Google Git
Sign in
android / platform / external / boringssl / 2abf8828c54ee7d4372e016d7085cdf3a12125ba
commit2abf8828c54ee7d4372e016d7085cdf3a12125ba[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Aug 24 15:11:58 2021 -0400
committerPete Bentley <prb@google.com>Fri Oct 08 11:00:14 2021 +0100
treee70a5bf03cf5a5c2429a5f177ae484fa94454384
parent23c4ee2a9f07c3abb12367fb14ba6424092940a1 [diff]
Enable X509_V_FLAG_TRUSTED_FIRST by default.

Cherry-picked into mainline-prod from AOSP, see below for
AOSP and upstream notes.

Due to time elapsed since last full BoringSSL merge into
mainline-prod, this CL also includes some extra header file
definitions from upstream. These have no functional impact
but are needed to support the extra tests in this CL.

AOSP Cherry-pick notes:
Cherry-picked into AOSP from
https://boringssl-review.googlesource.com/c/boringssl/+/49745
and
https://boringssl-review.googlesource.com/c/boringssl/+/49746

Cherry-picked outside normal BoringSSL release process to allow
easier cherry-picking to Mainline (see bug for details).

The first cherry-pick is a test-only fix to pick up correct defaults,
the rest of this commit message refers to the second.

The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.

In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:

             Root2
               |
 Root1     Root1Cross
    \         /
    Intermediate
         |
       Leaf

If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)

OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.

Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.

BoringSSL-Bug: 439
Bug: 201667701
Test: atest boringssl_crypto_test
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
(cherry picked from BoringSSL commit 8f5eb80b810ff63d14ad3535cb16f7cb8271a4f5)

Change-Id: Ib75feb0081ced6520f9547ff381ee7b4dee75010
Merged-In: Ib75feb0081ced6520f9547ff381ee7b4dee75010
(cherry picked from commit 7c27ee0dbbee0eedaa53f0a863ab5d70a3be3327)
4 files changed
tree: e70a5bf03cf5a5c2429a5f177ae484fa94454384
  1. ios-aarch64/
  2. ios-arm/
  3. linux-aarch64/
  4. linux-arm/
  5. linux-ppc64le/
  6. linux-x86/
  7. linux-x86_64/
  8. mac-x86/
  9. mac-x86_64/
  10. selftest/
  11. src/
  12. win-aarch64/
  13. win-x86/
  14. win-x86_64/
  15. BUILDsrc/util/BUILD.toplevel
  16. includesrc/include
  17. android-sources.cmake
  18. Android.bp
  19. BORINGSSL_REVISION
  20. BUILD.generated.bzl
  21. BUILD.generated_tests.bzl
  22. crypto-sources.mk
  23. crypto_test_data.cc
  24. err_data.c
  25. eureka.mk
  26. METADATA
  27. MODULE_LICENSE_BSD_LIKE
  28. NOTICE
  29. OWNERS
  30. PREUPLOAD.cfg
  31. rules.mk
  32. sources.bp
  33. sources.mk
  34. UPDATING