Commit e7d5206e89 for openssl.org
commit e7d5206e892e14fd380e3f04401a47de7c759818
Author: Dr. David von Oheimb <dev@ddvo.net>
Date: Thu Jul 10 17:37:11 2025 +0200
apps/cmp.c: add -ta_in_ip_extracerts permitting non-authenticated trust anchors in IP extracerts according to 3GPP TS 33.310
Fixes #27888
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28015)
diff --git a/apps/cmp.c b/apps/cmp.c
index 126e1412cb..990112b64d 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -87,6 +87,7 @@ static char *opt_srvcert = NULL;
static char *opt_expect_sender = NULL;
static int opt_ignore_keyusage = 0;
static int opt_unprotected_errors = 0;
+static int opt_ta_in_ip_extracerts = 0;
static int opt_no_cache_extracerts = 0;
static char *opt_srvcertout = NULL;
static char *opt_extracertsout = NULL;
@@ -281,6 +282,7 @@ typedef enum OPTION_choice {
OPT_EXPECT_SENDER,
OPT_IGNORE_KEYUSAGE,
OPT_UNPROTECTED_ERRORS,
+ OPT_TA_IN_IP_EXTRACERTS,
OPT_NO_CACHE_EXTRACERTS,
OPT_SRVCERTOUT,
OPT_EXTRACERTSOUT,
@@ -509,6 +511,12 @@ const OPTIONS cmp_options[] = {
"certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf" },
{ OPT_MORE_STR, 0, 0,
"WARNING: This setting leads to behavior allowing violation of RFC 9810" },
+ { "ta_in_ip_extracerts", OPT_TA_IN_IP_EXTRACERTS, '-',
+ "Permit using self-issued certificates from the extraCerts in an IP message" },
+ { OPT_MORE_STR, 0, 0,
+ "as trust anchors under conditions defined by 3GPP TS 33.310" },
+ { OPT_MORE_STR, 0, 0,
+ "WARNING: This setting leads to behavior allowing violation of RFC 9810" },
{ "no_cache_extracerts", OPT_NO_CACHE_EXTRACERTS, '-',
"Do not keep certificates received in the extraCerts CMP message field" },
{ "srvcertout", OPT_SRVCERTOUT, 's',
@@ -727,6 +735,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
{ &opt_trusted }, { &opt_untrusted }, { &opt_srvcert },
{ &opt_expect_sender },
{ (char **)&opt_ignore_keyusage }, { (char **)&opt_unprotected_errors },
+ { (char **)&opt_ta_in_ip_extracerts },
{ (char **)&opt_no_cache_extracerts },
{ &opt_srvcertout }, { &opt_extracertsout }, { &opt_cacertsout },
{ &opt_oldwithold }, { &opt_newwithnew }, { &opt_newwithold }, { &opt_oldwithnew },
@@ -1391,6 +1400,10 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
if (opt_unprotected_errors)
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1);
+ if (opt_ta_in_ip_extracerts) {
+ (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR, 1);
+ CMP_warn("permitting non-authenticated trust anchors in IP extracerts according to 3GPP TS 33.310");
+ }
if (opt_out_trusted != NULL) { /* for use in OSSL_CMP_certConf_cb() */
X509_VERIFY_PARAM *out_vpm = NULL;
@@ -2963,6 +2976,9 @@ static int get_opts(int argc, char **argv)
case OPT_UNPROTECTED_ERRORS:
opt_unprotected_errors = 1;
break;
+ case OPT_TA_IN_IP_EXTRACERTS:
+ opt_ta_in_ip_extracerts = 1;
+ break;
case OPT_NO_CACHE_EXTRACERTS:
opt_no_cache_extracerts = 1;
break;
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 696df2febd..b12ca950ab 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -70,6 +70,7 @@ Server authentication options:
[B<-expect_sender> I<name>]
[B<-ignore_keyusage>]
[B<-unprotected_errors>]
+[B<-ta_in_ip_extracerts>]
[B<-no_cache_extracerts>]
[B<-srvcertout> I<filename>]
[B<-extracertsout> I<filename>]
@@ -715,6 +716,22 @@ with a signature key."
=back
+=item B<-ta_in_ip_extracerts>
+
+This is a quirk option added to support 3GPP TS 33.310.
+B<WARNING:> This leads to behavior violating RFCs 4210 and 9810.
+
+It allows using self-issued certificates from the extraCerts in an IP message
+as non-authenticated trust anchors when validating the CMP message protection certificate
+in this and any subsequent responses from the server in the same transaction,
+but only if these extraCerts can also be used as trust anchors for validating
+the newly enrolled certificate received in the IP message.
+
+Note that using this option is dangerous as the to-be-trusted certificates
+obtained this way have not been authenticated (at least not at CMP level).
+Taking them over as initial trust anchors
+implements a form of trust-on-first-use (TOFU).
+
=item B<-no_cache_extracerts>
Do not cache certificates in the extraCerts field of CMP messages received.
@@ -1513,6 +1530,8 @@ and B<-rsp_crl> options were added in OpenSSL 3.4.
B<-centralkeygen>, B<-newkeyout>, B<-rsp_key> and
B<-rsp_keypass> were added in OpenSSL 3.5.
+The B<-ta_in_ip_extracerts> quirk option was added in OpenSSL 4.0.
+
The B<-engine> option was removed in OpenSSL 4.0.
=head1 COPYRIGHT