PKCS7_DecodeEnvelopedData, only do ParseCert once in PKCS7_InitWithCert

2014-01-23 14:48:18 -07:00
parent 45c05ffd30
commit 43199cd573
2 changed files with 14 additions and 22 deletions
--- a/ctaocrypt/src/pkcs7.c
+++ b/ctaocrypt/src/pkcs7.c
@@ -166,6 +166,7 @@ int PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
        }
        XMEMCPY(pkcs7->publicKey, dCert.publicKey, dCert.pubKeySize);
        pkcs7->publicKeySz = dCert.pubKeySize;
+        XMEMCPY(pkcs7->issuerHash, dCert.issuerHash, SHA_SIZE);
        pkcs7->issuer = dCert.issuerRaw;
        pkcs7->issuerSz = dCert.issuerRawLen;
        XMEMCPY(pkcs7->issuerSn, dCert.serial, dCert.serialSz);
@@ -1005,8 +1006,6 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
    byte   issuerHash[SHA_DIGEST_SIZE];
    mp_int serialNum;

-    DecodedCert decoded;
-
    int encryptedKeySz, keySz;
    byte tmpIv[DES_BLOCK_SIZE];
    byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
@@ -1026,14 +1025,6 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
        output == NULL || outputSz == 0)
        return BAD_FUNC_ARG;

-    /* parse recipient cert */
-    InitDecodedCert(&decoded, pkcs7->singleCert, pkcs7->singleCertSz, 0);
-    ret = ParseCert(&decoded, CA_TYPE, NO_VERIFY, 0);
-    if (ret < 0) {
-        FreeDecodedCert(&decoded);
-        return ret;
-    }
-
    /* load private key */
    InitRsaKey(&privKey, 0);
    ret = RsaPrivateKeyDecode(pkcs7->privateKey, &idx, &privKey,
@@ -1109,7 +1100,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
            return ASN_PARSE_E;

        /* if we found correct recipient, issuer hashes will match */
-        if (XMEMCMP(issuerHash, decoded.issuerHash, SHA_DIGEST_SIZE) == 0) {
+        if (XMEMCMP(issuerHash, pkcs7->issuerHash, SHA_DIGEST_SIZE) == 0) {
            recipFound = 1;
        }

--- a/cyassl/ctaocrypt/pkcs7.h
+++ b/cyassl/ctaocrypt/pkcs7.h
@@ -65,25 +65,26 @@ typedef struct PKCS7Attrib {


 typedef struct PKCS7 {
-    byte* content;                /* inner content, not owner */
-    word32 contentSz;             /* content size */
-    int contentOID;               /* PKCS#7 content type OID sum */
+    byte* content;                /* inner content, not owner             */
+    word32 contentSz;             /* content size                         */
+    int contentOID;               /* PKCS#7 content type OID sum          */

    RNG* rng;

    int hashOID;
-    int encryptOID;               /* key encryption algorithm OID */
+    int encryptOID;               /* key encryption algorithm OID         */

-    byte*  singleCert;            /* recipient cert, DER, not owner */
+    byte*  singleCert;            /* recipient cert, DER, not owner       */
    word32 singleCertSz;          /* size of recipient cert buffer, bytes */
-    byte*  issuer;                /* issuer name of singleCert */
-    word32 issuerSz;              /* length of issuer name */
-    byte issuerSn[MAX_SN_SZ];     /* singleCert's serial number */
-    word32 issuerSnSz;            /* length of serial number */
+    byte issuerHash[SHA_SIZE];    /* hash of all alt Names                */
+    byte*  issuer;                /* issuer name of singleCert            */
+    word32 issuerSz;              /* length of issuer name                */
+    byte issuerSn[MAX_SN_SZ];     /* singleCert's serial number           */
+    word32 issuerSnSz;            /* length of serial number              */
    byte publicKey[512];
    word32 publicKeySz;
-    byte*  privateKey;            /* private key, DER, not owner */
-    word32 privateKeySz;          /* size of private key buffer, bytes */
+    byte*  privateKey;            /* private key, DER, not owner          */
+    word32 privateKeySz;          /* size of private key buffer, bytes    */
    
    PKCS7Attrib* signedAttribs;
    word32 signedAttribsSz;