From: tb Date: Mon, 14 Aug 2023 08:25:26 +0000 (+0000) Subject: Check SignedData and SignerInfo versions to be 3 X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=de232e1d14ba1a9c32917edf7e1166cea921d743;p=openbsd Check SignedData and SignerInfo versions to be 3 This adds two missing checks required by RFC 6488, section 3. ok job --- diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c index 43d0537fa32..2cc93bc0da4 100644 --- a/usr.sbin/rpki-client/cms.c +++ b/usr.sbin/rpki-client/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.38 2023/06/29 10:28:25 tb Exp $ */ +/* $OpenBSD: cms.c,v 1.39 2023/08/14 08:25:26 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -100,6 +100,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, const ASN1_OBJECT *obj, *octype; ASN1_OCTET_STRING *kid = NULL; CMS_ContentInfo *cms; + long version; STACK_OF(X509) *certs = NULL; STACK_OF(X509_CRL) *crls; STACK_OF(CMS_SignerInfo) *sinfos; @@ -142,7 +143,6 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, } /* RFC 6488 section 3 verify the CMS */ - /* the version of SignedData and SignerInfos can't be verified */ /* Should only return NULL if cms is not of type SignedData. */ if ((sinfos = CMS_get0_SignerInfos(cms)) == NULL) { @@ -161,6 +161,23 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, } si = sk_CMS_SignerInfo_value(sinfos, 0); + if (!CMS_get_version(cms, &version)) { + warnx("%s: Failed to retrieve SignedData version", fn); + goto out; + } + if (version != 3) { + warnx("%s: SignedData version %ld != 3", fn, version); + goto out; + } + if (!CMS_SignerInfo_get_version(si, &version)) { + warnx("%s: Failed to retrieve SignerInfo version", fn); + goto out; + } + if (version != 3) { + warnx("%s: SignerInfo version %ld != 3", fn, version); + goto out; + } + nattrs = CMS_signed_get_attr_count(si); if (nattrs <= 0) { warnx("%s: RFC 6488: error extracting signedAttrs", fn);