feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

PKCS7_DecodeEnvelopedData, only do ParseCert once in PKCS7_InitWithCert

Browse Source
This commit is contained in:
Chris Conlon
2014-01-23 14:48:18 -07:00
parent 45c05ffd30
commit 43199cd573
2 changed files with 14 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ctaocrypt/src/pkcs7.c
View File

@@ -166,6 +166,7 @@ int PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
} }
XMEMCPY(pkcs7->publicKey, dCert.publicKey, dCert.pubKeySize); XMEMCPY(pkcs7->publicKey, dCert.publicKey, dCert.pubKeySize);
pkcs7->publicKeySz = dCert.pubKeySize; pkcs7->publicKeySz = dCert.pubKeySize;
XMEMCPY(pkcs7->issuerHash, dCert.issuerHash, SHA_SIZE);
pkcs7->issuer = dCert.issuerRaw; pkcs7->issuer = dCert.issuerRaw;
pkcs7->issuerSz = dCert.issuerRawLen; pkcs7->issuerSz = dCert.issuerRawLen;
XMEMCPY(pkcs7->issuerSn, dCert.serial, dCert.serialSz); XMEMCPY(pkcs7->issuerSn, dCert.serial, dCert.serialSz);
@@ -1005,8 +1006,6 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
byte issuerHash[SHA_DIGEST_SIZE]; byte issuerHash[SHA_DIGEST_SIZE];
mp_int serialNum; mp_int serialNum;
DecodedCert decoded;
int encryptedKeySz, keySz; int encryptedKeySz, keySz;
byte tmpIv[DES_BLOCK_SIZE]; byte tmpIv[DES_BLOCK_SIZE];
byte encryptedKey[MAX_ENCRYPTED_KEY_SZ]; byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
@@ -1026,14 +1025,6 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
output == NULL || outputSz == 0) output == NULL || outputSz == 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
/* parse recipient cert */
InitDecodedCert(&decoded, pkcs7->singleCert, pkcs7->singleCertSz, 0);
ret = ParseCert(&decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) {
FreeDecodedCert(&decoded);
return ret;
}
/* load private key */ /* load private key */
InitRsaKey(&privKey, 0); InitRsaKey(&privKey, 0);
ret = RsaPrivateKeyDecode(pkcs7->privateKey, &idx, &privKey, ret = RsaPrivateKeyDecode(pkcs7->privateKey, &idx, &privKey,
@@ -1109,7 +1100,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
return ASN_PARSE_E; return ASN_PARSE_E;
/* if we found correct recipient, issuer hashes will match */ /* if we found correct recipient, issuer hashes will match */
if (XMEMCMP(issuerHash, decoded.issuerHash, SHA_DIGEST_SIZE) == 0) { if (XMEMCMP(issuerHash, pkcs7->issuerHash, SHA_DIGEST_SIZE) == 0) {
recipFound = 1; recipFound = 1;
} }

1
cyassl/ctaocrypt/pkcs7.h
View File

@@ -76,6 +76,7 @@ typedef struct PKCS7 {
byte* singleCert; /* recipient cert, DER, not owner */ byte* singleCert; /* recipient cert, DER, not owner */
word32 singleCertSz; /* size of recipient cert buffer, bytes */ word32 singleCertSz; /* size of recipient cert buffer, bytes */
byte issuerHash[SHA_SIZE]; /* hash of all alt Names */
byte* issuer; /* issuer name of singleCert */ byte* issuer; /* issuer name of singleCert */
word32 issuerSz; /* length of issuer name */ word32 issuerSz; /* length of issuer name */
byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */