From e5d1e3ae1019cbaaa58ed644716fbd34c8637ec4 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 13 Dec 2016 09:52:25 -0700 Subject: [PATCH] PKCS#7: only output test bundles when PKCS7_OUTPUT_TEST_BUNDLES is defined --- wolfcrypt/src/pkcs7.c | 14 +++++++------- wolfcrypt/test/test.c | 32 +++++++++++++++++++++++++++----- 2 files changed, 34 insertions(+), 12 deletions(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 0e534a5a8..bd459e330 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1052,19 +1052,19 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) /* KARI == KeyAgreeRecipientInfo (key agreement) */ typedef struct WC_PKCS7_KARI { DecodedCert* decoded; /* decoded recip cert */ + void* heap; /* user heap, points to PKCS7->heap */ ecc_key* recipKey; /* recip key (pub | priv) */ ecc_key* senderKey; /* sender key (pub | priv) */ byte* senderKeyExport; /* sender ephemeral key DER */ - word32 senderKeyExportSz; /* size of sender ephemeral key DER */ byte* kek; /* key encryption key */ - word32 kekSz; /* size of key encryption key */ byte* ukm; /* OPTIONAL user keying material */ - word32 ukmSz; /* size of user keying material */ - byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte* sharedInfo; /* ECC-CMS-SharedInfo ASN.1 encoded blob */ + word32 senderKeyExportSz; /* size of sender ephemeral key DER */ + word32 kekSz; /* size of key encryption key */ + word32 ukmSz; /* size of user keying material */ word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ + byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ - void* heap; /* user heap, points to PKCS7->heap */ } WC_PKCS7_KARI; @@ -2468,7 +2468,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, word32 encOID; word32 keyIdx; byte issuerHash[SHA_DIGEST_SIZE]; - byte* outKey; + byte* outKey = NULL; #ifdef WC_RSA_BLINDING WC_RNG rng; @@ -2605,7 +2605,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (keySz <= 0) { + if (keySz <= 0 || outKey == NULL) { ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ); return keySz; } else { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5278f90a7..4270976a5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -9052,6 +9052,15 @@ int compress_test(void) #ifdef HAVE_PKCS7 +/* External Debugging/Testing Note: + * + * PKCS#7 test functions can output generated PKCS#7/CMS bundles for + * additional testing. To dump bundles to files DER encoded files, please + * define: + * + * #define PKCS7_OUTPUT_TEST_BUNDLES + */ + typedef struct { const byte* content; word32 contentSz; @@ -9080,7 +9089,9 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, byte enveloped[2048]; byte decoded[2048]; PKCS7 pkcs7; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES FILE* pkcs7File; +#endif const byte data[] = { /* Hello World */ 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, @@ -9179,6 +9190,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, if (XMEMCMP(decoded, data, sizeof(data)) != 0) return -212; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); if (!pkcs7File) @@ -9186,6 +9198,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File); fclose(pkcs7File); +#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ wc_PKCS7_Free(&pkcs7); } @@ -9294,10 +9307,10 @@ int pkcs7enveloped_test(void) fclose(keyFile); #endif /* HAVE_ECC */ - ret = pkcs7enveloped_run_vectors(rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, - eccCert, eccCertSz, - eccPrivKey, eccPrivKeySz); + ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz, + rsaPrivKey, (word32)rsaPrivKeySz, + eccCert, (word32)eccCertSz, + eccPrivKey, (word32)eccPrivKeySz); if (ret != 0) { XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -9330,12 +9343,15 @@ typedef struct { int pkcs7encrypted_test(void) { - int ret, i, testSz; + int ret = 0; + int i, testSz; int encryptedSz, decodedSz, attribIdx; PKCS7 pkcs7; byte encrypted[2048]; byte decoded[2048]; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES FILE* pkcs7File; +#endif PKCS7Attrib* expectedAttrib; PKCS7DecodedAttrib* decodedAttrib; @@ -9488,6 +9504,7 @@ int pkcs7encrypted_test(void) } } +#ifdef PKCS7_OUTPUT_TEST_BUNDLES /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); if (!pkcs7File) @@ -9495,6 +9512,7 @@ int pkcs7encrypted_test(void) ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File); fclose(pkcs7File); +#endif wc_PKCS7_Free(&pkcs7); } @@ -9646,6 +9664,7 @@ int pkcs7signed_test(void) else outSz = ret; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES /* write PKCS#7 to output file for more testing */ file = fopen("./pkcs7signedData.der", "wb"); if (!file) { @@ -9664,6 +9683,7 @@ int pkcs7signed_test(void) wc_PKCS7_Free(&msg); return -218; } +#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ wc_PKCS7_Free(&msg); wc_PKCS7_InitWithCert(&msg, NULL, 0); @@ -9685,6 +9705,7 @@ int pkcs7signed_test(void) return -215; } +#ifdef PKCS7_OUTPUT_TEST_BUNDLES file = fopen("./pkcs7cert.der", "wb"); if (!file) { XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -9695,6 +9716,7 @@ int pkcs7signed_test(void) } ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file); fclose(file); +#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);