Avoid expensive RFC 3779 checks during cert verification

X509v3_{addr,asid}_is_canonical() check that the ipAddrBlocks and
autonomousSysIds extension conform to RFC 3779. These checks are not
cheap. Certs containing non-conformant extensions should not be
considered valid, so mark them with EXFLAG_INVALID while caching the
extension information in x509v3_cache_extensions(). This way the
expensive check while walking the chains during X509_verify_cert() is
replaced with a cheap check of the extension flags. This avoids a lot
of superfluous work when validating numerous certs with similar chains
against the same roots as is done in rpki-client.

Issue noticed and fix suggested by claudio
ok claudio inoguchi jsing

1 files changed, 5 insertions, 1 deletions

diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index 4d833f73ba..ffd986b4a1 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.14 2022/04/21 04:24:51 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.15 2022/04/21 04:48:12 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -600,9 +600,13 @@ x509v3_cache_extensions(X509 *x)
         x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL);
         if (x->rfc3779_addr == NULL && i != -1)
                 x->ex_flags |= EXFLAG_INVALID;
+        if (!X509v3_addr_is_canonical(x->rfc3779_addr))
+                x->ex_flags |= EXFLAG_INVALID;
         x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, &i, NULL);
         if (x->rfc3779_asid == NULL && i != -1)
                 x->ex_flags |= EXFLAG_INVALID;
+        if (!X509v3_asid_is_canonical(x->rfc3779_asid))
+                x->ex_flags |= EXFLAG_INVALID;
 #endif
 
         for (i = 0; i < X509_get_ext_count(x); i++) {