feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

handle degenerate case with PKCS7

Browse Source
This commit is contained in:
Jacob Barthelmeh
2018-01-04 09:45:43 -07:00
parent 3f53e8d1dd
commit bc7b1a8a1f
1 changed files with 33 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
wolfcrypt/src/pkcs7.c
View File

@ -1569,6 +1569,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
byte* cert = NULL; byte* cert = NULL;
byte* signedAttrib = NULL; byte* signedAttrib = NULL;
int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0; int contentSz = 0, sigSz = 0, certSz = 0, signedAttribSz = 0;
byte degenerate;
if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0) if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@ -1614,6 +1615,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
/* Skip the set. */ /* Skip the set. */
idx += length; idx += length;
degenerate = (length == 0)? 1 : 0;
/* Get the inner ContentInfo sequence */ /* Get the inner ContentInfo sequence */
if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0)
@ -1628,24 +1630,41 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
return PKCS7_OID_E; return PKCS7_OID_E;
} }
if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) /* Check for content info, it could be omitted when degenerate */
return ASN_PARSE_E; {
word32 localIdx = idx;
ret = 0;
if (pkiMsg[localIdx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
ret = ASN_PARSE_E;
if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) <= 0) if (ret == 0 && GetLength(pkiMsg, &localIdx, &length, pkiMsgSz) <= 0)
return ASN_PARSE_E; ret = ASN_PARSE_E;
if (pkiMsg[idx++] != ASN_OCTET_STRING) if (ret == 0 && pkiMsg[localIdx++] != ASN_OCTET_STRING)
return ASN_PARSE_E; ret = ASN_PARSE_E;
if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) if (ret == 0 && GetLength(pkiMsg, &localIdx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E; ret = ASN_PARSE_E;
/* Save the inner data as the content. */ /* Save the inner data as the content. */
if (length > 0) { if (length > 0) {
/* Local pointer for calculating hashes later */ /* Local pointer for calculating hashes later */
pkcs7->content = content = &pkiMsg[idx]; pkcs7->content = content = &pkiMsg[localIdx];
pkcs7->contentSz = contentSz = length; pkcs7->contentSz = contentSz = length;
idx += length; localIdx += length;
}
/* update idx if successful */
if (ret == 0) {
idx = localIdx;
}
}
/* If getting the content info failed with non degenerate then return the
* error case. Otherwise with a degenerate it is ok if the content
* info was omitted */
if (!degenerate && ret != 0) {
return ret;
} }
/* Get the implicit[0] set of certificates */ /* Get the implicit[0] set of certificates */