feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

address review feedback for PKCS7 compat additions

Browse Source
This commit is contained in:
Chris Conlon
2022-03-02 16:49:59 -07:00
parent 6762cd90da
commit 582f0d82e4
4 changed files with 123 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
src/ssl.c
View File

@ -20907,7 +20907,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
#if (defined(KEEP_PEER_CERT) && defined(SESSION_CERTS)) || \ #if (defined(KEEP_PEER_CERT) && defined(SESSION_CERTS)) || \
(defined(OPENSSL_ALL) && defined(SESSION_CERTS)) (defined(OPENSSL_EXTRA) && defined(SESSION_CERTS))
/* Decode the X509 DER encoded certificate into a WOLFSSL_X509 object. /* Decode the X509 DER encoded certificate into a WOLFSSL_X509 object.
* *
* x509 WOLFSSL_X509 object to decode into. * x509 WOLFSSL_X509 object to decode into.
@ -20949,7 +20949,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
return ret; return ret;
} }
#endif /* (KEEP_PEER_CERT && SESSION_CERTS) || (OPENSSL_ALL && HAVE_PKCS7) */ #endif /* (KEEP_PEER_CERT & SESSION_CERTS) || (OPENSSL_EXTRA & SESSION_CERTS) */
#ifdef KEEP_PEER_CERT #ifdef KEEP_PEER_CERT
@ -62007,7 +62007,7 @@ PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len,
WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex"); WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex");
if (in == NULL || *in == NULL) if (in == NULL || *in == NULL || len < 0)
return NULL; return NULL;
if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL) if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)
@ -62090,6 +62090,18 @@ error:
return NULL; return NULL;
} }
/**
* Return stack of signers contained in PKCS7 cert.
* Notes:
* - Currently only PKCS#7 messages with a single signer cert is supported.
* - Returned WOLFSSL_STACK must be freed by caller.
*
* pkcs7 - PKCS7 struct to retrieve signer certs from.
* certs - currently unused
* flags - flags to control function behavior.
*
* Return WOLFSSL_STACK of signers on success, NULL on error.
*/
WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
int flags) int flags)
{ {
@ -62201,7 +62213,6 @@ int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out)
WOLFSSL_MSG("malloc error"); WOLFSSL_MSG("malloc error");
goto cleanup; goto cleanup;
} }
XMEMSET(output, 0, len);
localBuf = 1; localBuf = 1;
} }
else { else {
@ -62260,24 +62271,24 @@ cleanup:
* *
* Inner content type is set to DATA to match OpenSSL behavior. * Inner content type is set to DATA to match OpenSSL behavior.
* *
* signer - certificate to sign bundle with * signer - certificate to sign bundle with
* pkey - private key matching signcert * pkey - private key matching signer
* certs - optional additional set of certificates to include * certs - optional additional set of certificates to include
* in - input data to be signed * in - input data to be signed
* flags - optional set of flags to control sign behavior * flags - optional set of flags to control sign behavior
* *
* PKCS7_BINARY - Do not translate input data to MIME canonical * PKCS7_BINARY - Do not translate input data to MIME canonical
* format (\r\n line endings), thus preventing corruption of * format (\r\n line endings), thus preventing corruption of
* binary content. * binary content.
* PKCS7_TEXT - Prepend MIME headers for text/plain to content. * PKCS7_TEXT - Prepend MIME headers for text/plain to content.
* PKCS7_DETACHED - Set signature detached, omit content from output bundle. * PKCS7_DETACHED - Set signature detached, omit content from output bundle.
* PKCS7_STREAM - initialize PKCS7 struct for signing, do not read data. * PKCS7_STREAM - initialize PKCS7 struct for signing, do not read data.
* *
* Flags not currently supported: * Flags not currently supported:
* PKCS7_NOCERTS - Do not include the signer cert in the output bundle. * PKCS7_NOCERTS - Do not include the signer cert in the output bundle.
* PKCS7_PARTIAL - Allow for PKCS7_sign() to be only partially set up, * PKCS7_PARTIAL - Allow for PKCS7_sign() to be only partially set up,
* then signers etc to be added separately before * then signers etc to be added separately before
* calling PKCS7_final(). * calling PKCS7_final().
* *
* Returns valid PKCS7 structure pointer, or NULL if an error occurred. * Returns valid PKCS7 structure pointer, or NULL if an error occurred.
*/ */
@ -62341,18 +62352,16 @@ PKCS7* wolfSSL_PKCS7_sign(WOLFSSL_X509* signer, WOLFSSL_EVP_PKEY* pkey,
} }
/* add additional chain certs if provided */ /* add additional chain certs if provided */
