-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKCS7 API does not verify certificates #6692
Comments
Following the naming conventions for X.509, the |
@gilles-peskine-arm |
Oh, I was focusing on the parser so much I didn't even pay attention. Yes, that function is present, so that doesn't make sense to me. How does the verify function not have a parameter that's a trust anchor @daverodgman @bensze01 ? |
Should there also be a list of CRLs, or some sort of support for extended revocation check? |
This means it's useful for certain use-cases where the user wants to validate against a pre-shared certificate, but not the use-case where the user wants to validate against the certificate(s) contained within the PKCS7 file. Given that this is a partial implementation of PKCS7, this limitation seems acceptable (although it would be good to complete the implementation at some point). I do think that a documentation improvement is needed - we will push a PR to address this. Possibly |
Ah, good point. I thought it did the latter. |
Summary
The PKCS7 API does not verify the certificates: anyone can include a self-signed certificate and have it be accepted as valid. Unless an application does additional checks on the certificate, a valid PKCS7 signature provides no security whatsoever.
System information
Mbed TLS version (number or commit id): 72bffe0
Operating system and version: All
Configuration (if not default, please attach
mbedtls_config.h
): All including PKCS7Compiler and options (if you used a pre-built binary, please indicate how you obtained it): All
Additional environment information: N/A
Expected behavior
The PKCS7 API verifies that the certificate has been signed by a trusted authority and not revoked. The certificate is also checked to be usable for the intended purpose, perhaps by being required to have an Extended Key Usage provided by the caller.
Actual behavior
The PKCS7 API does not verify the certificate.
Steps to reproduce
See above.
Additional information
In my opinion, this makes the current API almost unusable, as it is insecure-by-default.
The text was updated successfully, but these errors were encountered: