Allow PKCS7_VerifyDecodedData to have an empty set of SignerInfos. Save first certificate.

2014-01-24 12:14:53 -08:00
parent 595fe0b445
commit 1dac5d28e3
1 changed files with 67 additions and 66 deletions
--- a/ctaocrypt/src/pkcs7.c
+++ b/ctaocrypt/src/pkcs7.c
@ -653,8 +653,9 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)

    /* Save the inner data as the content. */
    if (length > 0) {
-        content = &pkiMsg[idx];
-        contentSz = length;
+        /* Local pointer for calculating hashes later */
+        pkcs7->content = content = &pkiMsg[idx];
+        pkcs7->contentSz = contentSz = length;
        idx += length;
    }

@ -680,6 +681,7 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
                cert = &pkiMsg[idx];
                certSz += (certIdx - idx);
            }
+            PKCS7_InitWithCert(pkcs7, cert, certSz);
        }
        idx += length;
    }
@ -698,6 +700,12 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
    if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0)
        return ASN_PARSE_E;

+    if (length > 0) {
+        RsaKey key;
+        word32 scratch = 0;
+        int plainSz = 0;
+        byte digest[MAX_SEQ_SZ+MAX_ALGO_SZ+MAX_OCTET_STR_SZ+SHA_DIGEST_SIZE];
+
        /* Get the sequence of the first signerInfo */
        if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
            return ASN_PARSE_E;
@ -760,14 +768,7 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
            idx += length;
        }

-    {
-        RsaKey key;
-        word32 scratch = 0;
-        int plainSz = 0;
-        byte digest[MAX_SEQ_SZ+MAX_ALGO_SZ+MAX_OCTET_STR_SZ+SHA_DIGEST_SIZE];
-
        XMEMSET(digest, 0, sizeof(digest));
-        PKCS7_InitWithCert(pkcs7, cert, certSz);
        pkcs7->content = content;
        pkcs7->contentSz = contentSz;