feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2265 from JacobBarthelmeh/Testing

Browse Source 
fix check on ret value and add test case
This commit is contained in:
Chris Conlon
2019-06-27 14:02:01 -06:00
committed by GitHub
parent 8bea016d69 e7fd45537d
commit f51a8fffde
3 changed files with 129 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
tests/api.c
View File

@@ -17245,7 +17245,7 @@ static void test_PKCS7_signed_enveloped(void)
AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0); AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
/* create signed enveloped data */ /* create bad signed enveloped data */
sigSz = FOURK_BUF * 2; sigSz = FOURK_BUF * 2;
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_InitRng(&rng), 0);
@@ -17266,11 +17266,32 @@ static void test_PKCS7_signed_enveloped(void)
AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */ pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
/* check verify fails */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
wc_PKCS7_Free(pkcs7);
/* create valid degenerate bundle */
sigSz = FOURK_BUF * 2;
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
pkcs7->content = env;
pkcs7->contentSz = envSz;
pkcs7->contentOID = DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
wc_FreeRng(&rng); wc_FreeRng(&rng);
wc_PKCS7_Free(pkcs7);
/* check verify */ /* check verify */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
AssertNotNull(pkcs7->content); AssertNotNull(pkcs7->content);

32
wolfcrypt/src/pkcs7.c
View File

@@ -1890,6 +1890,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
} }
signedDataOidSz = ret; signedDataOidSz = ret;
if (pkcs7->sidType != DEGENERATE_SID) {
esd->hashType = wc_OidGetHash(pkcs7->hashOID); esd->hashType = wc_OidGetHash(pkcs7->hashOID);
if (wc_HashGetDigestSize(esd->hashType) != (int)hashSz) { if (wc_HashGetDigestSize(esd->hashType) != (int)hashSz) {
WOLFSSL_MSG("hashSz did not match hashOID"); WOLFSSL_MSG("hashSz did not match hashOID");
@@ -1903,6 +1904,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
esd->contentDigest[0] = ASN_OCTET_STRING; esd->contentDigest[0] = ASN_OCTET_STRING;
esd->contentDigest[1] = (byte)hashSz; esd->contentDigest[1] = (byte)hashSz;
XMEMCPY(&esd->contentDigest[2], hashBuf, hashSz); XMEMCPY(&esd->contentDigest[2], hashBuf, hashSz);
}
if (pkcs7->detached == 1) { if (pkcs7->detached == 1) {
/* do not include content if generating detached signature */ /* do not include content if generating detached signature */
@@ -1943,6 +1945,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
/* version MUST be 3 */ /* version MUST be 3 */
esd->signerVersionSz = SetMyVersion(3, esd->signerVersion, 0); esd->signerVersionSz = SetMyVersion(3, esd->signerVersion, 0);
} else if (pkcs7->sidType == DEGENERATE_SID) {
/* no signer info added */
} else { } else {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1950,6 +1954,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
return SKID_E; return SKID_E;
} }
if (pkcs7->sidType != DEGENERATE_SID) {
signerInfoSz += esd->signerVersionSz; signerInfoSz += esd->signerVersionSz;
esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId, esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId,
oidHashType, 0); oidHashType, 0);
@@ -2022,6 +2027,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
esd->signerInfoSeqSz = SetSequence(signerInfoSz, esd->signerInfoSeq); esd->signerInfoSeqSz = SetSequence(signerInfoSz, esd->signerInfoSeq);
signerInfoSz += esd->signerInfoSeqSz; signerInfoSz += esd->signerInfoSeqSz;
}
esd->signerInfoSetSz = SetSet(signerInfoSz, esd->signerInfoSet); esd->signerInfoSetSz = SetSet(signerInfoSz, esd->signerInfoSet);
signerInfoSz += esd->signerInfoSetSz; signerInfoSz += esd->signerInfoSetSz;
@@ -2037,11 +2043,12 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
if (certSetSz > 0) if (certSetSz > 0)
esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet); esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet);
if (pkcs7->sidType != DEGENERATE_SID) {
esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId, esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId,
