Check that the CMS signing-time is not after the MFT's nextUpdate

Issuing manifests whose validity window is entirely in the past, as
observed from the purported CMS signing-time would be a form of backdating.

OK tb@

diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index 5f60896..4c87b99 100644 (file)
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: mft.c,v 1.88 2023/03/13 10:39:03 tb Exp $ */
+/*     $OpenBSD: mft.c,v 1.89 2023/03/13 19:54:36 job Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -414,6 +414,12 @@ mft_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
        if (mft_parse_econtent(cms, cmsz, &p) == 0)
                goto out;
 
+       if (p.res->signtime > p.res->nextupdate) {
+               warnx("%s: dating issue: CMS signing-time after MFT nextUpdate",
+                   fn);
+               goto out;
+       }
+
        rc = 1;
 out:
        if (rc == 0) {