if (err == 0) { while (cert && (err == 0)) {
while (cert && (err == 0)) { if (cert->data.x509 != NULL && cert->data.x509->derCert != NULL) {
if (cert->data.x509 != NULL && cert->data.x509->derCert != NULL) { if (wc_PKCS7_AddCertificate(&p7->pkcs7,
if (wc_PKCS7_AddCertificate(&p7->pkcs7, cert->data.x509->derCert->buffer,
cert->data.x509->derCert->buffer, cert->data.x509->derCert->length) != 0) {
cert->data.x509->derCert->length) != 0) { WOLFSSL_MSG("Error in wc_PKCS7_AddCertificate");
WOLFSSL_MSG("Error in wc_PKCS7_AddCertificate"); err = 1;
err = 1;
}
} }
cert = cert->next;
} }
cert = cert->next;
} }
if ((err == 0) && (flags & PKCS7_DETACHED)) { if ((err == 0) && (flags & PKCS7_DETACHED)) {
@ -62424,9 +62433,9 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
if (line[lineLen - 1] == '\r' || line[lineLen - 1] == '\n') { if (line[lineLen - 1] == '\r' || line[lineLen - 1] == '\n') {
canonLineLen = (word32)lineLen; canonLineLen = (word32)lineLen;
if ((canonLine = wc_MIME_canonicalize( if ((canonLine = wc_MIME_single_canonicalize(
line, &canonLineLen)) == NULL) { line, &canonLineLen)) == NULL) {
ret = 1; ret = -1;
break; break;
} }
@ -62436,23 +62445,23 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
} }
if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) { if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) {
ret = 1; ret = -1;
break; break;
} }
XFREE(canonLine, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
canonLine = NULL; canonLine = NULL;
} }
else { else {
/* no line ending in current line, write direct to out */ /* no line ending in current line, write direct to out */
if (wolfSSL_BIO_write(out, line, lineLen) < 0) { if (wolfSSL_BIO_write(out, line, lineLen) < 0) {
ret = 1; ret = -1;
break; break;
} }
} }
} }
if (canonLine != NULL) { if (canonLine != NULL) {
XFREE(canonLine, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7);
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(line, in->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(line, in->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -62463,10 +62472,13 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
#endif /* HAVE_SMIME */ #endif /* HAVE_SMIME */
/* Used by both PKCS7_final() and PKCS7_verify() */
static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
/** /**
* Finalize PKCS7 structure, currently supports signedData only. * Finalize PKCS7 structure, currently supports signedData only.
* *
* Does not do generation of final bundle (ie: signedData), but finalizes * Does not generate final bundle (ie: signedData), but finalizes
* the PKCS7 structure in preparation for a output function to be called next. * the PKCS7 structure in preparation for a output function to be called next.
* *
* pkcs7 - initialized PKCS7 structure, populated with signer, etc * pkcs7 - initialized PKCS7 structure, populated with signer, etc
@ -62477,7 +62489,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out)
* PKCS7_BINARY - Do not translate input data to MIME canonical * PKCS7_BINARY - Do not translate input data to MIME canonical
* format (\r\n line endings), thus preventing corruption of * format (\r\n line endings), thus preventing corruption of
* binary content. * binary content.
* PKCS7_TEXT - Prepend MIME headers for text/plain to content. * PKCS7_TEXT - Prepend MIME headers for text/plain to content.
* *
* Returns 1 on success, 0 on error * Returns 1 on success, 0 on error
*/ */
@ -62488,7 +62500,6 @@ int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags)
unsigned char* mem = NULL; unsigned char* mem = NULL;
WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
WOLFSSL_BIO* data = NULL; WOLFSSL_BIO* data = NULL;
static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
WOLFSSL_ENTER("wolfSSL_PKCS7_final"); WOLFSSL_ENTER("wolfSSL_PKCS7_final");
@ -62504,11 +62515,11 @@ int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags)
} }
} }
/* append Content-Type header if PKCS7_TEXT */ /* prepend Content-Type header if PKCS7_TEXT */
if ((ret == 1) && (flags & PKCS7_TEXT)) { if ((ret == 1) && (flags & PKCS7_TEXT)) {
if (wolfSSL_BIO_write(data, contTypeText, if (wolfSSL_BIO_write(data, contTypeText,
(int)XSTRLEN(contTypeText)) < 0) { (int)XSTR_SIZEOF(contTypeText)) < 0) {
WOLFSSL_MSG("Error appending Content-Type header"); WOLFSSL_MSG("Error prepending Content-Type header");
ret = 0; ret = 0;
} }
} }
@ -62516,15 +62527,33 @@ int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags)
/* convert line endings to CRLF if !PKCS7_BINARY */ /* convert line endings to CRLF if !PKCS7_BINARY */
if (ret == 1) { if (ret == 1) {
if (flags & PKCS7_BINARY) { if (flags & PKCS7_BINARY) {
/* no CRLF conversion, direct copy content */ /* no CRLF conversion, direct copy content */
if ((memSz = wolfSSL_BIO_get_mem_data(in, &mem)) < 0) { if ((memSz = wolfSSL_BIO_get_len(in)) <= 0) {
ret = 0; ret = 0;
} }
else if (wolfSSL_BIO_write(data, mem, memSz) < 0) { if (ret == 1) {
ret = 0; mem = (unsigned char*)XMALLOC(memSz, in->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (mem == NULL) {
WOLFSSL_MSG("Failed to allocate memory for input data");
ret = 0;
}
}
if (ret == 1) {
if (wolfSSL_BIO_read(in, mem, memSz) != memSz) {
WOLFSSL_MSG("Error reading from input BIO");
ret = 0;
}
else if (wolfSSL_BIO_write(data, mem, memSz) < 0) {
ret = 0;
}
}
if (mem != NULL) {
XFREE(mem, in->heap, DYNAMIC_TYPE_TMP_BUFFER);
} }
mem = NULL;
memSz = 0;
} }
else { else {
#ifdef HAVE_SMIME #ifdef HAVE_SMIME
@ -62582,7 +62611,6 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
unsigned char* mem = NULL; unsigned char* mem = NULL;
int memSz = 0; int memSz = 0;
WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
int contTypeLen; int contTypeLen;
WOLFSSL_X509* signer = NULL; WOLFSSL_X509* signer = NULL;
WOLFSSL_STACK* signers = NULL; WOLFSSL_STACK* signers = NULL;
@ -62631,7 +62659,7 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
signer->derCert->length, signer->derCert->length,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to verify signer certificate"); WOLFSSL_MSG("Failed to verify signer certificate");
wolfSSL_sk_X509_free(signers); wolfSSL_sk_X509_pop_free(signers, NULL);
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
} }
@ -62654,6 +62682,8 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz); wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz);
} }
WOLFSSL_LEAVE("wolfSSL_PKCS7_verify", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@ -62903,6 +62933,7 @@ WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
static const char kAppPkcs7Mime[] = "application/pkcs7-mime"; static const char kAppPkcs7Mime[] = "application/pkcs7-mime";
static const char kAppXPkcs7Mime[] = "application/x-pkcs7-mime"; static const char kAppXPkcs7Mime[] = "application/x-pkcs7-mime";
WOLFSSL_ENTER("wolfSSL_SMIME_read_PKCS7");
if (in == NULL || bcont == NULL) { if (in == NULL || bcont == NULL) {
goto error; goto error;
@ -63000,8 +63031,8 @@ WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
while (XSTRNCMP(&section[sectionLen], boundary, boundLen) && while (XSTRNCMP(&section[sectionLen], boundary, boundLen) &&
remainLen > 0) { remainLen > 0) {
canonLineLen = lineLen; canonLineLen = lineLen;
canonLine = wc_MIME_canonicalize(&section[sectionLen], canonLine = wc_MIME_single_canonicalize(&section[sectionLen],
&canonLineLen); &canonLineLen);
if (canonLine == NULL) { if (canonLine == NULL) {
goto error; goto error;
} }
@ -63265,7 +63296,6 @@ int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in,
byte* p7out = NULL; byte* p7out = NULL;
int len = 0; int len = 0;
WC_RNG rng;
char boundary[33]; /* 32 chars + \0 */ char boundary[33]; /* 32 chars + \0 */
byte* sigBase64 = NULL; byte* sigBase64 = NULL;
word32 sigBase64Len = 0; word32 sigBase64Len = 0;
@ -63321,22 +63351,22 @@ int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in,
if (flags & PKCS7_DETACHED) { if (flags & PKCS7_DETACHED) {
/* generate random boundary */ /* generate random boundary */
if (wc_InitRng(&rng) != 0) { if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error in wc_InitRng"); WOLFSSL_MSG("No RNG to use");
ret = 0; ret = 0;
} }
if ((ret > 0) && (wc_RNG_GenerateBlock(&rng, (byte*)boundary, /* no need to generate random byte for null terminator (size-1) */
sizeof(boundary)) != 0)) { if ((ret > 0) && (wc_RNG_GenerateBlock(&globalRNG, (byte*)boundary,
sizeof(boundary) - 1 ) != 0)) {
WOLFSSL_MSG("Error in wc_RNG_GenerateBlock"); WOLFSSL_MSG("Error in wc_RNG_GenerateBlock");
ret = 0; ret = 0;
} }
wc_FreeRng(&rng);
if (ret > 0) { if (ret > 0) {
for (i = 0; i < (int)sizeof(boundary) - 1; i++) { for (i = 0; i < (int)sizeof(boundary) - 1; i++) {
boundary[i] = boundary[i] =
alphanum[boundary[i] % (sizeof(alphanum) - 1)]; alphanum[boundary[i] % XSTR_SIZEOF(alphanum)];
} }
boundary[sizeof(boundary)-1] = 0; boundary[sizeof(boundary)-1] = 0;
} }
@ -63411,10 +63441,10 @@ int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in,
} }
if (ret > 0) { if (ret > 0) {
return 1; return WOLFSSL_SUCCESS;
} }
return 0; return WOLFSSL_FAILURE;
} }
#endif /* HAVE_SMIME */ #endif /* HAVE_SMIME */

