +0000 (15:01 +0000)
CHANGES
crypto/x509/x509_vfy.c

diff --git a/CHANGES b/CHANGES
index 1b3a16b..cf7c58c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) Don't check self signed certificate signatures in X509_verify_cert():
+     it just wastes time without adding any security. As a useful side effect
+     self signed root CAs with non-FIPS digests are now usable in FIPS mode.
+     [Steve Henson]
+
   *) In dtls1_process_out_of_seq_message() the check if the current message
      is already buffered was missing. For every new message was memory
      allocated, allowing an attacker to perform an denial of service attack
index 9ff66cf..dd4065b 100644 (file)
@@ -1609,7 +1609,11 @@ static int internal_verify(X509_STORE_CTX *ctx)
        while (n >= 0)
                {
                ctx->error_depth=n;
-               if (!xs->valid)
+
+               /* Skip signature check for self signed certificates. It
+                * doesn't add any security and just wastes time.
+                */
+               if (!xs->valid && xs != xi)
                        {
                        if ((pkey=X509_get_pubkey(xi)) == NULL)
                                {
@@ -1619,13 +1623,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                if (!ok) goto end;
                                }
                        else if (X509_verify(xs,pkey) <= 0)
-                               /* XXX  For the final trusted self-signed cert,
-                                * this is a waste of time.  That check should
-                                * optional so that e.g. 'openssl x509' can be
-                                * used to detect invalid self-signatures, but
-                                * we don't verify again and again in SSL
-                                * handshakes and the like once the cert has
-                                * been declared trusted. */
                                {
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
                                ctx->current_cert=xs;