CA: Add lint/check that leaf Issuer bytes match issuer's Subject bytes #6965
Assignees
Milestone
Comments
|
We're accomplishing this in the ceremony tool. We'd want basically the same thing? |
|
Yep. We could do it directly inside the CA or Issuance package, or we could do it as a zlint, in which case it would need to be configurable. |
pgporada
added a commit
that referenced
this issue
Jun 3, 2024
In #7005 several safety checks were added to the `ceremony` tool: This change extracts the `RawSubject` to `RawIssuer` DER byte comparison into the `//linter` package proper so that it can serve both `//ca` and `//cmd/ceremony`. Adds a helper function `verifyTBSCertificateDeterminism` to `//ca` similar to an existing check in `//cmd/ceremony`. This code is not shared because we want `//cmd/ceremony` to largely stand alone from boulder proper. The helper performs a byte comparison on the `RawTBSCertificate` DER bytes for a given linting certificate and leaf certificate. The goal is to verify that `x509.CreateCertificate` was deterministic and produced identical DER bytes after each signing operation. Fixes #6965
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This idea came out of remediation for https://bugzilla.mozilla.org/show_bug.cgi?id=1838667
One of the x509 requirements is that every cert's Issuer field must be byte-for-byte identical to its issuer's Subject field. The go crypto/x509 CreateCertfiicate function is supposed to guarantee this.
However, we do not have a lint that checks this, because the zlint lints are contextless: we don't have a way to supply the issuer cert to compare the new cert's Issuer bytes against.
Since we're already thinking about lint-like checks which require more context to operate (see #6964 and #6945), we should consider this one too.
The text was updated successfully, but these errors were encountered: