diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2016-02-23 14:00:03 +0000 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-02-23 10:16:15 -0500 |
commit | c436c990f68938fdda1f2bd703bf0cd8dbfa49d2 (patch) | |
tree | cbda954ffd537a0754b2e78a7c709389b6b581e0 /crypto/pkcs7 | |
parent | f78baa9d715a00cb691c3c74791308fb131a833c (diff) |
RT4175: Fix PKCS7_verify() regression with Authenticode signatures
This is a partial revert of commit c8491de39 ("GH354: Memory leak fixes"),
which was cherry-picked from commit 55500ea7c in OpenSSL 1.1.
That commit introduced a change in behaviour which is a regression for
software implementing Microsoft Authenticode — which requires a PKCS#7
signature to be validated against explicit external data, even though
it's a non-detached signature with its own embedded data.
The is fixed differently in OpenSSL 1.1 by commit 6b2ebe433 ("Add
PKCS7_NO_DUAL_CONTENT flag"), but that approach isn't viable in the
1.0.2 stable branch, so just comment the offending check back out again.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/pkcs7')
-rw-r--r-- | crypto/pkcs7/pk7_smime.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index c4d3724d2a..dc9b484078 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -274,12 +274,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); return 0; } +#if 0 + /* + * NB: this test commented out because some versions of Netscape + * illegally include zero length content when signing data. Also + * Microsoft Authenticode includes a SpcIndirectDataContent data + * structure which describes the content to be protected by the + * signature, rather than directly embedding that content. So + * Authenticode implementations are also expected to use + * PKCS7_verify() with explicit external data, on non-detached + * PKCS#7 signatures. + * + * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been + * introduced to disable this sanity check. For the 1.0.2 branch + * this change is not acceptable, so the check remains completely + * commented out (as it has been for a long time). + */ /* Check for data and content: two sets of data */ if (!PKCS7_get_detached(p7) && indata) { PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); return 0; } +#endif sinfos = PKCS7_get_signer_info(p7); |