From 90b28b5cef16baeff731505bc306af9254e607dc Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Fri, 1 Mar 2024 23:43:46 +0700
Subject: [PATCH] add test case for verify of stream signed PKCS7 bundle

---
 certs/renewcerts.sh        |   4 ++
 certs/test-stream-sign.p7b | Bin 0 -> 6228 bytes
 tests/api.c                |  76 ++++++++++++++++++++++++++++++++++++-
 3 files changed, 79 insertions(+), 1 deletion(-)
 create mode 100644 certs/test-stream-sign.p7b

diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index 5485656b6..d2482f510 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -854,6 +854,10 @@ run_renewcerts(){
     echo ""
     openssl crl2pkcs7 -nocrl -certfile ./client-cert.pem -out test-degenerate.p7b -outform DER
     check_result $? ""
+
+    openssl smime -sign -in ./ca-cert.pem -out test-stream-sign.p7b -signer ./ca-cert.pem -nodetach -nocerts -binary -outform DER -stream -inkey ./ca-key.pem
+    check_result $? ""
+
     echo "End of section"
     echo "---------------------------------------------------------------------"
 
diff --git a/certs/test-stream-sign.p7b b/certs/test-stream-sign.p7b
new file mode 100644
index 0000000000000000000000000000000000000000..05f6643c1b4679b77375ab3db0facb0d69e3a3c9
GIT binary patch
literal 6228
zcmXqLVB^$k^Jx3d%gD~OpuwPliILHe-+-5mGoj6cF_oExiIJ57SrOxc29*YuCIJTL
z)S{Biw9Mqhl2j`$1qB5Km&B4p2n)muOD!tS%+Iq@Fjmkos4&t5D*;Iarxs-<<|z1;
z<|d^UA=HDUjE${KOsotOtr9J)%#y7P46Ra=t<ub_%nYp3jI7KJtV|893=*wOlC4q<
ztqe`9(h{wblC4rLtxQZ1#%HGIC6<&Hr7Ae)q~{l9mSp5wDHLZU8kw4fXO?6H1v|Rt
zB^Ol|lw{`T!8Lgn7ni0MSt&Rx*eZku>nH?=DA+3a=I50p<|XPV_$b&aIOSKR<|gLp
zDEKSbDg-B%m*nS{WaudPhbq`AIOpdTm*$jY=B4W>IQuEsDwLO(>y_u{q!kzE=q2ap
z>L{e<CT8Y1rlb_578fhnDrDxR<vSoLfV(3sF()%6v!oI(016eq{1OGH)U^DfR4WCS
z)MN!iV+A84D?>{wBMSv110!Pvci#{U4UTCgsYMD_3c;xb3JMk|8q82M1eYddr6!jQ
zyx*Y?Q3xna%E?St@J_8%@XSlgM@=C}l1R~8RGf$<QbAz{!a>1~P(yXSQ!A|$G>i;P
zEEJM5OAu)iqzr_8^HWN5N{dnL1WACffq_+0nw3GaRdS-0Q3@#iB^g;6rdnB;SeY1E
znI>5!r&t+VSQ(~SnIPo@kWLs*GqN&Cu`)NcGBmJCGqg%FvobcdvP`o|NduW_o?>NS
zY-MR-m11m_n2g;GDXAbeW@c8Ysa8gbAVX3ttdb0@%u}q)QmqWktxQd<43a?RTUuZ@
z!N?Hg1`7kL<RmLYBP$~Vt5kEV<YX(8G^><UD-%<YQOTB8=0;ZL=GaXzHnK`h1UcB!
zz$z)p%FNQr)Cgpwfw7fQ8Yt_g8CzMJS|yu;oQIMyVc}qrWMyV#Wol++m}HfjW@Tn>
