Skip to content

reject non-zero version in pkcs7 enveloped data decryption#15262

Open
dxbjavid wants to merge 1 commit into
pyca:mainfrom
dxbjavid:pkcs7-enveloped-version
Open

reject non-zero version in pkcs7 enveloped data decryption#15262
dxbjavid wants to merge 1 commit into
pyca:mainfrom
dxbjavid:pkcs7-enveloped-version

Conversation

@dxbjavid

Copy link
Copy Markdown
Contributor

When decrypting a PKCS7 EnvelopedData we read the EnvelopedData and RecipientInfo version fields but never check them, so a message whose version is not zero is accepted and decrypted even though it is malformed. For the shape we accept here, with no originatorInfo or unprotected attributes and a recipient identified by issuer and serial number, RFC 5652 6.1 and 6.2.1 fix both versions at zero, so any other value is out of spec. This rejects it in both places, matching the version validation the certificate, CSR, CRL and OCSP loaders already do.

positions = []
start = 0
while True:
i = enveloped.find(b"\x02\x01\x00", start)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a proper vector for this, not this weird style.

You've gotten this feedback before, which strongly makes me think this is just an LLM. That's fine, we use LLMs to. But if you don't put actual human effort into this, you're wasting our time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants