wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 05:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

PKCS7/CMS build fixes when disabling AES

Browse Source
This commit is contained in:
Chris Conlon
2018-10-25 16:10:12 -06:00
committed by David Garske
parent 004b0d3793
commit 4d9375b862
2 changed files with 42 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
wolfcrypt/src/pkcs7.c
View File

@@ -6427,7 +6427,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
byte encryptedKey[MAX_ENCRYPTED_KEY_SZ]; byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
#endif #endif
int blockKeySz = 0, ret = 0; int blockKeySz = 0, ret = 0, direction;
word32 idx = 0; word32 idx = 0;
word32 totalSz = 0; word32 totalSz = 0;
word32 recipSeqSz = 0, verSz = 0; word32 recipSeqSz = 0, verSz = 0;
@@ -6474,9 +6474,15 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
encryptedKeySz = MAX_ENCRYPTED_KEY_SZ; encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
XMEMSET(encryptedKey, 0, encryptedKeySz); XMEMSET(encryptedKey, 0, encryptedKeySz);
#ifndef NO_AES
direction = AES_ENCRYPTION;
#else
direction = DES_ENCRYPTION;
#endif
encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz, encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz,
encryptedKey, encryptedKeySz, keyWrapOID, encryptedKey, encryptedKeySz, keyWrapOID,
AES_ENCRYPTION); direction);
if (encryptedKeySz <= 0) { if (encryptedKeySz <= 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -7877,7 +7883,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
word32* idx, byte* decryptedKey, word32* idx, byte* decryptedKey,
word32* decryptedKeySz, int* recipFound) word32* decryptedKeySz, int* recipFound)
{ {
int length, keySz, dateLen; int length, keySz, dateLen, direction;
byte* keyId = NULL; byte* keyId = NULL;
const byte* datePtr = NULL; const byte* datePtr = NULL;
byte dateFormat; byte dateFormat;
@@ -7951,10 +7957,16 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0) if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
#ifndef NO_AES
direction = AES_DECRYPTION;
#else
direction = DES_DECRYPTION;
#endif
/* decrypt CEK with KEK */ /* decrypt CEK with KEK */
keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, length, pkcs7->privateKey, keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, length, pkcs7->privateKey,
pkcs7->privateKeySz, decryptedKey, *decryptedKeySz, pkcs7->privateKeySz, decryptedKey, *decryptedKeySz,
keyWrapOID, AES_DECRYPTION); keyWrapOID, direction);
if (keySz <= 0) if (keySz <= 0)
return keySz; return keySz;
@@ -8970,6 +8982,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
word32 outputSz) word32 outputSz)
{ {
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
int ret, idx = 0; int ret, idx = 0;
int totalSz, encryptedOutSz; int totalSz, encryptedOutSz;
@@ -9402,6 +9415,15 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return idx; return idx;
#else
WOLFSSL_MSG("AuthEnvelopedData requires AES-GCM or AES-CCM to be enabled");
(void)pkcs7;
(void)output;
(void)outputSz;
return NOT_COMPILED_IN;
#endif /* HAVE_AESGCM | HAVE_AESCCM */
} }
@@ -9410,6 +9432,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
word32 inSz, byte* output, word32 inSz, byte* output,
word32 outputSz) word32 outputSz)
{ {
#if defined(HAVE_AESGCM) || defined(HAVE_AESCC)
int recipFound = 0; int recipFound = 0;
int ret = 0, length; int ret = 0, length;
word32 idx = 0; word32 idx = 0;
@@ -9949,7 +9972,19 @@ authenv_atrbend:
wc_PKCS7_ResetStream(pkcs7); wc_PKCS7_ResetStream(pkcs7);
} }
#endif #endif
return ret; return ret;
#else
WOLFSSL_MSG("AuthEnvelopedData requires AES-GCM or AES-CCM to be enabled");
(void)pkcs7;
(void)in;
(void)inSz;
(void)output;
(void)outputSz;
return NOT_COMPILED_IN;
#endif /* HAVE_AESGCM | HAVE_AESCCM */
} }

9
wolfcrypt/test/test.c
View File

@@ -19211,10 +19211,12 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif #endif
#endif #endif
#ifndef NO_AES
/* ori (OtherRecipientInfo) recipient types */ /* ori (OtherRecipientInfo) recipient types */
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der"}, NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der"},
#endif
}; };
testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector); testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector);
@@ -19435,20 +19437,15 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
pkcs7 = NULL; pkcs7 = NULL;
} }
#if !defined(HAVE_ECC) || defined(NO_AES)
(void)eccCert; (void)eccCert;
(void)eccCertSz; (void)eccCertSz;
(void)eccPrivKey; (void)eccPrivKey;
(void)eccPrivKeySz; (void)eccPrivKeySz;
(void)secretKey;
(void)secretKeyId;
#endif
#ifdef NO_RSA
(void)rsaCert; (void)rsaCert;
(void)rsaCertSz; (void)rsaCertSz;
(void)rsaPrivKey; (void)rsaPrivKey;
(void)rsaPrivKeySz; (void)rsaPrivKeySz;
#endif
return 0; return 0;
} }