From krb5-bugs-incoming-bounces@PCH.mit.edu Tue Sep 14 14:58:50 2010 Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id BB4663E644; Tue, 14 Sep 2010 14:58:50 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o8EIwoJY022061; Tue, 14 Sep 2010 14:58:50 -0400 Received: from mailhub-dmz-2.mit.edu (MAILHUB-DMZ-2.MIT.EDU [18.7.62.37]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o82N2Uac029839 for ; Thu, 2 Sep 2010 19:02:30 -0400 Received: from dmz-mailsec-scanner-5.mit.edu (DMZ-MAILSEC-SCANNER-5.MIT.EDU [18.7.68.34]) by mailhub-dmz-2.mit.edu (8.13.8/8.9.2) with ESMTP id o82N2QI7008318 for ; Thu, 2 Sep 2010 19:02:30 -0400 X-AuditID: 12074422-b7bbfae000005e9b-63-4c802d0140df Received: from mx1.redhat.com ( [209.132.183.28]) by dmz-mailsec-scanner-5.mit.edu (Symantec Brightmail Gateway) with SMTP id 3F.E7.24219.20D208C4; Thu, 2 Sep 2010 19:02:26 -0400 (EDT) Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o82N2SlH017689 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 2 Sep 2010 19:02:28 -0400 Received: from blade.bos.redhat.com (blade.bos.redhat.com [10.16.0.23]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o82N2RqD014979 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 2 Sep 2010 19:02:28 -0400 Received: from blade.bos.redhat.com (blade.bos.redhat.com [127.0.0.1]) by blade.bos.redhat.com (8.14.4/8.14.3) with ESMTP id o82N2RP6015404 for ; Thu, 2 Sep 2010 19:02:27 -0400 Received: (from nalin@localhost) by blade.bos.redhat.com (8.14.4/8.14.4/Submit) id o82N2RKG015402; Thu, 2 Sep 2010 19:02:27 -0400 Date: Thu, 2 Sep 2010 19:02:27 -0400 Message-Id: <201009022302.o82N2RKG015402@blade.bos.redhat.com> To: krb5-bugs@mit.edu Subject: pkinit evaluation during certificate matching may fail From: nalin@redhat.com X-send-pr-version: 3.99 X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Brightmail-Tracker: AAAAAA== X-Mailman-Approved-At: Tue, 14 Sep 2010 14:58:48 -0400 X-BeenThere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: nalin@redhat.com Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu >Submitter-Id: net >Originator: >Organization: >Confidential: no >Synopsis: pkinit evaluation during certificate matching may fail >Severity: non-critical >Priority: medium >Category: krb5-libs >Class: sw-bug >Release: 1.8.3 >Environment: System: Linux blade.bos.redhat.com 2.6.34-43.fc14.x86_64 #1 SMP Thu Jun 17 10:32:12 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux Architecture: x86_64 >Description: When the pkinit plugin's crypto_retieve_X509_key_usage() function goes to read the value of a certificate's key usage extension, it doesn't adequately ensure that the certificate's ex_flags and ex_kusage fields, which the ku_reject() macro checks, have been set. As a result, ku_reject() can ignore the keyUsage value in the certificate. >How-To-Repeat: I tracked down the problem by placing these two certificates in the same directory, generating dummy keys by piping the output of "openssl genrsa" to the right files, and passing -X X509_user_identity=DIR:... to kinit (dummy keys were used because the correct private keys live on a smart card, and I wasn't able to get them from the original reporter of the bug). The current logic was accepting both of these certificates as matches for the rule "digitalSignature". -----BEGIN CERTIFICATE----- MIIDOjCCAiKgAwIBAgICAeEwDQYJKoZIhvcNAQELBQAwQTEfMB0GA1UEChMWSWRt