CSR verification allows invalid ASN.1 #22068
Comments
tcarmelveilleux
added a commit
to tcarmelveilleux/connectedhomeip
that referenced
this issue
Aug 22, 2022
- SDK's CSR verification (VerifyCertificateSigningRequest) allowed trailing garbage past the end of the buffer if the primary SEQUENCE element is OK and checks-out. This is looser enforcement than some crypto libraries which expect a CSR to be 100% valid ASN.1 DER and have no unnecessary bytes or otherwise unparsable bytes. Fixes project-chip#22068 This PR: - Adds validity checks for size and basic format that catches the problem. - Adds unit tests that use externally generated CSRs to validate the `VerifyCertificateSigningRequest` logic, rather than only relying on round-trips with generation. Testing done: - Added new unit tests. Existing unit tests pass - Tested under OpenSSL, BoringSSL and mbedTLS
tcarmelveilleux
added a commit
that referenced
this issue
Aug 23, 2022
* Add missing validity checks to CSR verification - SDK's CSR verification (VerifyCertificateSigningRequest) allowed trailing garbage past the end of the buffer if the primary SEQUENCE element is OK and checks-out. This is looser enforcement than some crypto libraries which expect a CSR to be 100% valid ASN.1 DER and have no unnecessary bytes or otherwise unparsable bytes. Fixes #22068 This PR: - Adds validity checks for size and basic format that catches the problem. - Adds unit tests that use externally generated CSRs to validate the `VerifyCertificateSigningRequest` logic, rather than only relying on round-trips with generation. Testing done: - Added new unit tests. Existing unit tests pass - Tested under OpenSSL, BoringSSL and mbedTLS * Fix docs typo
github-actions bot
pushed a commit
that referenced
this issue
Aug 23, 2022
* Add missing validity checks to CSR verification - SDK's CSR verification (VerifyCertificateSigningRequest) allowed trailing garbage past the end of the buffer if the primary SEQUENCE element is OK and checks-out. This is looser enforcement than some crypto libraries which expect a CSR to be 100% valid ASN.1 DER and have no unnecessary bytes or otherwise unparsable bytes. Fixes #22068 This PR: - Adds validity checks for size and basic format that catches the problem. - Adds unit tests that use externally generated CSRs to validate the `VerifyCertificateSigningRequest` logic, rather than only relying on round-trips with generation. Testing done: - Added new unit tests. Existing unit tests pass - Tested under OpenSSL, BoringSSL and mbedTLS * Fix docs typo
woody-apple
added a commit
that referenced
this issue
Aug 24, 2022
* Add missing validity checks to CSR verification - SDK's CSR verification (VerifyCertificateSigningRequest) allowed trailing garbage past the end of the buffer if the primary SEQUENCE element is OK and checks-out. This is looser enforcement than some crypto libraries which expect a CSR to be 100% valid ASN.1 DER and have no unnecessary bytes or otherwise unparsable bytes. Fixes #22068 This PR: - Adds validity checks for size and basic format that catches the problem. - Adds unit tests that use externally generated CSRs to validate the `VerifyCertificateSigningRequest` logic, rather than only relying on round-trips with generation. Testing done: - Added new unit tests. Existing unit tests pass - Tested under OpenSSL, BoringSSL and mbedTLS * Fix docs typo Co-authored-by: Tennessee Carmel-Veilleux <[email protected]> Co-authored-by: Andrei Litvin <[email protected]>
isiu-apple
pushed a commit
to isiu-apple/connectedhomeip
that referenced
this issue
Sep 16, 2022
* Add missing validity checks to CSR verification - SDK's CSR verification (VerifyCertificateSigningRequest) allowed trailing garbage past the end of the buffer if the primary SEQUENCE element is OK and checks-out. This is looser enforcement than some crypto libraries which expect a CSR to be 100% valid ASN.1 DER and have no unnecessary bytes or otherwise unparsable bytes. Fixes project-chip#22068 This PR: - Adds validity checks for size and basic format that catches the problem. - Adds unit tests that use externally generated CSRs to validate the `VerifyCertificateSigningRequest` logic, rather than only relying on round-trips with generation. Testing done: - Added new unit tests. Existing unit tests pass - Tested under OpenSSL, BoringSSL and mbedTLS * Fix docs typo
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
SDK's CSR verification (
VerifyCertificateSigningRequest) allows trailing garbage pastthe end of the buffer if the primary SEQUENCE element is OK and checks-out. This is
looser enforcement than some crypto libraries which expect a CSR to be 100% valid ASN.1
DER and have no unnecessary bytes or otherwise unparsable bytes.
It was found that one CryptoPAL backend (CHIPCryptoPALPsaEfr32.cpp) did not
resize its output buffer, leading to a valid CSR followed by zero bytes. This failed
verification in at least one integration of the SDK using state of the art crypto libraries.
Proposed Solution
The text was updated successfully, but these errors were encountered: