Drop cached certificate signature validity flag

It seems risky in the context of cross-signed certificates when the
same certificate might have multiple potential issuers.  Also rarely
used, since chains in OpenSSL typically only employ self-signed
trust-anchors, whose self-signatures are not checked, while untrusted
certificates are generally ephemeral.

(Imported from upstream's 0e76014e584ba78ef1d6ecb4572391ef61c4fb51.)

This is in master and not 1.0.2, but having a per-certificate signature
cache when this is a function of signature and issuer seems dubious at
best. Thanks to Viktor Dukhovni for pointing this change out to me.
(And for making the original change upstream, of course.)

Change-Id: Ie692d651726f14aeba6eaab03ac918fcaedb4eeb
Reviewed-on: https://boringssl-review.googlesource.com/8880
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-07-21 02:21:48 +02:00 committed by Adam Langley
parent 84f8551753
commit 00d7a7cee7
3 changed files with 1 additions and 7 deletions

View File

@ -1753,9 +1753,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
* explicitly asked for. It doesn't add any security and just wastes * explicitly asked for. It doesn't add any security and just wastes
* time. * time.
*/ */
if (!xs->valid if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
&& (xs != xi
|| (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
if ((pkey = X509_get_pubkey(xi)) == NULL) { if ((pkey = X509_get_pubkey(xi)) == NULL) {
ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
ctx->current_cert = xi; ctx->current_cert = xi;
@ -1775,8 +1773,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
pkey = NULL; pkey = NULL;
} }
xs->valid = 1;
check_cert: check_cert:
ok = check_cert_time(ctx, xs); ok = check_cert_time(ctx, xs);
if (!ok) if (!ok)

View File

@ -96,7 +96,6 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
switch (operation) { switch (operation) {
case ASN1_OP_NEW_POST: case ASN1_OP_NEW_POST:
ret->valid = 0;
ret->name = NULL; ret->name = NULL;
ret->ex_flags = 0; ret->ex_flags = 0;
ret->ex_pathlen = -1; ret->ex_pathlen = -1;

View File

@ -243,7 +243,6 @@ struct x509_st
X509_CINF *cert_info; X509_CINF *cert_info;
X509_ALGOR *sig_alg; X509_ALGOR *sig_alg;
ASN1_BIT_STRING *signature; ASN1_BIT_STRING *signature;
int valid;
CRYPTO_refcount_t references; CRYPTO_refcount_t references;
char *name; char *name;
CRYPTO_EX_DATA ex_data; CRYPTO_EX_DATA ex_data;