zWtL`@XaX|C#1N!6F$I**Et9NLjj_8S(bOv00Oau$aJgV^W@Tz%Wo!V7g+vRhR0}Hu
z3oD~!EAwQl)D#>hm|G<pS(ztVS%72B$kNI%85Hcv<{&Mg;wBm7k|YBViQN}Qps+Hr
zv@%Tw#d~rJD8!6RK|V@Kv9d4#MYO50m8FT5F^<?YP5}j@nK8)OmT6XordCO&px8G|
zu`&b)rlBRMq%%&oN=d@*3v)9o<3v#OC0T$RlWb{~YHF2iWR+rWm6B*>VgL%*6bmaO
zL#q@VZZJ0n#e#_uC`p4{n{1Vq3Mzurl0gP0CV_&;*v!f}4U{smhC>QC3z#Qc8JL2i
zGC9@CED@ADj4iAz%&ihFLCL@(8RRuH9BDE+$;!;a$~?`=+z^x?jgqX=Osx_Ptjvr-
z3{x|3x-zyhGP6oC!X6Gu;3Sk}Xl0scWoQoazOjXsr6njCq@`L}8e5rKfPx||)hZcB
ziZV2|G6AbMGy~<JL~~F!F*CO^FaRZQV?&VFjEt>JQgMbuY6_@+GBLF>OtDI`v@$TU
zO0fhPm6~h?iUJF(Bx5U+B&(zpPy)jmlE!9M=9U;Tt`!COd8v6NRtjdOrpD%=>eSG{
zz`zhud_|ZVSe6+pq*j!q=7B0*v;qt&4J%;5C2LA*9;o&PReBf}8kt*JxPts^XlP|_
zV&x1Dc|#W~V>c^T7b|09P`o%9TRECoxmZ|%#0{)mO|4ultXxb{%!1nMSXz<+s)#Eg
zWja2avr{WGQ>>_EKd88I$t?0q%uTh@ceV`;)(;M`h1Tl&KDN**UEkjpR-fzphuR`4
zbA4w&TeO;7AGsp8#aWGmEC%6Xa8m~qVxVS?qm`qDm6<cBS>x(#<pyrnxPgl=P_xF-
z%EZ~q1>CH0bF^}DwsHkGYp?~VQ(|#uGPu=IQk0mPS5j=HfT9d!wX>sDNKmLNia0br
zVCldyrzEu~FR>)EEL8y<Mwq6!_yt>~RwU*Y<fK9xGM)hn&}NL4p^>?sfu4b$AvQZ)
zK}j(sH3b~yp~Z>msaV_?;uEY8o|>c(oLW?tTBHC<C!kcBoCs>0=_tUYopUl%^GeX9
z!IlP-)7DckO0h~ywo0?KGByGg7fGpBDP~rdDWFQ+BFW0a43x*s%&m-!KxKug0jOY1
zMlOC0O+YEsFa=byrx}B4eG3baW>A4^2&zSlEv<}9K=~)p+{zMM<r^VarKyRas?P%4
zgiA`ZGBmVGGO{u;233F-DORQ_pi(o*2xNzuiItg|m4%U&g&|V02Wl;tSf!<aY7H|Z
zP$ifQw!|{U%E%JbP&P3Hc`Z5F$|x07>ZT-uswZ%Ofl`Ko0i@mq7q}M5pmu{XxVkb-
z1s8T^pmH!N&C1x)D%Ai~i<nt}%3p;3WU%E123DzNpxVj85L8{H7=l_oNl8|qs@TXX
zITciV8kvB?HQB@}5xLM!GzZlPW~QJz!YB>YUP`n82eKKcO_H2ym1Jm@Xl`X;2`YSy
z%s>HwQfQ|cgUkc9x{|GoO+eYn&;-;fGEcEGgj9zXRu)NCMy4SDn<rUW8h|QDg!@g*
zKsJ~ffix#2f+`2IR8XazmI{sqW2?jzt7J1!bzy2~m6l|cln83?AoLqsfSM&{X`p12
znhGim&5W#!%|MDwQ$aOOl8IHS5vX})Vg~X>s<Blfw2K4||0H9pBoiwGGmxET#-RGu
zEEN>(DJfQ<`a9XmzzEbDOEb4JGXb@7jLfYJkke0+3CL|GiB^Udpk|tB638RwCZNVn
ziUFv;H88QVNCQ>=pmtUwC?Zj+O|v9Wgc%rul8S*LsKI7o2r|Mr5!84{GO#i=1;wi|
zxc!ry2uffU$klF&8K?rYw6HR=05w@mEv?K`tt?GJab{*|m23`5bLL5)t{cd7a6Ou8
zhLnDjEI}==v{Wl&Q!ZT)aB_9`^iyzl4GQse^K^C$aRmwLa`}3Cy6RUsJ3DHpraP8<
zIyt6$hWZ)=CKkGvJDCSWrCa1V1vzI|1-S(jT9}0fmb(N-dU@wZd1jO)`#A=>`fxb~
zI+mwL1y(p$IeIyz`-M3<Mus@%goXG9IhMPmN4kUs270<UruZcpnHoffn`R)1d$>5J
zICCW#7vv;`yOsI|xt6<>gEe@&IA(-IMx+=d8Ce=6y10h;I=Q+#8iu+$mzR478d;Vm
z8;2FAxaX8cRk=oT`8q{{B^}Gl15%7rjD7M_%97lps*;V$OCyaeOMHVY$~{n=o$ch7
