feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add support for PKCS7_TEXT flag to PKCS7_verify()

Browse Source
This commit is contained in:
Chris Conlon
2022-01-28 17:48:54 -07:00
parent 4ec49d2189
commit a7d5e6400d
3 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/ssl.c
View File

@@ -62257,6 +62257,8 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
unsigned char* mem = NULL; unsigned char* mem = NULL;
int memSz = 0; int memSz = 0;
WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
int contTypeLen;
WOLFSSL_ENTER("wolfSSL_PKCS7_verify"); WOLFSSL_ENTER("wolfSSL_PKCS7_verify");
@@ -62287,8 +62289,21 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (out != NULL) if (flags & PKCS7_TEXT) {
wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz); /* strip MIME header for text/plain, otherwise error */
contTypeLen = XSTR_SIZEOF(contTypeText);
if ((p7->pkcs7.contentSz < (word32)contTypeLen) ||
(XMEMCMP(p7->pkcs7.content, contTypeText, contTypeLen) != 0)) {
WOLFSSL_MSG("Error PKCS7 Content-Type not found with PKCS7_TEXT");
return WOLFSSL_FAILURE;
}
p7->pkcs7.content += contTypeLen;
p7->pkcs7.contentSz -= contTypeLen;
}
if (out != NULL) {
wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz);
}
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }

22
tests/api.c
View File

@@ -46989,6 +46989,10 @@ static void test_wolfSSL_SMIME_read_PKCS7(void)
PKCS7* pkcs7 = NULL; PKCS7* pkcs7 = NULL;
BIO* bio = NULL; BIO* bio = NULL;
BIO* bcont = NULL; BIO* bcont = NULL;
BIO* out = NULL;
const byte* outBuf = NULL;
int outBufLen = 0;
static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r"); XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r");
printf(testingFmt, "wolfSSL_SMIME_read_PKCS7()"); printf(testingFmt, "wolfSSL_SMIME_read_PKCS7()");
@@ -47026,6 +47030,24 @@ static void test_wolfSSL_SMIME_read_PKCS7(void)
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7); AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
/* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */
smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
out = wolfSSL_BIO_new(BIO_s_mem());
AssertNotNull(out);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out,
PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS);
AssertIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0);
/* Content-Type should not show up in output buffer */
AssertIntGT(outBufLen, XSTRLEN(contTypeText));
AssertIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0);
BIO_free(out);
BIO_free(bio); BIO_free(bio);
if (bcont) BIO_free(bcont); if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7); wolfSSL_PKCS7_free(pkcs7);

1
wolfssl/openssl/pkcs7.h
View File

@@ -34,6 +34,7 @@
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
#define PKCS7_TEXT 0x1
#define PKCS7_NOINTERN 0x0010 #define PKCS7_NOINTERN 0x0010
#define PKCS7_NOVERIFY 0x0020 #define PKCS7_NOVERIFY 0x0020