PKCS7: optionally compile out EncryptedData type with NO_PKCS7_ENCRYPTED_DATA

wolfcrypt/src/pkcs7.c

@@ -73,8 +73,11 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output)
                                                0x0D, 0x01, 0x07, 0x04 };
     const byte digestedData[]       = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
                                                0x0D, 0x01, 0x07, 0x05 };
+
+#ifndef NO_PKCS7_ENCRYPTED_DATA
     const byte encryptedData[]      = { 0x2A, 0x86, 0x48, 0x86, 0xF7,
                                                0x0D, 0x01, 0x07, 0x06 };
+#endif
 
     int idSz;
     int typeSz = 0, idx = 0;
@@ -112,10 +115,12 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output)
             typeName = digestedData;
             break;
 
+#ifndef NO_PKCS7_ENCRYPTED_DATA
         case ENCRYPTED_DATA:
             typeSz = sizeof(encryptedData);
             typeName = encryptedData;
             break;
+#endif
 
         default:
             WOLFSSL_MSG("Unknown PKCS#7 Type");
@@ -4153,6 +4158,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
 }
 
 
+#ifndef NO_PKCS7_ENCRYPTED_DATA
+
 /* build PKCS#7 encryptedData content type, return encrypted size */
 int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 {
@@ -4617,6 +4624,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
     return encryptedContentSz - padLen;
 }
 
+#endif /* NO_PKCS7_ENCRYPTED_DATA */
+
 #else  /* HAVE_PKCS7 */
 
 

wolfcrypt/test/test.c

@@ -293,7 +293,9 @@ int scrypt_test(void);
 #ifdef HAVE_PKCS7
     int pkcs7enveloped_test(void);
     int pkcs7signed_test(void);
-    int pkcs7encrypted_test(void);
+    #ifndef NO_PKCS7_ENCRYPTED_DATA
+        int pkcs7encrypted_test(void);
+    #endif
 #endif
 #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT)
 int cert_test(void);
@@ -838,10 +840,12 @@ int wolfcrypt_test(void* args)
     else
         printf( "PKCS7signed    test passed!\n");
 
-    if ( (ret = pkcs7encrypted_test()) != 0)
+    #ifndef NO_PKCS7_ENCRYPTED_DATA
-        return err_sys("PKCS7encrypted test failed!\n", ret);
+        if ( (ret = pkcs7encrypted_test()) != 0)
-    else
+            return err_sys("PKCS7encrypted test failed!\n", ret);
-        printf( "PKCS7encrypted test passed!\n");
+        else
+            printf( "PKCS7encrypted test passed!\n");
+    #endif
 #endif
 
 #ifdef HAVE_VALGRIND
@@ -14299,6 +14303,8 @@ int pkcs7enveloped_test(void)
 }
 
 
+#ifndef NO_PKCS7_ENCRYPTED_DATA
+
 typedef struct {
     const byte*  content;
     word32       contentSz;
@@ -14500,6 +14506,8 @@ int pkcs7encrypted_test(void)
     return ret;
 }
 
+#endif /* NO_PKCS7_ENCRYPTED_DATA */
+
 
 typedef struct {
     const byte*  content;

wolfssl/wolfcrypt/pkcs7.h

@@ -133,6 +133,7 @@ typedef struct PKCS7 {
 WOLFSSL_API int  wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
 WOLFSSL_API int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
 WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
+
 WOLFSSL_API int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
                                        word32 outputSz);
 WOLFSSL_API int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
@@ -144,11 +145,15 @@ WOLFSSL_API int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
 WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
+
+#ifndef NO_PKCS7_ENCRYPTED_DATA
 WOLFSSL_API int  wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
                                           byte* output, word32 outputSz);
 WOLFSSL_API int  wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
+#endif /* NO_PKCS7_ENCRYPTED_DATA */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif