Return error when attempting to verify signed data without signers

2018-10-18 13:44:13 +10:00
parent f7eb8bf080
commit 67bb558025
3 changed files with 84 additions and 78 deletions
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@ -497,6 +497,9 @@ const char* wc_GetErrorString(int error)
    case ZLIB_DECOMPRESS_ERROR:
        return "zlib decompress error";

+    case PKCS7_NO_SIGNER_E:
+        return "No signer in PKCS#7 signed data";
+
    default:
        return "unknown error number";

--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@ -2132,7 +2132,9 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
    if (GetSet(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
        return ASN_PARSE_E;

-    if (length > 0) {
+    if (length == 0)
+        return PKCS7_NO_SIGNER_E;
+
    /* Get the sequence of the first signerInfo */
    if (GetSequence(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
        return ASN_PARSE_E;
@ -2212,7 +2214,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                                             hashBuf, hashSz);
    if (ret < 0)
        return ret;
-    }

    return 0;
 }
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@ -220,7 +220,9 @@ enum {
    ZLIB_COMPRESS_ERROR = -267,   /* zlib compression error  */
    ZLIB_DECOMPRESS_ERROR = -268,  /* zlib decompression error  */

-    WC_LAST_E           = -268,  /* Update this to indicate last error */
+    PKCS7_NO_SIGNER_E   = -269,  /* No signer in PKCS#7 signed data msg */
+
+    WC_LAST_E           = -269,  /* Update this to indicate last error */
    MIN_CODE_E          = -300   /* errors -101 - -299 */

    /* add new companion error id strings for any new error codes