diff options
author | David Howells <dhowells@redhat.com> | 2015-07-20 21:16:31 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2015-08-12 17:01:00 +0100 |
commit | bb06af6c45ab7e6d321f1b7810f7832f678a5c8e (patch) | |
tree | 9c2f927ec307ec4b998873c6a27193158e75eb3f /crypto/asymmetric_keys/pkcs7.asn1 | |
parent | 5170d3851b296e7423fe077e0ca534f0eac41611 (diff) | |
download | linux-crypto-bb06af6c45ab7e6d321f1b7810f7832f678a5c8e.tar.gz linux-crypto-bb06af6c45ab7e6d321f1b7810f7832f678a5c8e.zip |
PKCS#7: Check content type and versions
We only support PKCS#7 signed-data [RFC2315 sec 9] content at the top level,
so reject anything else. Further, check that the version numbers in
SignedData and SignerInfo are 1 in both cases.
Note that we don't restrict the inner content type. In the PKCS#7 code we
don't parse the data attached there, but merely verify the signature over
it.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-By: David Woodhouse <David.Woodhouse@intel.com>
Diffstat (limited to '')
-rw-r--r-- | crypto/asymmetric_keys/pkcs7.asn1 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/pkcs7.asn1 b/crypto/asymmetric_keys/pkcs7.asn1 index a5a14ef2..05504431 100644 --- a/crypto/asymmetric_keys/pkcs7.asn1 +++ b/crypto/asymmetric_keys/pkcs7.asn1 @@ -1,12 +1,12 @@ PKCS7ContentInfo ::= SEQUENCE { - contentType ContentType, + contentType ContentType ({ pkcs7_check_content_type }), content [0] EXPLICIT SignedData OPTIONAL } ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID }) SignedData ::= SEQUENCE { - version INTEGER, + version INTEGER ({ pkcs7_note_signeddata_version }), digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, certificates CHOICE { @@ -68,7 +68,7 @@ SignerInfos ::= CHOICE { } SignerInfo ::= SEQUENCE { - version INTEGER, + version INTEGER ({ pkcs7_note_signerinfo_version }), issuerAndSerialNumber IssuerAndSerialNumber, digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }), authenticatedAttributes CHOICE { |