libspdm_x509_verify_cert_chain fails with same x509 certificate data with openssl 1.1.1q but pass with openssl 1.1.1l

[PrakashK94]

LIBSPDM 2.0.0 tag uses openssl 1.1.1l is able to validate x509 certificate where as LIBSPDM 2.3.0 tag which uses openssl 1.1.1q is not able to validate same x509 certifcate.

Is this a known issue?

[steven-bellock]

It is not a known issue. What exactly is failing?

[PrakashK94]

In this file libspdm/os_stub/openssllib/openssl/crypto/x509/x509_vfy.c file, static int build_chain(X509_STORE_CTX *ctx); static int check_chain_extensions(X509_STORE_CTX *ctx); The above two function returns 0, thus it doesn't proceed to validate chain.

[steven-bellock]

Looks like you might have hit https://www.openssl.org/news/vulnerabilities.html#CVE-2021-3450 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b

[PrakashK94]

How to fix this then?

[steven-bellock]

Actually

Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used.

was introduced in 1.1.1h, so if that was the issue it should have been present in 1.1.1l. And it says that X509_V_FLAG_X509_STRICT is disabled by default, and I don't think libspdm enables it. (Maybe it should.)

How to fix this then?

Figure out exactly where in check_chain_extensions the failure is.

[PrakashK94]

I found the place where it fails, even after giving the correct buffers in openssllib functions.

static int build_chain(X509_STORE_CTX *ctx)
This line, returns ok = 0 because of that it fails, ok = (depth < num) ? 0 : get_issuer(&xtmp, ctx, x);

 static int check_chain_extensions(X509_STORE_CTX *ctx);
 x = sk_X509_value(ctx->chain, i);
         if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
             && (x->ex_flags & EXFLAG_CRITICAL)) {
             if (!verify_cb_cert(ctx, x, i,
                                 X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION))
             {
                 return 0;
             }
         }

verify_cb_cert fails in check_chain_extensions function.

But when I updated SPDM responder validator tool to use LIBSPDM 2.0.0 code base, libspdm_x509_verify_cert_chain function passed since it uses openssl 1.1.1l. So, it looks like even afer providing the same certificate data, SPDM responder validator tool fails when it uses LIBSPDM latest code base which uses openssl 1.1.1q.

[jyao1]

It seems check is done by openssl. Not sure what libspdm needs to do, unless it is configuration.

Need root-cause at first.

[PrakashK94]

Do you have test certificate chain that has been validated with SPDM responder validator tool which uses openssl 1.1.1q?

[jyao1]

Yes, please refer to https://github.com/DMTF/libspdm/tree/main/unit_test/sample_key.

[PrakashK94]

Test certificates are not present in this format right?

[steven-bellock]

Correct, for SPDM you need to append that information.

[PrakashK94]

I checked with this certificate chain after adding the certificate chain header,

https://github.com/DMTF/libspdm/blob/main/unit_test/sample_key/ecp384/bundle_responder.certchain.der

still it doesn't work. Certificate verification was not passed with LIBSPDM 2.3.0 code base which uses openssl 1.1.1q but it is passed with LIBSPDM 2.0.0 which uses openssl 1.1.1l

[jyao1]

1/23/2023 - in unit test, we use

uint32_t m_libspdm_use_asym_algo =
    SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256;
uint16_t m_libspdm_use_req_asym_algo = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048;

Need try ECDSA_ECC_NIST_P384

[xiangfeima]

1/31/2023 update Recently I tried most algorithms that libspdm supports but I can not reproduce this issue. Latest libspdm with openssl 1.1.1q + test cert chains in UT folder works for me.

BTW there are some issues in libspdm unit test code blocking the change of default asym algo uint32_t m_libspdm_use_asym_algo = SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256; for testing. I will file another ticket. (confirmed the issue is just about UT code itself).