)]}'
{
  "commit": "28226f584e8fb65eb8730721dcb5001f2a072efc",
  "tree": "24e1184a1fd67e6c909262fa5c5ff53babd53b0c",
  "parents": [
    "fca688f26b939db9c9981204373cecbd108b5d6c"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Wed Mar 29 14:04:44 2023 +0900"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Thu Mar 30 04:56:45 2023 +0000"
  },
  "message": "Fix handling of critical X.509 policy constraints\n\nIf we see a critical policy constraints extension, we have two options:\nWe can either process it, which requires running policy validation, or\nreject the certificate. We and OpenSSL do neither by default, which\nmeans we may accept certificate chains that we weren\u0027t supposed to.\n\nThis fixes it by enabling X.509 policy validation unconditionally and\nmakes X509_V_FLAG_POLICY_CHECK moot. As a side effect, callers no longer\nneed to do anything for CVE-2023-0466.\n\nThis is the opposite of [0]\u0027s advice, which instead recommends skipping\nthe feature and rejecting critical policy contraints. That would be a\ngood move for a new X.509 implementation. Policy validation is\nbadly-designed, even by X.509\u0027s standards. But we have OpenSSL\u0027s history\nof previously accepting critical policy constraints (even though it\ndidn\u0027t check it). I also found at least one caller that tests a chain\nwith policy constraints, albeit a non-critical one.\n\nWe now have an efficient policy validation implementation, so just\nenable it.\n\nOf course, fixing this bug in either direction has compatibility risks:\neither we take on the compat risk of being newly incompatible with\npolicyConstraints-using PKIs, or we take on the compat risk of newly\nrejecting certificates that were invalid due to a policy validation\nerror, but no one noticed. The latter case seems safer because the chain\nis unambiguously invalid.\n\nUpdate-Note: X.509 certificate verification (not parsing) will now\nnotice policy-validation-related errors in the certificate chain. These\ninclude syntax errors in policy-related extensions, and chains with a\nrequireExplicitPolicy policy constraint that are valid for no\ncertificate policies. Such chains are unambiguously invalid. We just did\nnot check it before by default. This is an obscure corner of X.509 and\nnot expected to come up in most PKIs.\n\n[0] https://www.ietf.org/archive/id/draft-davidben-x509-policy-graph-01.html#section-3.4.4\n\nFixed: 557\nChange-Id: Icc00c7797bb95fd3b14570eb068543fd83cda7b9\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58426\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "76be6a08a9d284ca0abb2e00d9736c1b45c85404",
      "old_mode": 33188,
      "old_path": "crypto/x509/test/make_policy_certs.go",
      "new_id": "b1c5a60efeedcf2ebf846f3e8b87f5c859f133d4",
      "new_mode": 33188,
      "new_path": "crypto/x509/test/make_policy_certs.go"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "13ad7cec0175d97952b7a3f6342a755b23d387d5",
      "new_mode": 33188,
      "new_path": "crypto/x509/test/policy_leaf_none.pem"
    },
    {
      "type": "modify",
      "old_id": "03f5d1905b3916788f2ad25480d83b3ffcdbe48e",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_test.cc",
      "new_id": "056d56a4b356aefbf4ad55e2968db857b1b3d22b",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_test.cc"
    },
    {
      "type": "modify",
      "old_id": "fe6c596510ee47faeba045f070e7de2e77edc139",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_vfy.c",
      "new_id": "ea9ff3c6c280949eb8c31951a5b293fd86f574ce",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_vfy.c"
    },
    {
      "type": "modify",
      "old_id": "57c9bc0c8b576a22219ce55afc157da8a2ce9975",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_vpm.c",
      "new_id": "583b4a050b9bf21bc5a2ac9b145bf591f3fdf6e8",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_vpm.c"
    },
    {
      "type": "modify",
      "old_id": "69d1e00c1f641cf4d228d0b62e3e010e2c19373c",
      "old_mode": 33188,
      "old_path": "include/openssl/x509.h",
      "new_id": "9e9e5b179ac6bafc1f2d05878214a328fc381e99",
      "new_mode": 33188,
      "new_path": "include/openssl/x509.h"
    },
    {
      "type": "modify",
      "old_id": "f220651e70ccb158237509ff062477945b9e727a",
      "old_mode": 33188,
      "old_path": "sources.cmake",
      "new_id": "dad834d6ff594134a42d4579bbeedcd97bf2939e",
      "new_mode": 33188,
      "new_path": "sources.cmake"
    }
  ]
}