50
tests/api.c
View File

@ -46923,16 +46923,20 @@ static void test_wolfSSL_PKCS7_sign(void)
AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
wc_PKCS7_Free(p7Ver); wc_PKCS7_Free(p7Ver);
if (out != NULL) { AssertNotNull(out);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = NULL; out = NULL;
}
PKCS7_free(p7); PKCS7_free(p7);
} }
/* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg /* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg
* tests for PKCS7_final() while we have a PKCS7 pointer to use */ * tests for PKCS7_final() while we have a PKCS7 pointer to use */
{ {
/* re-populate input BIO, may have been consumed */
BIO_free(inBio);
AssertNotNull(inBio = BIO_new(BIO_s_mem()));
AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
flags = PKCS7_BINARY | PKCS7_STREAM; flags = PKCS7_BINARY | PKCS7_STREAM;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertIntEQ(PKCS7_final(p7, inBio, flags), 1); AssertIntEQ(PKCS7_final(p7, inBio, flags), 1);
@ -46948,15 +46952,19 @@ static void test_wolfSSL_PKCS7_sign(void)
AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
PKCS7_free(p7Ver); PKCS7_free(p7Ver);
if (out != NULL) { AssertNotNull(out);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = NULL; out = NULL;
}
PKCS7_free(p7); PKCS7_free(p7);
} }
/* TEST SUCCESS: Detached, not streaming, not MIME */ /* TEST SUCCESS: Detached, not streaming, not MIME */
{ {
/* re-populate input BIO, may have been consumed */
BIO_free(inBio);
AssertNotNull(inBio = BIO_new(BIO_s_mem()));
AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
flags = PKCS7_BINARY | PKCS7_DETACHED; flags = PKCS7_BINARY | PKCS7_DETACHED;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0); AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
@ -46968,15 +46976,25 @@ static void test_wolfSSL_PKCS7_sign(void)
AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
wc_PKCS7_Free(p7Ver); wc_PKCS7_Free(p7Ver);
if (out != NULL) { /* verify expected failure (NULL return) from d2i_PKCS7, it does not
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); * yet support detached content */
out = NULL; tmpPtr = out;
} AssertNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
PKCS7_free(p7Ver);
AssertNotNull(out);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = NULL;
PKCS7_free(p7); PKCS7_free(p7);
} }
/* TEST SUCCESS: Detached, streaming, not MIME */ /* TEST SUCCESS: Detached, streaming, not MIME */
{ {
/* re-populate input BIO, may have been consumed */
BIO_free(inBio);
AssertNotNull(inBio = BIO_new(BIO_s_mem()));
AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0);
flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM; flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM;
AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
AssertIntEQ(PKCS7_final(p7, inBio, flags), 1); AssertIntEQ(PKCS7_final(p7, inBio, flags), 1);
@ -46989,10 +47007,8 @@ static void test_wolfSSL_PKCS7_sign(void)
AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0);
wc_PKCS7_Free(p7Ver); wc_PKCS7_Free(p7Ver);
if (out != NULL) { AssertNotNull(out);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
out = NULL;
}
PKCS7_free(p7); PKCS7_free(p7);
} }
@ -47210,7 +47226,7 @@ static void test_wolfSSL_SMIME_read_PKCS7(void)
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out, AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out,
PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS); PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS);
AssertIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0); AssertIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0);
/* Content-Type should not show up in output buffer */ /* Content-Type should not show up at beginning of output buffer */
AssertIntGT(outBufLen, XSTRLEN(contTypeText)); AssertIntGT(outBufLen, XSTRLEN(contTypeText));
AssertIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0); AssertIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0);

