Fix non-xsc path in x509_verify_potential_parent()

The combination of two bugs made this unexpectedly work as intended. To
appreciate this, let's first note that

a) check_issued(..., child, parent) checks if child was issued by parent.

b) X509_check_issued(child, parent) checks if parent was issued by child.

Now like in the real world, b) will only be true in unusual circumstances
(child is known not to be self-issued at this point). X509_check_issued()
fails by returning something different from X509_V_OK, so

	return X509_check_issued(child, parent) != X509_V_OK;

will return true if child was issued by parent since then parent was indeed
not issued by child. On the other hand, if child was not issued by parent,
the verifier will notice elsewhere, e.g., in a signature check.

Fix this by reversing the order of child and parent in the above return
line and check for equality instead. This is nearly impossible to detect
in regress.

ok beck

1 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index c7b2219fa9..d3534879b8 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.69 2024/04/08 23:46:21 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.70 2024/06/07 06:21:40 tb Exp $ */
 /*
  * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
  *
@@ -528,7 +528,7 @@ x509_verify_potential_parent(struct x509_verify_ctx *ctx, X509 *parent,
                 return (ctx->xsc->check_issued(ctx->xsc, child, parent));
 
         /* XXX key usage */
-        return X509_check_issued(child, parent) != X509_V_OK;
+        return X509_check_issued(parent, child) == X509_V_OK;
 }
 
 static int