Skip to content

Commit

Permalink
ossl_cmp_msg_check_update(): improve diagnostics of checking expected…
Browse files Browse the repository at this point in the history
… sender name

Reviewed-by: Shane Lontis <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: David von Oheimb <[email protected]>
(Merged from openssl#19948)
DDvO committed Jan 17, 2024
1 parent 657109a commit f21409f
Showing 4 changed files with 29 additions and 15 deletions.
1 change: 1 addition & 0 deletions crypto/cmp/cmp_err.c
Original file line number Diff line number Diff line change
@@ -152,6 +152,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
"unexpected pkistatus"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_POLLREQ), "unexpected pollreq"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PVNO), "unexpected pvno"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_SENDER), "unexpected sender"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_ALGORITHM_ID),
"unknown algorithm id"},
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_CERT_TYPE), "unknown cert type"},
41 changes: 26 additions & 15 deletions crypto/cmp/cmp_vfy.c
Original file line number Diff line number Diff line change
@@ -175,8 +175,8 @@ static int check_name(const OSSL_CMP_CTX *ctx, int log_success,
str = X509_NAME_oneline(actual_name, NULL, 0);
if (X509_NAME_cmp(actual_name, expect_name) == 0) {
if (log_success && str != NULL)
ossl_cmp_log2(INFO, ctx, " subject matches %s: %s", expect_desc,
str);
ossl_cmp_log3(INFO, ctx, " %s matches %s: %s",
actual_desc, expect_desc, str);
OPENSSL_free(str);
return 1;
}
@@ -711,22 +711,33 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
return 0;
hdr = OSSL_CMP_MSG_get0_header(msg);

/* validate sender name of received msg */
if (hdr->sender->type != GEN_DIRNAME) {
ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
return 0;
}
/*
* Compare actual sender name of response with expected sender name.
* Mitigates risk to accept misused PBM secret
* or misused certificate of an unauthorized entity of a trusted hierarchy.
*/
/* If expected_sender is given, validate sender name of received msg */
expected_sender = ctx->expected_sender;
if (expected_sender == NULL && ctx->srvCert != NULL)
expected_sender = X509_get_subject_name(ctx->srvCert);
if (!check_name(ctx, 0, "sender DN field", hdr->sender->d.directoryName,
"expected sender", expected_sender))
return 0;
if (expected_sender != NULL) {
const X509_NAME *actual_sender;
char *str;

if (hdr->sender->type != GEN_DIRNAME) {
ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
return 0;
}
actual_sender = hdr->sender->d.directoryName;
/*
* Compare actual sender name of response with expected sender name.
* Mitigates risk of accepting misused PBM secret or
* misused certificate of an unauthorized entity of a trusted hierarchy.
*/
if (!check_name(ctx, 0, "sender DN field", actual_sender,
"expected sender", expected_sender)) {
str = X509_NAME_oneline(actual_sender, NULL, 0);
ERR_raise_data(ERR_LIB_CMP, CMP_R_UNEXPECTED_SENDER,
str != NULL ? str : "<unknown>");
OPENSSL_free(str);
return 0;
}
}
/* Note: if recipient was NULL-DN it could be learned here if needed */

num_added = sk_X509_num(msg->extraCerts);
1 change: 1 addition & 0 deletions crypto/err/openssl.txt
Original file line number Diff line number Diff line change
@@ -278,6 +278,7 @@ CMP_R_UNEXPECTED_PKIBODY:133:unexpected pkibody
CMP_R_UNEXPECTED_PKISTATUS:185:unexpected pkistatus
CMP_R_UNEXPECTED_POLLREQ:105:unexpected pollreq
CMP_R_UNEXPECTED_PVNO:153:unexpected pvno
CMP_R_UNEXPECTED_SENDER:104:unexpected sender
CMP_R_UNKNOWN_ALGORITHM_ID:134:unknown algorithm id
CMP_R_UNKNOWN_CERT_TYPE:135:unknown cert type
CMP_R_UNKNOWN_PKISTATUS:186:unknown pkistatus
1 change: 1 addition & 0 deletions include/openssl/cmperr.h
Original file line number Diff line number Diff line change
@@ -104,6 +104,7 @@
# define CMP_R_UNEXPECTED_PKISTATUS 185
# define CMP_R_UNEXPECTED_POLLREQ 105
# define CMP_R_UNEXPECTED_PVNO 153
# define CMP_R_UNEXPECTED_SENDER 104
# define CMP_R_UNKNOWN_ALGORITHM_ID 134
# define CMP_R_UNKNOWN_CERT_TYPE 135
# define CMP_R_UNKNOWN_PKISTATUS 186

0 comments on commit f21409f

Please sign in to comment.