diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-05-20 08:11:47 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-06-13 15:13:21 +0200 |
| commit | 6d934add347c7d07fbe0e7a0ced1fdc9813ad640 (patch) | |
| tree | 7cf3bd10abe93888830f30d9cb8886156c305dbc /crypto | |
| parent | 0d17c2f4bc81552202dcf359e7552f3a64ecf4f2 (diff) | |
Check expected sender not only for signature-protected CMP messages
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cmp/cmp_vfy.c | 39 |
1 files changed, 19 insertions, 20 deletions
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 289402d829..45b2e0010c 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -567,6 +567,25 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) return 0; } + /* validate sender name of received msg */ + if (msg->header->sender->type != GEN_DIRNAME) { + CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); + return 0; /* TODO FR#42: support for more than X509_NAME */ + } + /* + * Compare actual sender name of response with expected sender name. + * Mitigates risk to accept misused PBM secret + * or misused certificate of an unauthorized entity of a trusted hierarchy. + */ + expected_sender = ctx->expected_sender; + if (expected_sender == NULL && ctx->srvCert != NULL) + expected_sender = X509_get_subject_name(ctx->srvCert); + if (!check_name(ctx, "sender DN field", + msg->header->sender->d.directoryName, + "expected sender", expected_sender)) + return 0; + /* Note: if recipient was NULL-DN it could be learned here if needed */ + if ((alg = msg->header->protectionAlg) == NULL /* unprotected message */ || msg->protection == NULL || msg->protection->data == NULL) { CMPerr(0, CMP_R_MISSING_PROTECTION); @@ -632,26 +651,6 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) CMPerr(0, CMP_R_UNKNOWN_ALGORITHM_ID); break; } - /* validate sender name of received msg */ - if (msg->header->sender->type != GEN_DIRNAME) { - CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); - break; /* FR#42: support for more than X509_NAME */ - } - /* - * Compare actual sender name of response with expected sender name. - * Expected name can be set explicitly or the subject of ctx->srvCert. - * Mitigates risk to accept misused certificate of an unauthorized - * entity of a trusted hierarchy. - */ - expected_sender = ctx->expected_sender; - if (expected_sender == NULL && ctx->srvCert != NULL) - expected_sender = X509_get_subject_name(ctx->srvCert); - if (!check_name(ctx, "sender DN field", - msg->header->sender->d.directoryName, - "expected sender", expected_sender)) - break; - /* Note: if recipient was NULL-DN it could be learned here if needed */ - scrt = ctx->srvCert; if (scrt == NULL) { if (check_msg_find_cert(ctx, msg)) |