8
wolfcrypt/src/asn.c
View File

@ -32557,8 +32557,8 @@ MimeParam* wc_MIME_find_param_attr(const char* attribute,
} }
/***************************************************************************** /*****************************************************************************
* wc_MIME_canonicalize - Canonicalize a line by converting all line endings * wc_MIME_single_canonicalize - Canonicalize a line by converting the trailing
* to CRLF. * line ending to CRLF.
* *
* line - input line to canonicalize * line - input line to canonicalize
* len - length of line in chars on input, length of output array on return * len - length of line in chars on input, length of output array on return
@ -32566,7 +32566,7 @@ MimeParam* wc_MIME_find_param_attr(const char* attribute,
* RETURNS: * RETURNS:
* returns a pointer to a canonicalized line on success, NULL on error. * returns a pointer to a canonicalized line on success, NULL on error.
*/ */
char* wc_MIME_canonicalize(const char* line, word32* len) char* wc_MIME_single_canonicalize(const char* line, word32* len)
{ {
size_t end = 0; size_t end = 0;
char* canonLine = NULL; char* canonLine = NULL;
@ -32575,7 +32575,7 @@ char* wc_MIME_canonicalize(const char* line, word32* len)
return NULL; return NULL;
} }
end = *len - 1 ; end = *len;
while (end >= 1 && ((line[end-1] == '\r') || (line[end-1] == '\n'))) { while (end >= 1 && ((line[end-1] == '\r') || (line[end-1] == '\n'))) {
end--; end--;
} }

2
wolfssl/wolfcrypt/asn.h
View File

@ -2033,7 +2033,7 @@ WOLFSSL_LOCAL int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** hdrs);
WOLFSSL_LOCAL int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end); WOLFSSL_LOCAL int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end);
WOLFSSL_LOCAL MimeHdr* wc_MIME_find_header_name(const char* name, MimeHdr* hdr); WOLFSSL_LOCAL MimeHdr* wc_MIME_find_header_name(const char* name, MimeHdr* hdr);
WOLFSSL_LOCAL MimeParam* wc_MIME_find_param_attr(const char* attribute, MimeParam* param); WOLFSSL_LOCAL MimeParam* wc_MIME_find_param_attr(const char* attribute, MimeParam* param);
WOLFSSL_LOCAL char* wc_MIME_canonicalize(const char* line, word32* len); WOLFSSL_LOCAL char* wc_MIME_single_canonicalize(const char* line, word32* len);
WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head); WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head);
#endif /* HAVE_SMIME */ #endif /* HAVE_SMIME */