eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pkcs7: Drop support for signature in contentInfo of signed data

Browse source 
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.

Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
 - Demi Marie Obenour <demiobenour@gmail.com>
 - Dave Rodgman <dave.rodgman@arm.com>

Signed-off-by: Nick Child <nick.child@ibm.com>
This commit is contained in:
Nick Child 2023-02-07 19:59:58 +00:00
parent 50886c25f3
commit 3dafc6c3b3
5 changed files with 25 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
include/mbedtls/pkcs7.h
View file

@ -46,6 +46,8 @@
* - The RFC allows for SignerInfo structure to optionally contain
* unauthenticatedAttributes and authenticatedAttributes. In Mbed TLS it is
* assumed these fields are empty.
* - The RFC allows for the signed Data type to contain contentInfo. This
* implementation assumes the type is DATA and the content is empty.
*/
#ifndef MBEDTLS_PKCS7_H