From 0708d54a5697e30ea5ecb03f97360e4fcff89719 Mon Sep 17 00:00:00 2001 From: Raymond Mao Date: Fri, 4 Apr 2025 07:05:25 -0700 Subject: [PATCH] mbedtls: remove incorrect attribute type checker S/MIME Capabilities (OID: 1.2.840.113549.1.9.15) attributes are expected to be algorithms but neither data nor MS Inderect Data, thus the checker for data type is incorrect. This patch fixes a capsule authentication failure with PKCS#7 message that contains S/MIME capabilities, which formed by the EDK2 GenerateCapsule tool. S/MIME Capabilities are not common attributes in an EFI capsule, thus this failure cannot be reproduced with the capsules generated via mkeficapsule. Fixes: 7de0d155cce7 ("mbedtls: add PKCS7 parser porting layer") Reported-by: Ilias Apalodimas Signed-off-by: Raymond Mao --- lib/mbedtls/pkcs7_parser.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/mbedtls/pkcs7_parser.c b/lib/mbedtls/pkcs7_parser.c index ecfcc46edfa..bf8ee17b5b8 100644 --- a/lib/mbedtls/pkcs7_parser.c +++ b/lib/mbedtls/pkcs7_parser.c @@ -189,10 +189,6 @@ static int authattrs_parse(struct pkcs7_message *msg, void *aa, size_t aa_len, len)) { if (__test_and_set_bit(sinfo_has_smime_caps, &sinfo->aa_set)) return -EINVAL; - - if (msg->data_type != OID_msIndirectData && - msg->data_type != OID_data) - return -EINVAL; } else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_MICROSOFT_SPOPUSINFO, inner_p, len)) { if (__test_and_set_bit(sinfo_has_ms_opus_info, &sinfo->aa_set)) -- 2.39.5