diff options
| author | David Howells <dhowells@redhat.com> | 2015-07-20 21:16:31 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2015-08-12 17:01:00 +0100 |
| commit | 2c7fd3675ef1867d0d0c39e9f0bb5ddb67bfc7a7 (patch) | |
| tree | f76418aad41317e825944e4ca96657f489b13cb2 /crypto/asymmetric_keys/pkcs7.asn1 | |
| parent | 99d27b1b52bd5cdf9bd9f7661ca8641e9a1b55e6 (diff) | |
| download | linux-2c7fd3675ef1867d0d0c39e9f0bb5ddb67bfc7a7.tar.bz2 | |
PKCS#7: Check content type and versions
We only support PKCS#7 signed-data [RFC2315 sec 9] content at the top level,
so reject anything else. Further, check that the version numbers in
SignedData and SignerInfo are 1 in both cases.
Note that we don't restrict the inner content type. In the PKCS#7 code we
don't parse the data attached there, but merely verify the signature over
it.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-By: David Woodhouse <David.Woodhouse@intel.com>
Diffstat (limited to 'crypto/asymmetric_keys/pkcs7.asn1')
| -rw-r--r-- | crypto/asymmetric_keys/pkcs7.asn1 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/pkcs7.asn1 b/crypto/asymmetric_keys/pkcs7.asn1 index a5a14ef28c86..05504431e1c1 100644 --- a/crypto/asymmetric_keys/pkcs7.asn1 +++ b/crypto/asymmetric_keys/pkcs7.asn1 @@ -1,12 +1,12 @@ PKCS7ContentInfo ::= SEQUENCE { - contentType ContentType, + contentType ContentType ({ pkcs7_check_content_type }), content [0] EXPLICIT SignedData OPTIONAL } ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID }) SignedData ::= SEQUENCE { - version INTEGER, + version INTEGER ({ pkcs7_note_signeddata_version }), digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, certificates CHOICE { @@ -68,7 +68,7 @@ SignerInfos ::= CHOICE { } SignerInfo ::= SEQUENCE { - version INTEGER, + version INTEGER ({ pkcs7_note_signerinfo_version }), issuerAndSerialNumber IssuerAndSerialNumber, digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }), authenticatedAttributes CHOICE { |