forked from wolfSSL/wolfssl
fix for build with NO_PKCS7_STREAM
This commit is contained in:
JacobBarthelmeh
@@ -12676,6 +12676,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
while (1) {
|
while (1) {
|
||||||
encryptedContentSz = 0;
|
encryptedContentSz = 0;
|
||||||
if (pkiMsgSz <= localIdx + MAX_OCTET_STR_SZ) {
|
if (pkiMsgSz <= localIdx + MAX_OCTET_STR_SZ) {
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
/* ran out of data to parse */
|
/* ran out of data to parse */
|
||||||
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
|
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
|
||||||
pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
|
pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
|
||||||
@@ -12683,6 +12684,9 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
}
|
}
|
||||||
pkiMsgSz = (pkcs7->stream->length > 0) ?
|
pkiMsgSz = (pkcs7->stream->length > 0) ?
|
||||||
pkcs7->stream->length : inSz;
|
pkcs7->stream->length : inSz;
|
||||||
|
#else
|
||||||
|
ret = BUFFER_E;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
localIdx = idx;
|
localIdx = idx;
|
||||||
@@ -12698,12 +12702,13 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
&encryptedContentSz, pkiMsgSz, 0) <= 0) {
|
&encryptedContentSz, pkiMsgSz, 0) <= 0) {
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
/* always try to get 2 extra bytes to catch indef ending */
|
/* always try to get 2 extra bytes to catch indef ending */
|
||||||
pkcs7->stream->expected = encryptedContentSz +
|
pkcs7->stream->expected = encryptedContentSz +
|
||||||
(localIdx - idx) + ASN_INDEF_END_SZ;
|
(localIdx - idx) + ASN_INDEF_END_SZ;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ret == 0 &&
|
if (ret == 0 &&
|
||||||
pkcs7->cachedEncryptedContentSz <
|
pkcs7->cachedEncryptedContentSz <
|
||||||
@@ -12724,6 +12729,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
/* sanity check that the buffer has all of the data */
|
/* sanity check that the buffer has all of the data */
|
||||||
if (ret == 0 && (localIdx + encryptedContentSz) >
|
if (ret == 0 && (localIdx + encryptedContentSz) >
|
||||||
pkiMsgSz) {
|
pkiMsgSz) {
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
word32 ofsetIdx = localIdx - idx;
|
word32 ofsetIdx = localIdx - idx;
|
||||||
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
|
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
|
||||||
pkcs7->stream->expected, &pkiMsg, &localIdx))
|
pkcs7->stream->expected, &pkiMsg, &localIdx))
|
||||||
@@ -12732,6 +12738,9 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
}
|
}
|
||||||
localIdx += ofsetIdx;
|
localIdx += ofsetIdx;
|
||||||
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
|
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
|
||||||
|
#else
|
||||||
|
ret = BUFFER_E;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Use callback for decryption still, if set */
|
/* Use callback for decryption still, if set */
|
||||||
@@ -12749,12 +12758,14 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
pkcs7->cachedEncryptedContent);
|
pkcs7->cachedEncryptedContent);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
|
if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
|
||||||
wc_PKCS7_StreamEndCase(pkcs7, &localIdx, &idx);
|
wc_PKCS7_StreamEndCase(pkcs7, &localIdx, &idx);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* advance idx past encrypted content */
|
/* advance idx past encrypted content */
|
||||||
localIdx += (word32)encryptedContentSz;
|
localIdx += (word32)encryptedContentSz;
|
||||||
@@ -12767,12 +12778,13 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
pkcs7->stream->expected = MAX_OCTET_STR_SZ;
|
pkcs7->stream->expected = MAX_OCTET_STR_SZ;
|
||||||
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &localIdx,
|
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &localIdx,
|
||||||
&localIdx)) != 0) {
|
&localIdx)) != 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* save last decrypted string to handle padding (this output
|
/* save last decrypted string to handle padding (this output
|
||||||
* flush happens outside of the while loop in the case that
|
* flush happens outside of the while loop in the case that
|
||||||
@@ -13592,6 +13604,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
/* check that the expected size was accurate */
|
/* check that the expected size was accurate */
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if (length > (int)pkcs7->stream->expected && length >
|