z;Z%^68&wwQky6HmqS(nK!X?DB$~VNb!new^(l;c#(%&r~BxdC6l3nia0vCgOn~NNO
zBYT?*r@vX6Sl#gW9og$#<oF%g>!7sY<eBB@=aimZn30|7Zdq>N<QVAc=IH3}>=<a_
z=<Dg}<ecv9>=@|kSXN%;?GqGS>5(7g9ByG?;$cu!$rTb28fcLeX_#lJ@0}LtA8BA#
zmFj4eRO(&k5n1eESn6aL=;P{@o)Hr1;^Ug>l2_%bpBfZl?3J9CTxnKZ7|2y>loRag
z=v!78;2&0z=I#@j6PaXglu}mU<m8l-XyBcz?VnTb;}V?g5f$j`R+?|-m|mRbZ<Lpx
zSLo;OoSn>7<eOGvkyja3>=o{u7Mhdn?`vr6m8xx-?hzJ}<5F%}nd_I7R}pS#P+<__
zQ;`=G;8$YgUtDRDmYkPUUXqr`73i)X>6ubd<!<0v5^7qd?Os-4S!kSZ6kwW_n&DCI
z7G+^t=;o5?QJCiLTN0k-ljvbt;ptpvnC~877?!D>#pPAvZJcE8mgr`gY?2$8rJZe<
zQKnz)8xkCt9`0<G;ulr!6zm(GoE1`#RT3H+no=4V66LI273uBc=TnwyV8oRQ$}fSA
zPWdLDPC+5g&W@q3pycZk7G&V><P_=Z=A7yuRpDk(UKyDZplwhUY3`qG<YZ88nwk~n
z>*)~+PK_SHzOL!X<>l$gxsLcW<VU(E7I?Zx_<FjB`UV!4I|oL(aD@d1y1SNpg@snR
z2KqXhfHRk~W4T92xMgXIyIW~w2twScyxb!&*U~I1+%O|4%QeW?(ZZbzoK@4yJwuJ$
zj8oh#%TnCaD_pA_gCO~&*w;DRuPiCg&oId&s30jfxx(GWF&rZ2>+52iV$79NX=<Eg
zRFRu(>{slQ>sOW(;+p2`WZ>=`T<9L`nPlt|=<4Md6d9NpZkn59;Do9+(le9`ZxQAg
z2@1>*C&$oo$8uLE{VK;~knJ8puC8t&jv?vkB{^KF?rtT??iD#;+ar@*)5;wk9YY*b
zzzTyyUEQ)AL!Hvoi=5J3-JAlGT^s`=J-y2#oty$gJsitD%el}CN~b_am-KX3Cr4*v
z3+)iE#Ilmal)(H__mJG=%yL7=lFEv}Jddc5s;bBgXQOP_WG?^Upu7T8FF!Bsg7EZ=
zTz%IhFP8#O!;}nj&%7x2MCbGreOLXklFVXXFTcFtyvo23A77uMh(v$K$RsllZC|dW
zEF(vcbf@s(Bnwj$zk+-pix5jk|D>SwprWAQq7tLfVpBgaFJsqyv$Tq+pujQ@v-FaR
z;xhl@#8j^o=g2&+a((}-4A*i4$Dlx$w4g|{O3&gPpS;q*D%Zq{(5zsyY$NkB{cQiN
zqU5Nu(6mxBv#hMFB+I1INFz@pvm6sot`dLG!l3-TtfC@+1E*5Utkhi76yxN)V#jQK
z<0xOpJSX#@vfzx2%J8ZngET+q0w+&P$4sMqQ-j>%M8`BwC$2(IR|Egj@ba(}SBsqF
z!t(Tzq>^0c^sw*<v#<iAJdcuyvSP=?6hG6V+)VwfP+Le<=j!L8fKkygfPrBX(*c7f
zraerIj0TNs4H~ByavN~6F^96S2{VNT8wwckfjAsI?9d(zOoW|>9omyI6g1!mso~<`
zfc0n$g$)EjLfkxDh>ne+gn<}HkeP=ct$$-EZy*aF59VYP6F~3cFo_tuNUg|WeDf{g
zQ$Zk?&qa}6dtSPr4HqwHd}1JhFoxNX8_r>8G?0OFI9Uz(#d(cP42%s74NXlg4J@Jz
z^bxWwhDt07XT(nKX|+7M$xGk!i4#MFLf`6eS$k9MKi~U1j#-42Y8zA{H1Hed7-Si6
z!-uXJwU9Yt$Q&jEE;bIxxHmJq0Uw;r#KgqVV8DySXLK-NXJggoV`gGU71sdy8e#+^
zBO@yVOA{l5+k+z>2TVCTWF*QWzPmE9^;}-^)PKUcPWQ9x+3#fwJ8XJk-^{%tqF{<m
z^1JKTrmb3cBu1|$LfCKC@r8}SJ3c(o*?cZD%tmg0lGeYTi>a&R^_Xl^13eG98R;xM
z_r<H`*N2kO-=C5irze?LTzfZ<jbX~`*=y6D`Tc!$rlEJ`6OE3YZ}Ke}S-FDjX63zD
zn#ITZpLLgdn?(n2;^A%5e=Ws7eYR5C$^YO`-Oqb>c(Zw{G^d^oe!fpD)b2`Z+UZ}B
z2Ww9TeBO9vXT!_Hg=d#kt-E(e;iBa?*S~MJScg8enOn0Z$87pku8_p4e<r<t*}+%;
a?#!QcKlFOYVOja^YU70D^K9UR%m4u5M7rPr

