Bug 1035414, Part 2: Always check subject's issuer matches issuer's subject, r=jcj

--HG-- extra : rebase_source : a75eca6ed909fa4f241b1a736656b7e8c99eb3ea
2024-09-13 09:24:08 -07:00 · 2014-12-26 10:13:18 -08:00 · 2014-12-26 10:13:18 -08:00 · e3671889ff
commit e3671889ff
parent 68fac13f07
2 changed files with 18 additions and 4 deletions
--- a/security/pkix/include/pkix/pkixtypes.h
+++ b/security/pkix/include/pkix/pkixtypes.h
@ -218,8 +218,6 @@ public:
  // call checker.Check with the DER encoding of the potential issuer
  // certificate. The implementation must follow these rules:
  //
-  // * The subject name of the certificate given to checker.Check must be equal
-  //   to encodedIssuerName.
  // * The implementation must be reentrant and must limit the amount of stack
  //   space it uses; see the note on reentrancy and stack usage below.
  // * When checker.Check does not return SECSuccess then immediately return
@ -255,6 +253,13 @@ public:
  //
  // checker.Check is responsible for limiting the recursion to a reasonable
  // limit.
+  //
+  // checker.Check will verify that the subject's issuer field matches the
+  // potential issuer's subject field. It will also check that the potential
+  // issuer is valid at the given time. However, if the FindIssuer
+  // implementation has an efficient way of filtering potential issuers by name
+  // and/or validity period itself, then it is probably better for performance
+  // for it to do so.
  virtual Result FindIssuer(Input encodedIssuerName,
                            IssuerChecker& checker, Time time) = 0;

--- a/security/pkix/lib/pkixbuild.cpp
+++ b/security/pkix/lib/pkixbuild.cpp
@ -139,8 +139,17 @@ PathBuildingStep::Check(Input potentialIssuerDER,
    return RecordResult(rv, keepGoing);
  }

-  // RFC5280 4.2.1.1. Authority Key Identifier
-  // RFC5280 4.2.1.2. Subject Key Identifier
+  // Simple TrustDomain::FindIssuers implementations may pass in all possible
+  // CA certificates without any filtering. Because of this, we don't consider
+  // a mismatched name to be an error. Instead, we just pretend that any
+  // certificate without a matching name was never passed to us. In particular,
+  // we treat the case where the TrustDomain only asks us to check CA
+  // certificates with mismatched names as equivalent to the case where the
+  // TrustDomain never called Check() at all.
+  if (!InputsAreEqual(potentialIssuer.GetSubject(), subject.GetIssuer())) {
+    keepGoing = true;
+    return Success;
+  }

  // Loop prevention, done as recommended by RFC4158 Section 5.2
  // TODO: this doesn't account for subjectAltNames!