diff options
| author | Raymond Mao <raymond.mao@linaro.org> | 2025-04-04 07:05:25 -0700 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2025-04-06 10:02:57 -0600 |
| commit | 0708d54a5697e30ea5ecb03f97360e4fcff89719 (patch) | |
| tree | 8cf4c8c772bbc381d25548a6a0c26f3baf482db5 /lib/mbedtls/pkcs7_parser.c | |
| parent | cf6d4535cc4ca250290a13458014aac4a29a8cec (diff) | |
mbedtls: remove incorrect attribute type checker
S/MIME Capabilities (OID: 1.2.840.113549.1.9.15) attributes are
expected to be algorithms but neither data nor MS Inderect Data,
thus the checker for data type is incorrect.
This patch fixes a capsule authentication failure with PKCS#7
message that contains S/MIME capabilities, which formed by the EDK2
GenerateCapsule tool.
S/MIME Capabilities are not common attributes in an EFI capsule,
thus this failure cannot be reproduced with the capsules generated
via mkeficapsule.
Fixes: 7de0d155cce7 ("mbedtls: add PKCS7 parser porting layer")
Reported-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Diffstat (limited to 'lib/mbedtls/pkcs7_parser.c')
| -rw-r--r-- | lib/mbedtls/pkcs7_parser.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/lib/mbedtls/pkcs7_parser.c b/lib/mbedtls/pkcs7_parser.c index ecfcc46edfa..bf8ee17b5b8 100644 --- a/lib/mbedtls/pkcs7_parser.c +++ b/lib/mbedtls/pkcs7_parser.c @@ -189,10 +189,6 @@ static int authattrs_parse(struct pkcs7_message *msg, void *aa, size_t aa_len, len)) { if (__test_and_set_bit(sinfo_has_smime_caps, &sinfo->aa_set)) return -EINVAL; - - if (msg->data_type != OID_msIndirectData && - msg->data_type != OID_data) - return -EINVAL; } else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_MICROSOFT_SPOPUSINFO, inner_p, len)) { if (__test_and_set_bit(sinfo_has_ms_opus_info, &sinfo->aa_set)) |