feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add content stream output callback for VerifySignedData function

Browse Source
This commit is contained in:
JacobBarthelmeh
2024-06-26 13:35:16 -06:00
parent 7698546531
commit b1b1c15b35
1 changed files with 67 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
wolfcrypt/src/pkcs7.c
View File

@@ -5276,7 +5276,16 @@ static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz,
/* got partial octet string data */ /* got partial octet string data */
/* accumulate partial octet string to buffer */ /* accumulate partial octet string to buffer */
if (keepContent) { if (keepContent) {
if (pkcs7->streamOutCb) {
ret = wc_HashUpdate(&pkcs7->stream->hashAlg,
pkcs7->stream->hashType,
msg + *idx, pkcs7->stream->expected);
if (ret != 0)
break;
pkcs7->streamOutCb(pkcs7, msg + *idx,
pkcs7->stream->expected, pkcs7->streamCtx);
}
else {
/* store current content buffer temporarily */ /* store current content buffer temporarily */
tempBuf = pkcs7->stream->content; tempBuf = pkcs7->stream->content;
pkcs7->stream->content = NULL; pkcs7->stream->content = NULL;
@@ -5291,8 +5300,10 @@ static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz,
if (pkcs7->stream->content == NULL) { if (pkcs7->stream->content == NULL) {
WOLFSSL_MSG("failed to grow content buffer."); WOLFSSL_MSG("failed to grow content buffer.");
if (tempBuf != NULL) {
XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
tempBuf = NULL; tempBuf = NULL;
}
ret = MEMORY_E; ret = MEMORY_E;
break; break;
} }
@@ -5303,10 +5314,13 @@ static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz,
} }
XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx, XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx,
pkcs7->stream->expected); pkcs7->stream->expected);
if (tempBuf != NULL) {
XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
tempBuf = NULL; tempBuf = NULL;
} }
} }
}
}
*idx += pkcs7->stream->expected; *idx += pkcs7->stream->expected;
pkcs7->stream->currContRmnSz -= pkcs7->stream->expected; pkcs7->stream->currContRmnSz -= pkcs7->stream->expected;
@@ -5924,6 +5938,14 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3); wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3);
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
/* setup hash struct for creating hash of content if needed */
if (pkcs7->streamOutCb) {
ret = wc_HashInit_ex(&pkcs7->stream->hashAlg,
pkcs7->stream->hashType, pkcs7->heap, pkcs7->devId);
if (ret != 0)
break;
}
/* free pkcs7->stream->content buffer */ /* free pkcs7->stream->content buffer */
XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
pkcs7->stream->content = NULL; pkcs7->stream->content = NULL;
@@ -6586,8 +6608,25 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
pkcs7->contentSz = (word32)contentSz; pkcs7->contentSz = (word32)contentSz;
if (ret == 0) { if (ret == 0) {
ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, (word32)sigSz, #ifndef NO_PKCS7_STREAM
signedAttrib, (word32)signedAttribSz, byte streamHash[WC_MAX_DIGEST_SIZE];
/* get final hash if having done hash updates while
* streaming out the content */
if (pkcs7->streamOutCb) {
ret = wc_HashFinal(&pkcs7->stream->hashAlg,
pkcs7->stream->hashType, streamHash);
hashBuf = streamHash;
hashSz = wc_HashGetDigestSize(pkcs7->stream->hashType);
wc_HashFree(&pkcs7->stream->hashAlg,
pkcs7->stream->hashType);
if (ret != 0)
break;
}
#endif
ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig,
(word32)sigSz, signedAttrib, (word32)signedAttribSz,
hashBuf, hashSz); hashBuf, hashSz);
} }
} }