oidHashType, 0); oidHashType, 0);
}
esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet); esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet);
esd->versionSz = SetMyVersion(1, esd->version, 0); esd->versionSz = SetMyVersion(1, esd->version, 0);
totalSz = esd->versionSz + esd->singleDigAlgoIdSz + esd->digAlgoIdSetSz + totalSz = esd->versionSz + esd->singleDigAlgoIdSz + esd->digAlgoIdSetSz +
@@ -2162,6 +2169,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
idx += esd->issuerSKIDSz; idx += esd->issuerSKIDSz;
XMEMCPY(output2 + idx, pkcs7->issuerSubjKeyId, KEYID_SIZE); XMEMCPY(output2 + idx, pkcs7->issuerSubjKeyId, KEYID_SIZE);
idx += KEYID_SIZE; idx += KEYID_SIZE;
} else if (pkcs7->sidType == DEGENERATE_SID) {
/* no signer infos in degenerate case */
} else { } else {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3913,12 +3922,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
idx++; idx++;
if (GetLength(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0) if (GetLength(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
}
if (ret != 0) { if (ret != 0) {
break; break;
} }
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
if (content != NULL && pkcs7->stream->flagOne) { if (content != NULL && pkcs7->stream->flagOne && length > 0) {
stateIdx = idx; /* case where all data was read from in2 */ stateIdx = idx; /* case where all data was read from in2 */
} }
@@ -3931,6 +3941,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
} }
else { else {
pkcs7->stream->expected = MAX_SEQ_SZ; pkcs7->stream->expected = MAX_SEQ_SZ;
if (pkcs7->stream->expected > (pkcs7->stream->maxLen -
pkcs7->stream->totalRd) + pkcs7->stream->length) {
pkcs7->stream->expected = (pkcs7->stream->maxLen -
pkcs7->stream->totalRd) + pkcs7->stream->length;
}
} }
#endif #endif
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE4); wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE4);
@@ -4049,7 +4064,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
} }
} }
idx += length; idx += length;
}
if (!detached) { if (!detached) {
/* set content and size after init of PKCS7 structure */ /* set content and size after init of PKCS7 structure */
@@ -4290,6 +4304,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
if (ret < 0) { if (ret < 0) {
WOLFSSL_MSG("Failed to set public key OID from signature"); WOLFSSL_MSG("Failed to set public key OID from signature");
} }
else {
/* if previous return was positive then was success */
ret = 0;
}
} }
if (idx >= pkiMsg2Sz) if (idx >= pkiMsg2Sz)
@@ -6035,8 +6053,11 @@ static int wc_PKCS7_GenerateBlock(PKCS7* pkcs7, WC_RNG* rng, byte* out,
* IssuerAndSerialNumber unless set with this function or explicitly * IssuerAndSerialNumber unless set with this function or explicitly
* overriden via options when adding RecipientInfo type. * overriden via options when adding RecipientInfo type.
* *
* Using the type DEGENERATE_SID skips over signer information. In degenerate
* cases there are no signers.
*
* pkcs7 - pointer to initialized PKCS7 structure * pkcs7 - pointer to initialized PKCS7 structure
* type - either CMS_ISSUER_AND_SERIAL_NUMBER or CMS_SKID * type - either CMS_ISSUER_AND_SERIAL_NUMBER, CMS_SKID or DEGENERATE_SID
* *
* return 0 on success, negative upon error */ * return 0 on success, negative upon error */
int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type) int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type)
@@ -6045,7 +6066,8 @@ int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (type != CMS_ISSUER_AND_SERIAL_NUMBER && if (type != CMS_ISSUER_AND_SERIAL_NUMBER &&
type != CMS_SKID) { type != CMS_SKID &&
type != DEGENERATE_SID) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }

1
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -167,6 +167,7 @@ enum Cms_Options {
CMS_SKID = 1, CMS_SKID = 1,
CMS_ISSUER_AND_SERIAL_NUMBER = 2, CMS_ISSUER_AND_SERIAL_NUMBER = 2,
}; };
#define DEGENERATE_SID 3
/* CMS/PKCS#7 RecipientInfo types, RFC 5652, Section 6.2 */ /* CMS/PKCS#7 RecipientInfo types, RFC 5652, Section 6.2 */
enum Pkcs7_RecipientInfo_Types { enum Pkcs7_RecipientInfo_Types {