return 0;
}
+ /* validate sender name of received msg */
+ if (msg->header->sender->type != GEN_DIRNAME) {
+ CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
+ return 0; /* TODO FR#42: support for more than X509_NAME */
+ }
+ /*
+ * Compare actual sender name of response with expected sender name.
+ * Mitigates risk to accept misused PBM secret
+ * or misused certificate of an unauthorized entity of a trusted hierarchy.
+ */
+ expected_sender = ctx->expected_sender;
+ if (expected_sender == NULL && ctx->srvCert != NULL)
+ expected_sender = X509_get_subject_name(ctx->srvCert);
+ if (!check_name(ctx, "sender DN field",
+ msg->header->sender->d.directoryName,
+ "expected sender", expected_sender))
+ return 0;
+ /* Note: if recipient was NULL-DN it could be learned here if needed */
+
if ((alg = msg->header->protectionAlg) == NULL /* unprotected message */
|| msg->protection == NULL || msg->protection->data == NULL) {
CMPerr(0, CMP_R_MISSING_PROTECTION);
CMPerr(0, CMP_R_UNKNOWN_ALGORITHM_ID);
break;
}
- /* validate sender name of received msg */
- if (msg->header->sender->type != GEN_DIRNAME) {
- CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
- break; /* FR#42: support for more than X509_NAME */
- }
- /*
- * Compare actual sender name of response with expected sender name.
- * Expected name can be set explicitly or the subject of ctx->srvCert.
- * Mitigates risk to accept misused certificate of an unauthorized
- * entity of a trusted hierarchy.
- */
- expected_sender = ctx->expected_sender;
- if (expected_sender == NULL && ctx->srvCert != NULL)
- expected_sender = X509_get_subject_name(ctx->srvCert);
- if (!check_name(ctx, "sender DN field",
- msg->header->sender->d.directoryName,
- "expected sender", expected_sender))
- break;
- /* Note: if recipient was NULL-DN it could be learned here if needed */
-
scrt = ctx->srvCert;
if (scrt == NULL) {
if (check_msg_find_cert(ctx, msg))
and as default value for the expected sender of CMP responses.
OSSL_CMP_CTX_set1_expected_sender() sets the Distinguished Name (DN)
-expected in the sender field of signature-protected response messages.
+expected in the sender field of CMP response messages.
Defaults to the subject of the pinned server certificate B<-srvcert>, if any.
This can be used to make sure that only a particular entity is accepted as
CMP message signer, and attackers are not able to use arbitrary certificates
projects / oweals / openssl.git / commitdiff