Use the private key from X509V3_set_issuer_pkey only as an override

when authorityKeyIdentifier=keyid is used, the private key if
available, is simply used as an unconditional override to the
SKID in the issuer certificate, when the issuer certificate is
the same as the subject certificate.
This restores the semantics of authorityKeyIdentifier=keyid in
config files to the previous versions, where it was a best effort,
while still keeping the default when that extension is not defined
by the config file.

Author: bernd-edlinger

crypto/x509/v3_akid.c

@@ -107,7 +107,6 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
     ASN1_INTEGER *serial = NULL;
     X509_EXTENSION *ext;
     X509 *issuer_cert;
-    int self_signed = 0;
     AUTHORITY_KEYID *akeyid = AUTHORITY_KEYID_new();
 
     if (akeyid == NULL)
@@ -157,15 +156,8 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         goto err;
     }
 
-    if (ctx->subject_cert != NULL && ctx->issuer_pkey != NULL) {
-        ERR_set_mark();
-        self_signed = X509_check_private_key(ctx->subject_cert,
-                                             ctx->issuer_pkey);
-        ERR_pop_to_mark();
-    }
-
-    /* unless forced with "always", AKID is suppressed for self-signed certs */
-    if (keyid == 2 || (keyid == 1 && !self_signed)) {
+    /* unless forced with "always", AKID is optional */
+    if (keyid != 0) {
         /*
          * prefer any pre-existing subject key identifier of the issuer cert
          * except issuer cert is same as subject cert and private key is given
@@ -193,7 +185,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         }
     }
 
-    if (issuer == 2 || (issuer == 1 && ikeyid == NULL && !self_signed)) {
+    if (issuer == 2 || (issuer == 1 && ikeyid == NULL)) {
         isname = X509_NAME_dup(X509_get_issuer_name(issuer_cert));
         serial = ASN1_INTEGER_dup(X509_get0_serialNumber(issuer_cert));
         if (isname == NULL || serial == NULL) {

test/recipes/25-test_req.t

@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_req");
 
-plan tests => 116;
+plan tests => 117;
 
 require_ok(srctop_file('test', 'recipes', 'tconversion.pl'));
 
@@ -612,7 +612,7 @@ has_AKID($cert, 0); # forced no AKID
 
 $cert = "self-signed_v3_CA_explicit_AKID.pem";
 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid");
-has_AKID($cert, 0); # for self-signed cert, AKID suppressed and not forced
+has_AKID($cert, 1); # for self-signed cert, AKID present but not forced
 
 $cert = "self-signed_v3_CA_forced_AKID.pem";
 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid:always");
@@ -621,19 +621,20 @@ strict_verify($cert, 1);
 
 $cert = "self-signed_v3_CA_issuer_AKID.pem";
 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer");
-has_AKID($cert, 0); # suppressed AKID since not forced
+cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # for self-signed cert, AKID=issuer present as requested and possible
 
 $cert = "self-signed_v3_CA_forced_issuer_AKID.pem";
 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = issuer:always");
 cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # forced issuer AKID
 
 $cert = "self-signed_v3_CA_nonforced_keyid_issuer_AKID.pem";
 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid, issuer");
-has_AKID($cert, 0); # AKID not present because not forced and cert self-signed
+has_AKID($cert, 1); # for self-signed cert, AKID=keyid present as requested and possible
+cert_contains($cert, "Authority Key Identifier: .*DirName:/CN=CA serial:", 0); # but no issuer AKID (as not forced)
 
 $cert = "self-signed_v3_CA_keyid_forced_issuer_AKID.pem";
 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid, issuer:always");
-cert_contains($cert, "Authority Key Identifier: DirName:/CN=CA serial:", 1); # issuer AKID forced, with keyid not forced
+cert_contains($cert, "Authority Key Identifier: keyid:.* DirName:/CN=CA serial:", 1); # issuer AKID forced, with keyid not forced
 
 $cert = "self-signed_v3_CA_forced_keyid_issuer_AKID.pem";
 generate_cert($cert, @v3_ca, "-addext", "authorityKeyIdentifier = keyid:always, issuer");