literal 0
HcmV?d00001

diff --git a/tests/api.c b/tests/api.c
index 6bf2cb801..7c768d4e0 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -26945,7 +26945,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         int             certSz;
         int             keySz;
 
-        ExpectTrue((fp = XOPEN("./certs/client-ecc-cert.der", "rb")) !=
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
             XBADFILE);
         ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0);
         if (fp != XBADFILE) {
@@ -27099,6 +27099,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
 
     wc_PKCS7_Free(pkcs7);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
+
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_PKCS7_EncodeSignedData */
@@ -28008,6 +28009,79 @@ static int test_wc_PKCS7_VerifySignedData_RSA(void)
 #endif /* !NO_PKCS7_STREAM */
 
 #endif /* !NO_RSA */
+#if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM) && \
+        !defined(NO_FILESYSTEM)
+    {
+        XFILE signedBundle = XBADFILE;
+        int   signedBundleSz = 0;
+        int   chunkSz = 1;
+        int   i, rc;
+        byte* buf = NULL;
+
+        ExpectTrue((signedBundle = XFOPEN("./certs/test-stream-sign.p7b",
+            "rb")) != XBADFILE);
+        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_END) == 0);
+        ExpectIntGT(signedBundleSz = (int)XFTELL(signedBundle), 0);
+        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_SET) == 0);
+        ExpectNotNull(buf = (byte*)XMALLOC(signedBundleSz, HEAP_HINT,
+            DYNAMIC_TYPE_FILE));
+        if (buf != NULL) {
+            ExpectIntEQ(XFREAD(buf, 1, signedBundleSz, signedBundle),
+                signedBundleSz);
+        }
+        if (signedBundle != XBADFILE) {
+            XFCLOSE(signedBundle);
+            signedBundle = XBADFILE;
+        }
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+        for (i = 0; i < signedBundleSz;) {
+            int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
+                chunkSz;
+            rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, sz);
+            if (rc < 0 ) {
+                if (rc == WC_PKCS7_WANT_READ_E) {
+                    i += sz;
+                    continue;
+                }
+                break;
+            }
+            else {
+                break;
+            }
+        }
+        ExpectIntEQ(rc, PKCS7_SIGNEEDS_CHECK);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+
+        /* now try with malformed bundle */
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+        buf[signedBundleSz - 2] = buf[signedBundleSz - 2] + 1;
+        for (i = 0; i < signedBundleSz;) {
+            int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
+                chunkSz;
+            rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, sz);
+            if (rc < 0 ) {
+                if (rc == WC_PKCS7_WANT_READ_E) {
+                    i += sz;
+                    continue;
+                }
+                break;
+            }
+            else {
+                break;
+            }
+        }
+        ExpectIntEQ(rc, ASN_PARSE_E);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        if (buf != NULL)
+            XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
+    }
+#endif /* BER and stream */
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_PKCS7_VerifySignedData()_RSA */