Check that the CMS signing-time isn't after the X.509 notAfter

The CMS signing-time is the purported 'now' from the perspective of the
issuer. It doesn't make sense for an issuer to sign objects that have a
validity window that falls entirely in the past (from the perspective of
the signer). Although CMS signing-time is not a trusted timestamp, it
should never be after X.509 notAfter.

OK tb@

diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c
index 6d9a11f..681a9c8 100644 (file)
--- a/usr.sbin/rpki-client/cms.c
+++ b/usr.sbin/rpki-client/cms.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: cms.c,v 1.32 2023/03/12 11:45:52 tb Exp $ */
+/*     $OpenBSD: cms.c,v 1.33 2023/03/13 19:46:55 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -109,6 +109,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
        int                              i, nattrs, nid;
        int                              has_ct = 0, has_md = 0, has_st = 0,
                                         has_bst = 0;
+       time_t                           notafter;
        int                              rc = 0;
 
        *xp = NULL;
@@ -303,6 +304,14 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
                goto out;
        }
 
+       if (!x509_get_notafter(*xp, fn, &notafter))
+               goto out;
+       if (*signtime > notafter) {
+               warnx("%s: dating issue: CMS signing-time after X.509 notAfter",
+                   fn);
+               goto out;
+       }
+
        if (CMS_SignerInfo_get0_signer_id(si, &kid, NULL, NULL) != 1 ||
            kid == NULL) {
                warnx("%s: RFC 6488: could not extract SKI from SID", fn);