TGFiQm9zUmVkaGF0IERvbWFpbjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9y aXR5MB4XDTEwMDgxNzE5MzEzMFoXDTE1MDgxNjE5MzEzMFowMTEXMBUGA1UEChMO VG9rZW4gS2V5IFVzZXIxFjAUBgoJkiaJk/IsZAEBEwZ0ZXN0ZXIwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAILMo0xisvELL3TdwzuWcPHhbwsDxmdiF/XYaSc4 L4xGaV4yQ7AaWMy2Ele5bIv16WI00Ck+1x8IxpFQU+DAVMnxFH31e+Kkhc2EGDfI zDuzKXub91EKCNrIrghJMeilayMCFFttJdC50BTo7p515zLCt0BYmh0s9cneJ/CX vGhtAgMBAAGjgc8wgcwwDgYDVR0PAQH/BAQDAgbAMB8GA1UdEQQYMBaBFHRlc3Rl cjc3Nzc3N0Bhb2wuY29tMB0GA1UdDgQWBBTpJoowAHH1bt5qjvKXneXWEVfYtDAf BgNVHSMEGDAWgBQJUJr6a31sFCGjZIevwUSP7svjIDAJBgNVHRMEAjAAME4GCCsG AQUFBwEBBEIwQDA+BggrBgEFBQcwAYYyaHR0cDovL3N0ZXJvcGUuaWRtLmxhYi5i b3MucmVkaGF0LmNvbTo5MTgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBACHk dSGzYKo6obDtWbwllmIFBqA6sgVJzsqYEIXlgEpU+Na9fmDnU3VSEggy5Qz6ybxY m1EbQjBG86Mn7MVOB24qtRMhH/G6m1YymCVoHSYQ1/sBbjGdpwrnuUSyJZjtJHb4 QRCCBw+uXDFK2fibgZiOGIITS3i6jPPN2zhtM6QGC7EMeRXs2YKZTyUZz2Fbj3d6 3xCN2woCma+cu8FKoEQC8SLSaE+3JIySCK/dMmsbleQCTyGg4LuKxXl7mGzWsikv sDNAKYNcXxRYvCxy6hmdW3pFkqv4C8IyzATEcleqXZaTtTDI+r21dLsbd6CGFlNn KKzEdbzWWzOBE8JrplQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDOjCCAiKgAwIBAgICAeIwDQYJKoZIhvcNAQELBQAwQTEfMB0GA1UEChMWSWRt TGFiQm9zUmVkaGF0IERvbWFpbjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9y aXR5MB4XDTEwMDgxNzE5MzEzMVoXDTE1MDgxNjE5MzEzMVowMTEXMBUGA1UEChMO VG9rZW4gS2V5IFVzZXIxFjAUBgoJkiaJk/IsZAEBEwZ0ZXN0ZXIwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBALrIyrY/j6z4/xt4p7QjiwyogD8SNzD+rS+VBl5J RRrZACSgKcS11mNcx22bDX517M7tsKBRPzbl8oUXl4YI4nYA9R0vjU9I2GelYBX9 NxkpPx8ncS08Vlb9k0o82IxxTj8EdCcYzTY62g0BuT1FSgKxF6oRODVkJ8ByXjej 9tsxAgMBAAGjgc8wgcwwDgYDVR0PAQH/BAQDAgUgMB8GA1UdEQQYMBaBFHRlc3Rl cjc3Nzc3N0Bhb2wuY29tMB0GA1UdDgQWBBQyNtmOl4YYJW8hrXjBB2FRPTcXGjAf BgNVHSMEGDAWgBQJUJr6a31sFCGjZIevwUSP7svjIDAJBgNVHRMEAjAAME4GCCsG AQUFBwEBBEIwQDA+BggrBgEFBQcwAYYyaHR0cDovL3N0ZXJvcGUuaWRtLmxhYi5i b3MucmVkaGF0LmNvbTo5MTgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBACcg YIWnjbnn1Fzyk3Bu/Fhm7KYwaLsCsLWORoZhqitA5pvkhnELa2mXn/2FIhuxD0aS aavnv6TeDseuQr7ghnJVibpqd/KXhrQLjRJZQ+JQXM0OyEO3slAIIOBcUZlsE7Ja oxsn/x964+WiJVTCb/xSEtcCo0ixI2a7KrU4x8WCjTPQPU7gytWU618NibhIlMri 6r4qwo77P4VGhKRtlCdi+UYcMUac7DoL3wKXbxdO9Af2W3mb3NKkbkzVlUZbyXlE UK6NX0NAyjXjCxetRoGoZew4wNKwtE9rND9FUGTUhW7S8REB3cIh5xAKrUGzjNNa j+pBDOyG3xsPqA/ivyI= -----END CERTIFICATE----- >Fix: It'd probably be better to check the usage bitstring directly, but calling X509_check_ca() causes the right fields to get initialized when built with OpenSSL 1.0.0a. Index: src/plugins/preauth/pkinit/pkinit_crypto_openssl.c =================================================================== --- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c (revision 24286) +++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c (working copy) @@ -2002,6 +2002,7 @@ pkiDebug("%s: found acceptable EKU, checking for digitalSignature\n", __FUNCTION__); /* check that digitalSignature KeyUsage is present */ + X509_check_ca(reqctx->received_cert); if ((usage = X509_get_ext_d2i(reqctx->received_cert, NID_key_usage, NULL, NULL))) { @@ -4548,6 +4549,7 @@ } /* Make sure usage exists before checking bits */ + X509_check_ca(x); usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL); if (usage) { if (!ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))