fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData for multiPart bundles with certs

2025-07-30 10:47:28 +02:00 · 2021-03-03 16:19:58 -07:00
parent 8c3b5c3402
commit 2be80acdd3
1 changed files with 21 additions and 3 deletions
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@ -4917,16 +4917,27 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                    der = pkcs7->der;
                    pkcs7->der = NULL;
        #endif
                    contentDynamic = pkcs7->contentDynamic;
                    version = pkcs7->version;
                    if (ret == 0) {
                        byte isDynamic = pkcs7->isDynamic;
                    #ifndef NO_PKCS7_STREAM
                        PKCS7State* stream = pkcs7->stream;
                        pkcs7->stream = NULL;
                    #endif
                        /* Save dynamic content before freeing PKCS7 struct */
                        if (pkcs7->contentDynamic != NULL) {
                            contentDynamic = (byte*)XMALLOC(contentSz,
                                               pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                            if (contentDynamic == NULL) {
                                ret = MEMORY_E;
                                break;
                            }
                            XMEMCPY(contentDynamic, pkcs7->contentDynamic,
                                    contentSz);
                        }
                        /* Free pkcs7 resources but not the structure itself */
                        pkcs7->isDynamic = 0;
                        wc_PKCS7_Free(pkcs7);
@ -4934,11 +4945,18 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                        /* This will reset PKCS7 structure and then set the
                         * certificate */
                        ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
                        /* Restore pkcs7->contentDynamic from above, will be
                         * freed by application with wc_PKCS7_Free() */
                        if (contentDynamic != NULL) {
                            pkcs7->contentDynamic = contentDynamic;
                            contentDynamic = NULL;
                        }
                    #ifndef NO_PKCS7_STREAM
                        pkcs7->stream = stream;
                    #endif
                    }
                    pkcs7->contentDynamic = contentDynamic;
                    pkcs7->version = version;
        #ifdef ASN_BER_TO_DER
                    pkcs7->der = der;