Verify leaf certificate public key rather then leaving it to the caller #2438
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## x509 #2438 +/- ##
==========================================
- Coverage 78.85% 78.83% -0.03%
==========================================
Files 622 622
Lines 108188 108196 +8
Branches 15359 15361 +2
==========================================
- Hits 85314 85298 -16
- Misses 22220 22245 +25
+ Partials 654 653 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
justsmth
approved these changes
May 29, 2025
justsmth
approved these changes
Jun 3, 2025
samuel40791765
approved these changes
Jun 3, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
OpenSSL's behavior when performing X509 certificate validation is to build the up certificate chain, verify the extensions of the constructed chain, etc, finally proceeding with handling the subjectPublicKeyInfo algorithm and parameters inheritance as appropriate through the chain when applicable per rfc5280. This process will cause OpenSSL to reject certificates when encountering public keys that it doesn't understand, for example unknown / unsupported EC curve names, invalid curve points etc. This includes intermediate and root certificates with such public keys (which would need to be usable to validate the issuer signatures on subjects in the chain etc), but also includes the leaf certificate as it's public key is parsed to determine if it inherits parameters etc.
For AWS-LC this parameter inheritance is not supported (as it was removed by BoringSSL from which we forked), particularly because for key types like EC we only support specific named curves and no custom parameters. So this step of key inheritance does not occur. This means that the certificate subject public keys are not used until validating the issuer signatures through the chain. Root and intermediate certificates with public keys that are not parseable / supported are then rejected at this step, except for the leaf certificate. There was a comment left by BoringSSL in the tests to indicate that the subject public key (for which the EVP_PKEY may be NULL if it was not parseable) is left to be validated by the caller invoking
X509_verify_cert. This means that such a leaf certificate passes validated (correctly validated through the constructed chain, reasonably well formed etc), but still might not actually be useable. But such certificates would have never returned successfully byX509_verify_certif using OpenSSL. This PR realigns AWS-LC to behave similarly to OpenSSL by checking the final leaf certificate for the user, and verifying that it contains a supported public key type.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.