From: Dr. David von Oheimb Date: Wed, 20 May 2020 06:11:47 +0000 (+0200) Subject: Check expected sender not only for signature-protected CMP messages X-Git-Tag: openssl-3.0.0-alpha4~124 X-Git-Url: https://git.librecmc.org/?p=oweals%2Fopenssl.git;a=commitdiff_plain;h=6d934add347c7d07fbe0e7a0ced1fdc9813ad640 Check expected sender not only for signature-protected CMP messages Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) --- diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 289402d829..45b2e0010c 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -567,6 +567,25 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) return 0; } + /* validate sender name of received msg */ + if (msg->header->sender->type != GEN_DIRNAME) { + CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); + return 0; /* TODO FR#42: support for more than X509_NAME */ + } + /* + * Compare actual sender name of response with expected sender name. + * Mitigates risk to accept misused PBM secret + * or misused certificate of an unauthorized entity of a trusted hierarchy. + */ + expected_sender = ctx->expected_sender; + if (expected_sender == NULL && ctx->srvCert != NULL) + expected_sender = X509_get_subject_name(ctx->srvCert); + if (!check_name(ctx, "sender DN field", + msg->header->sender->d.directoryName, + "expected sender", expected_sender)) + return 0; + /* Note: if recipient was NULL-DN it could be learned here if needed */ + if ((alg = msg->header->protectionAlg) == NULL /* unprotected message */ || msg->protection == NULL || msg->protection->data == NULL) { CMPerr(0, CMP_R_MISSING_PROTECTION); @@ -632,26 +651,6 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) CMPerr(0, CMP_R_UNKNOWN_ALGORITHM_ID); break; } - /* validate sender name of received msg */ - if (msg->header->sender->type != GEN_DIRNAME) { - CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); - break; /* FR#42: support for more than X509_NAME */ - } - /* - * Compare actual sender name of response with expected sender name. - * Expected name can be set explicitly or the subject of ctx->srvCert. - * Mitigates risk to accept misused certificate of an unauthorized - * entity of a trusted hierarchy. - */ - expected_sender = ctx->expected_sender; - if (expected_sender == NULL && ctx->srvCert != NULL) - expected_sender = X509_get_subject_name(ctx->srvCert); - if (!check_name(ctx, "sender DN field", - msg->header->sender->d.directoryName, - "expected sender", expected_sender)) - break; - /* Note: if recipient was NULL-DN it could be learned here if needed */ - scrt = ctx->srvCert; if (scrt == NULL) { if (check_msg_find_cert(ctx, msg)) diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index e6cfe00bfc..aac322b528 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -521,8 +521,7 @@ as far as any of those is present, else the NULL-DN as last resort. =item B<-expect_sender> I -Distinguished Name (DN) -expected in the sender field of signature-protected response messages. +Distinguished Name (DN) expected in the sender field of CMP response messages. Defaults to the subject DN of the pinned B<-srvcert>, if any. The argument must be formatted as I, diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index b8acf692f8..f8fee277e2 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -391,7 +391,7 @@ as default value for the recipient of CMP requests and as default value for the expected sender of CMP responses. OSSL_CMP_CTX_set1_expected_sender() sets the Distinguished Name (DN) -expected in the sender field of signature-protected response messages. +expected in the sender field of CMP response messages. Defaults to the subject of the pinned server certificate B<-srvcert>, if any. This can be used to make sure that only a particular entity is accepted as CMP message signer, and attackers are not able to use arbitrary certificates