wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 21:24:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

PKCS7/CMS build fixes when disabling AES

Browse Source
This commit is contained in:
Chris Conlon
2018-10-25 16:10:12 -06:00
committed by David Garske
parent 004b0d3793
commit 4d9375b862
2 changed files with 42 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
wolfcrypt/src/pkcs7.c
View File

@@ -6427,7 +6427,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
byte encryptedKey[MAX_ENCRYPTED_KEY_SZ];
#endif
int blockKeySz = 0, ret = 0;
int blockKeySz = 0, ret = 0, direction;
word32 idx = 0;
word32 totalSz = 0;
word32 recipSeqSz = 0, verSz = 0;
@@ -6474,9 +6474,15 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
XMEMSET(encryptedKey, 0, encryptedKeySz);
#ifndef NO_AES
direction = AES_ENCRYPTION;
#else
direction = DES_ENCRYPTION;
#endif
encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz,
encryptedKey, encryptedKeySz, keyWrapOID,
AES_ENCRYPTION);
direction);
if (encryptedKeySz <= 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -7877,7 +7883,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
word32* idx, byte* decryptedKey,
word32* decryptedKeySz, int* recipFound)
{
int length, keySz, dateLen;
int length, keySz, dateLen, direction;
byte* keyId = NULL;
const byte* datePtr = NULL;
byte dateFormat;
@@ -7951,10 +7957,16 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
if (GetLength(pkiMsg, idx, &length, pkiMsgSz) < 0)
return ASN_PARSE_E;
#ifndef NO_AES
direction = AES_DECRYPTION;
#else
direction = DES_DECRYPTION;
#endif
/* decrypt CEK with KEK */
keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, length, pkcs7->privateKey,
pkcs7->privateKeySz, decryptedKey, *decryptedKeySz,
keyWrapOID, AES_DECRYPTION);
keyWrapOID, direction);
if (keySz <= 0)
return keySz;
@@ -8970,6 +8982,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
word32 outputSz)
{
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
int ret, idx = 0;
int totalSz, encryptedOutSz;
@@ -9402,6 +9415,15 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return idx;
#else
WOLFSSL_MSG("AuthEnvelopedData requires AES-GCM or AES-CCM to be enabled");
(void)pkcs7;
(void)output;
(void)outputSz;
return NOT_COMPILED_IN;
#endif /* HAVE_AESGCM | HAVE_AESCCM */
}
@@ -9410,6 +9432,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
word32 inSz, byte* output,
word32 outputSz)
{
#if defined(HAVE_AESGCM) || defined(HAVE_AESCC)
int recipFound = 0;
int ret = 0, length;
word32 idx = 0;
@@ -9949,7 +9972,19 @@ authenv_atrbend:
wc_PKCS7_ResetStream(pkcs7);
}
#endif
return ret;
#else
WOLFSSL_MSG("AuthEnvelopedData requires AES-GCM or AES-CCM to be enabled");
(void)pkcs7;
(void)in;
(void)inSz;
(void)output;
(void)outputSz;
return NOT_COMPILED_IN;
#endif /* HAVE_AESGCM | HAVE_AESCCM */
}

9
wolfcrypt/test/test.c
View File

@@ -19211,10 +19211,12 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif
#endif
#ifndef NO_AES
/* ori (OtherRecipientInfo) recipient types */
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der"},
#endif
};
testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector);
@@ -19435,20 +19437,15 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
pkcs7 = NULL;
}
#if !defined(HAVE_ECC) || defined(NO_AES)
(void)eccCert;
(void)eccCertSz;
(void)eccPrivKey;
(void)eccPrivKeySz;
(void)secretKey;
(void)secretKeyId;
#endif
#ifdef NO_RSA
(void)rsaCert;
(void)rsaCertSz;
(void)rsaPrivKey;
(void)rsaPrivKeySz;
#endif
return 0;
}