From 2fe0da7947cb4053e10607da929896fbdd7391ad Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 22 Jan 2025 14:27:22 +0000 Subject: [PATCH 1/3] Add X.509 formatting validation to SECURITY.md Clarify that strict formatting of X.509 certificates is not checked by Mbed TLS and that it therefore should not be used to construct a CA. Signed-off-by: David Horstmann --- SECURITY.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 9506eb9134..8f8ad295ee 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -144,3 +144,17 @@ Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).) The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` configuration option is defined. This option is off by default. + +#### Formatting of X.509 certificates and certificate signing requests + +When parsing X.509 certificates and certificate signing requests (CSRs), +Mbed TLS does not check that they are strictly compliant with X.509 and other +relevant standards. In the case of signed certificates, the signing party is +assumed to have performed this validation (and the certificate is trusted to +be correctly formatted as long as the signature is correct). +Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. + +**Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra +validation is performed separately to ensure that they are compliant to the +relevant specifications. This makes Mbed TLS on its own unsuitable use in a +Certificate Authority (CA). From faa1a0fe50867255ce69180176ade4e6d85f7010 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 22 Jan 2025 14:48:58 +0000 Subject: [PATCH 2/3] Add paragraph on undefined behaviour Add a note that we do aim to protect against undefined behaviour and undefined behaviour in certificate parsing is in scope. Signed-off-by: David Horstmann --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 8f8ad295ee..00d4aed349 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -158,3 +158,8 @@ Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. validation is performed separately to ensure that they are compliant to the relevant specifications. This makes Mbed TLS on its own unsuitable use in a Certificate Authority (CA). + +However, Mbed TLS aims to protect against memory corruption and other +undefined behavior when parsing certificates and CSRs. If a CSR or signed +certificate causes undefined behavior when it is parsed by Mbed TLS, that +is considered a security vulnerability. From 0704fbf1eb89134ec30d677d615998b6309b3bb1 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 23 Jan 2025 10:28:06 +0000 Subject: [PATCH 3/3] Fix missing-word typo Signed-off-by: David Horstmann --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 00d4aed349..4682f7aacc 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -156,8 +156,8 @@ Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. **Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra validation is performed separately to ensure that they are compliant to the -relevant specifications. This makes Mbed TLS on its own unsuitable use in a -Certificate Authority (CA). +relevant specifications. This makes Mbed TLS on its own unsuitable for use in +a Certificate Authority (CA). However, Mbed TLS aims to protect against memory corruption and other undefined behavior when parsing certificates and CSRs. If a CSR or signed