check_chain_extensions(): Require X.509 v3 if extensions are present

Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12478)

crypto/x509/x509_txt.c

@@ -208,6 +208,8 @@ const char *X509_verify_cert_error_string(long n)
         return "Subject Key Identifier marked critical";
     case X509_V_ERR_CA_CERT_MISSING_KEY_USAGE:
         return "CA cert does not include key usage extension";
+    case X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3:
+        return "Using cert extension requires at least X509v3";
 
     default:
         /* Printing an error number into a static buffer is not thread-safe */

crypto/x509/x509_vfy.c

@@ -26,6 +26,7 @@
 #include "x509_local.h"
 
 DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(X509_REVOKED)
 DEFINE_STACK_OF(GENERAL_NAME)
 DEFINE_STACK_OF(X509_CRL)
@@ -585,6 +586,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                 /* Check SKID presence acc. to RFC 5280 section 4.2.1.2 */
                 if ((x->ex_flags & EXFLAG_CA) != 0 && x->skid == NULL)
                     ctx->error = X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER;
+            } else {
+                if (sk_X509_EXTENSION_num(X509_get0_extensions(x)) > 0)
+                    ctx->error = X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3;
             }
         }
         if (ctx->error != X509_V_OK)

include/openssl/x509_vfy.h

@@ -233,6 +233,7 @@ X509_LOOKUP_ctrl_with_libctx((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL    90
 # define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL      91
 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE            92
+# define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3         93
 
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0