feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

asn to der macro gaurds and co-exist build fix

Browse Source
This commit is contained in:
JacobBarthelmeh
2025-02-28 15:42:24 -07:00
parent 6020bf2368
commit b781ac6c29
1 changed files with 59 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
wolfcrypt/src/pkcs7.c
View File

@ -5276,6 +5276,7 @@ static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz,
/* got partial octet string data */ /* got partial octet string data */
/* accumulate partial octet string to buffer */ /* accumulate partial octet string to buffer */
if (keepContent) { if (keepContent) {
#ifdef ASN_BER_TO_DER
if (pkcs7->streamOutCb) { if (pkcs7->streamOutCb) {
ret = wc_HashUpdate(&pkcs7->stream->hashAlg, ret = wc_HashUpdate(&pkcs7->stream->hashAlg,
pkcs7->stream->hashType, pkcs7->stream->hashType,
@ -5285,7 +5286,9 @@ static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz,
pkcs7->streamOutCb(pkcs7, msg + *idx, pkcs7->streamOutCb(pkcs7, msg + *idx,
pkcs7->stream->expected, pkcs7->streamCtx); pkcs7->stream->expected, pkcs7->streamCtx);
} }
else { else
#endif /* ASN_BER_TO_DER */
{
/* store current content buffer temporarily */ /* store current content buffer temporarily */
tempBuf = pkcs7->stream->content; tempBuf = pkcs7->stream->content;
pkcs7->stream->content = NULL; pkcs7->stream->content = NULL;
@ -5938,6 +5941,7 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3); wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3);
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
#ifdef ASN_BER_TO_DER
/* setup hash struct for creating hash of content if needed */ /* setup hash struct for creating hash of content if needed */
if (pkcs7->streamOutCb) { if (pkcs7->streamOutCb) {
ret = wc_HashInit_ex(&pkcs7->stream->hashAlg, ret = wc_HashInit_ex(&pkcs7->stream->hashAlg,
@ -5945,6 +5949,7 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
if (ret != 0) if (ret != 0)
break; break;
} }
#endif /* ASN_BER_TO_DER */
/* free pkcs7->stream->content buffer */ /* free pkcs7->stream->content buffer */
XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@ -6607,7 +6612,7 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
pkcs7->contentSz = (word32)contentSz; pkcs7->contentSz = (word32)contentSz;
if (ret == 0) { if (ret == 0) {
#ifndef NO_PKCS7_STREAM #if !defined(NO_PKCS7_STREAM) && defined(ASN_BER_TO_DER)
byte streamHash[WC_MAX_DIGEST_SIZE]; byte streamHash[WC_MAX_DIGEST_SIZE];
/* get final hash if having done hash updates while /* get final hash if having done hash updates while
@ -6623,7 +6628,7 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
if (ret != 0) if (ret != 0)
break; break;
} }
#endif #endif /* !NO_PKCS7_STREAM && ASN_BER_TO_DER */
ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig,
(word32)sigSz, signedAttrib, (word32)signedAttribSz, (word32)sigSz, signedAttrib, (word32)signedAttribSz,
hashBuf, hashSz); hashBuf, hashSz);
@ -8447,7 +8452,7 @@ static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key,
} }
static int wc_PKCS7_DecryptContentInit(PKCS7* pkcs7, int encryptOID, byte* key, static int wc_PKCS7_DecryptContentInit(wc_PKCS7* pkcs7, int encryptOID, byte* key,
int keySz, byte* iv, int ivSz, int devId, void* heap) int keySz, byte* iv, int ivSz, int devId, void* heap)
{ {
int ret; int ret;
@ -8592,13 +8597,17 @@ static int wc_PKCS7_DecryptContentInit(PKCS7* pkcs7, int encryptOID, byte* key,
/* Only does decryption of content using encryptOID algo and already set keys /* Only does decryption of content using encryptOID algo and already set keys
* returns 0 on success */ * returns 0 on success */
static int wc_PKCS7_DecryptContentEx(PKCS7* pkcs7, int encryptOID, static int wc_PKCS7_DecryptContentEx(wc_PKCS7* pkcs7, int encryptOID,
byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag,
word32 authTagSz, byte* in, int inSz, byte* out) word32 authTagSz, byte* in, int inSz, byte* out)
{ {
int ret; int ret;
if (in == NULL && pkcs7->getContentCb == NULL) { if (in == NULL
#ifdef ASN_BER_TO_DER
&& pkcs7->getContentCb == NULL
#endif
) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@ -8702,7 +8711,7 @@ static int wc_PKCS7_DecryptContentEx(PKCS7* pkcs7, int encryptOID,