if (length > (int)pkcs7->stream->expected && length >
|
||||||
@@ -13603,6 +13616,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
|
if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
|
||||||
pkiMsgSz) < 0) {
|
pkiMsgSz) < 0) {
|
||||||
@@ -13832,24 +13846,19 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
|
||||||
if (encodedAttribSz > 0) {
|
if (encodedAttribSz > 0) {
|
||||||
pkcs7->stream->aadSz = encodedAttribSz;
|
encodedAttribs = (byte*)XMALLOC(encodedAttribSz,
|
||||||
pkcs7->stream->aad = (byte*)XMALLOC(encodedAttribSz,
|
|
||||||
pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
if (pkcs7->stream->aad == NULL) {
|
if (encodedAttribs == NULL) {
|
||||||
ret = MEMORY_E;
|
ret = MEMORY_E;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
else {
|
}
|
||||||
/* From RFC5083, "For the purpose of constructing the
|
|
||||||
* AAD, the IMPLICIT [1] tag in the authAttrs field is
|
#ifndef NO_PKCS7_STREAM
|
||||||
* not used for the DER encoding: rather a universal SET
|
if (encodedAttribSz > 0) {
|
||||||
* OF tag is used. */
|
pkcs7->stream->aadSz = encodedAttribSz;
|
||||||
(void)SetSet(length, pkcs7->stream->aad);
|
pkcs7->stream->aad = encodedAttribs;
|
||||||
/* ignoring the size returned, we know it is
|
|
||||||
* idx - encodedAttribIdx from parsing what's given */
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
|
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
|
||||||
@@ -13885,6 +13894,21 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
authAttrib = &pkiMsg[idx];
|
authAttrib = &pkiMsg[idx];
|
||||||
authAttribSz = length;
|
authAttribSz = length;
|
||||||
|
|
||||||
|
{
|
||||||
|
int ofst;
|
||||||
|
|
||||||
|
/* From RFC5083, "For the purpose of constructing the
|
||||||
|
* AAD, the IMPLICIT [1] tag in the authAttrs field is
|
||||||
|
* not used for the DER encoding: rather a universal SET
|
||||||
|
* OF tag is used. */
|
||||||
|
ofst = SetSet(length, encodedAttribs);
|
||||||
|
|
||||||
|
XMEMCPY(encodedAttribs + ofst, authAttrib, authAttribSz);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ignoring the size returned, we know it is
|
||||||
|
* idx - encodedAttribIdx from parsing what's given */
|
||||||
|
|
||||||
if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib,
|
if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib,
|
||||||
authAttribSz) < 0) {
|
authAttribSz) < 0) {
|
||||||
WOLFSSL_MSG("Error parsing authenticated attributes");
|
WOLFSSL_MSG("Error parsing authenticated attributes");
|
||||||
@@ -13936,7 +13960,8 @@ authenv_atrbend:
|
|||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* there might not be enough data for the auth tag too, check here */
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
/* there might not be enough data for the auth tag too */
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
if ((authTagSz + (localIdx - idx)) > pkcs7->stream->expected &&
|
if ((authTagSz + (localIdx - idx)) > pkcs7->stream->expected &&
|
||||||
(authTagSz + (localIdx - idx)) > pkiMsgSz) {
|
(authTagSz + (localIdx - idx)) > pkiMsgSz) {
|
||||||
@@ -13947,6 +13972,7 @@ authenv_atrbend:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
idx = localIdx;
|
idx = localIdx;
|
||||||
|
|
||||||
if (ret == 0 && authTagSz > (int)sizeof(authTag)) {
|
if (ret == 0 && authTagSz > (int)sizeof(authTag)) {
|
||||||
@@ -14055,6 +14081,14 @@ authenv_atrbend:
|
|||||||
encodedAttribs[0] = authAttribSetByte;
|
encodedAttribs[0] = authAttribSetByte;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (encodedAttribs != NULL) {
|
||||||
|
XFREE(encodedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
|
encodedAttribs = NULL;
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
pkcs7->stream->aad = NULL;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
/* copy plaintext to output */
|
/* copy plaintext to output */
|
||||||
XMEMCPY(output, encryptedContent, (word32)encryptedContentSz);
|
XMEMCPY(output, encryptedContent, (word32)encryptedContentSz);
|
||||||
|
|
||||||
@@ -14097,6 +14131,14 @@ authenv_atrbend:
|
|||||||
pkcs7->stream->bufferPt = NULL;
|
pkcs7->stream->bufferPt = NULL;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (encodedAttribs != NULL) {
|
||||||
|
XFREE(encodedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
|
encodedAttribs = NULL;
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
pkcs7->stream->aad = NULL;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
|||||||
Reference in New Issue
Block a user