Fix bug checking pathlen on first intermediate

Remove check on the pathLenConstraint value when looking for a parent to the EE cert, as the constraint is on the number of intermediate certs below the parent, and that number is always 0 at that point, so the constraint is always satisfied. The check was actually off-by-one, which caused valid chains to be rejected under the following conditions: - the parent certificate is not a trusted root, and - it has pathLenConstraint == 0 (max_pathlen == 1 in our representation) fixes #280
2024-10-18 12:21:04 +00:00 · 2015-11-19 09:23:06 +01:00 · 2015-11-19 09:23:06 +01:00 · f4569b14c4
parent 8b4331aa56
commit f4569b14c4
2 changed files with 7 additions and 10 deletions
--- a/7
+++ b/7
@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)

+= mbed TLS 2.x branch
+
+Bugfix
+   * Fix bug in certificate validation that caused valid chains to be rejected
+     when the first intermediate certificate has pathLenConstraint=0. Found by
+     Nicholas Wilson. Introduced in mbed TLS 2.2.0. #280
+
 = mbed TLS 2.2.0 released 2015-11-04

 Security
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -2253,18 +2253,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
    {
        /* Look for a parent upwards the chain */
        for( parent = crt->next; parent != NULL; parent = parent->next )
-        {
-            /* +2 because the current step is not yet accounted for
-             * and because max_pathlen is one higher than it should be */
-            if( parent->max_pathlen > 0 &&
-                parent->max_pathlen < 2 + pathlen )
-            {
-                continue;
-            }
-
            if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
                break;
-        }

        /* Are we part of the chain or at the top? */
        if( parent != NULL )