From: Ken Goldman Date: Fri, 14 Dec 2018 20:04:04 +0000 (-0500) Subject: Admit unknown pkey types at security level 0 X-Git-Tag: openssl-3.0.0-alpha1~2682 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=baba1545105131fa34068f62928322e99d695ab1;ds=sidebyside Admit unknown pkey types at security level 0 The check_key_level() function currently fails when the public key cannot be extracted from the certificate because its algorithm is not supported. However, the public key is not needed for the last certificate in the chain. This change moves the check for level 0 before the check for a non-NULL public key. For background, this is the TPM 1.2 endorsement key certificate. I.e., this is a real application with millions of certificates issued. The key is an RSA-2048 key. The TCG (for a while) specified Public Key Algorithm: rsaesOaep rather than the commonly used Public Key Algorithm: rsaEncryption because the key is an encryption key rather than a signing key. The X509 certificate parser fails to get the public key. Reviewed-by: Viktor Dukhovni Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7906) --- diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 95a95c6924..bbf61d44b2 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -3232,12 +3232,19 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) EVP_PKEY *pkey = X509_get0_pubkey(cert); int level = ctx->param->auth_level; + /* + * At security level zero, return without checking for a supported public + * key type. Some engines support key types not understood outside the + * engine, and we only need to understand the key when enforcing a security + * floor. + */ + if (level <= 0) + return 1; + /* Unsupported or malformed keys are not secure */ if (pkey == NULL) return 0; - if (level <= 0) - return 1; if (level > NUM_AUTH_LEVELS) level = NUM_AUTH_LEVELS;