forked from wolfSSL/wolfssl
add support for PKCS7_TEXT flag to PKCS7_verify()
This commit is contained in:
Chris Conlon
19
src/ssl.c
19
src/ssl.c
@@ -62257,6 +62257,8 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
||||
unsigned char* mem = NULL;
|
||||
int memSz = 0;
|
||||
WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
|
||||
static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
|
||||
int contTypeLen;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PKCS7_verify");
|
||||
|
||||
@@ -62287,8 +62289,21 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (out != NULL)
|
||||
wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz);
|
||||
if (flags & PKCS7_TEXT) {
|
||||
/* strip MIME header for text/plain, otherwise error */
|
||||
contTypeLen = XSTR_SIZEOF(contTypeText);
|
||||
if ((p7->pkcs7.contentSz < (word32)contTypeLen) ||
|
||||
(XMEMCMP(p7->pkcs7.content, contTypeText, contTypeLen) != 0)) {
|
||||
WOLFSSL_MSG("Error PKCS7 Content-Type not found with PKCS7_TEXT");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
p7->pkcs7.content += contTypeLen;
|
||||
p7->pkcs7.contentSz -= contTypeLen;
|
||||
}
|
||||
|
||||
if (out != NULL) {
|
||||
wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz);
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
22
tests/api.c
22
tests/api.c
@@ -46989,6 +46989,10 @@ static void test_wolfSSL_SMIME_read_PKCS7(void)
|
||||
PKCS7* pkcs7 = NULL;
|
||||
BIO* bio = NULL;
|
||||
BIO* bcont = NULL;
|
||||
BIO* out = NULL;
|
||||
const byte* outBuf = NULL;
|
||||
int outBufLen = 0;
|
||||
static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
|
||||
XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r");
|
||||
|
||||
printf(testingFmt, "wolfSSL_SMIME_read_PKCS7()");
|
||||
@@ -47026,6 +47030,24 @@ static void test_wolfSSL_SMIME_read_PKCS7(void)
|
||||
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
|
||||
AssertNotNull(pkcs7);
|
||||
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
|
||||
if (bcont) BIO_free(bcont);
|
||||
wolfSSL_PKCS7_free(pkcs7);
|
||||
|
||||
/* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */
|
||||
smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
|
||||
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
|
||||
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
|
||||
AssertNotNull(pkcs7);
|
||||
out = wolfSSL_BIO_new(BIO_s_mem());
|
||||
AssertNotNull(out);
|
||||
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out,
|
||||
PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS);
|
||||
AssertIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0);
|
||||
/* Content-Type should not show up in output buffer */
|
||||
AssertIntGT(outBufLen, XSTRLEN(contTypeText));
|
||||
AssertIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0);
|
||||
|
||||
BIO_free(out);
|
||||
BIO_free(bio);
|
||||
if (bcont) BIO_free(bcont);
|
||||
wolfSSL_PKCS7_free(pkcs7);
|
||||
|
||||
@@ -34,6 +34,7 @@
|
||||
|
||||
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
|
||||
|
||||
#define PKCS7_TEXT 0x1
|
||||
#define PKCS7_NOINTERN 0x0010
|
||||
#define PKCS7_NOVERIFY 0x0020
|
||||
|
||||
|
||||
Reference in New Issue
Block a user