/* clears up struct for algo used and free's memory */ /* clears up struct for algo used and free's memory */
static void wc_PKCS7_DecryptContentFree(PKCS7* pkcs7, int encryptOID, static void wc_PKCS7_DecryptContentFree(wc_PKCS7* pkcs7, int encryptOID,
void* heap) void* heap)
{ {
switch (encryptOID) { switch (encryptOID) {
@ -12366,8 +12375,13 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
if (pkiMsg == NULL || pkiMsgSz == 0) if (pkiMsg == NULL || pkiMsgSz == 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (pkcs7->streamOutCb == NULL && (output == NULL || outputSz == 0)) if ((output == NULL || outputSz == 0)
#ifdef ASN_BER_TO_DER
&& pkcs7->streamOutCb == NULL
#endif
) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
(void)tmpIv; /* help out static analysis */ (void)tmpIv; /* help out static analysis */
@ -12436,7 +12450,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
tmpIdx = idx; tmpIdx = idx;
pkcs7->stream->aadSz = decryptedKeySz; pkcs7->stream->aadSz = decryptedKeySz;
pkcs7->stream->expected = MAX_LENGTH_SZ + MAX_VERSION_SZ + ASN_TAG_SZ; pkcs7->stream->expected = MAX_LENGTH_SZ + MAX_VERSION_SZ +
ASN_TAG_SZ + MAX_LENGTH_SZ;
#endif #endif
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_3); wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_3);
FALL_THROUGH; FALL_THROUGH;
@ -12460,14 +12475,34 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
} }
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
if (length == 0) {
/* if indefinet length, assume worst case size
* - Content Type OID + tag/length
* - Algorithm ID structure (OID + parameters)
* - Version
*/
pkcs7->stream->expected = MAX_SEQ_SZ + /* outer sequence */
MAX_OID_SZ + /* content type OID */
MAX_ALGO_SZ + /* algorithm identifier */
MAX_VERSION_SZ + /* version */
ASN_TAG_SZ + /* tag */
MAX_LENGTH_SZ; /* length */
}
else {
pkcs7->stream->expected = length + ASN_TAG_SZ; /* revize size if known */
}
/* Did we get enough for the expected length? */ /* Did we get enough for the expected length? */
if (length > (int)pkcs7->stream->expected && if (pkcs7->stream->expected > pkiMsgSz) {
length > (int)pkiMsgSz) { localIdx = idx;
pkcs7->stream->expected = length + 1;
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected, if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
&pkiMsg, &idx)) != 0) { &pkiMsg, &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
if (pkcs7->stream->length > 0) {
idx = localIdx; /* acount for byte used with seq read */
}
} }
#endif #endif
@ -12719,21 +12754,24 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
} }
} }
pkcs7->stream->expected = MAX_OCTET_STR_SZ; pkcs7->stream->expected = MAX_OCTET_STR_SZ;
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &localIdx, &localIdx)) != 0) { if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &localIdx, &localIdx)) != 0) {
break; break;
} }
/* save last decrypted string to handle padding (this output /* save last decrypted string to handle padding (this output
* flush happens outside of the while loop in the case that * flush happens outside of the while loop in the case that
* the indef end was found) */ * the indef end was found) */
if (ret == 0) { if (ret == 0) {
#ifdef ASN_BER_TO_DER
if (pkcs7->streamOutCb) { if (pkcs7->streamOutCb) {
ret = pkcs7->streamOutCb(pkcs7, ret = pkcs7->streamOutCb(pkcs7,
pkcs7->cachedEncryptedContent, pkcs7->cachedEncryptedContent,
encryptedContentSz, pkcs7->streamCtx); encryptedContentSz, pkcs7->streamCtx);
} }
else { else
#endif /* ASN_BER_TO_DER */
{
//@TODO copy over into output buffer, we need an //@TODO copy over into output buffer, we need an
// index/offset into the buffer // index/offset into the buffer
} }
@ -12775,11 +12813,14 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
break; break;
} }
#ifdef ASN_BER_TO_DER
if (pkcs7->streamOutCb) { if (pkcs7->streamOutCb) {
ret = pkcs7->streamOutCb(pkcs7, encryptedContent, ret = pkcs7->streamOutCb(pkcs7, encryptedContent,
encryptedContentSz - padLen, pkcs7->streamCtx); encryptedContentSz - padLen, pkcs7->streamCtx);
} }
else { else
#endif /* ASN_BER_TO_DER */
{
if ((word32)(encryptedContentSz - padLen) > outputSz) { if ((word32)(encryptedContentSz - padLen) > outputSz) {
ret = BUFFER_E; ret = BUFFER_E;
break; break;