use SetContentType() to set SignedData content type

2025-08-04 21:24:43 +02:00 · 2018-08-22 10:31:51 -06:00
parent ce1381dc9a
commit 56f1b68442
1 changed files with 23 additions and 14 deletions
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1064,11 +1064,6 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
    const byte* hashBuf, word32 hashSz, byte* output, word32* outputSz,
    byte* output2, word32* output2Sz)
 {
    /* id-signedData (1.2.840.113549.1.7.2) */
    static const byte outerOid[] =
        { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
                         0x07, 0x02 };
    /* contentType OID (1.2.840.113549.1.9.3) */
    const byte contentTypeOid[] =
            { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01,
@@ -1085,8 +1080,9 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
    int digEncAlgoId, digEncAlgoType;
    byte* flatSignedAttribs = NULL;
    word32 flatSignedAttribsSz = 0;
-    word32 innerOidSz = sizeof(innerOid);
+
-    word32 outerOidSz = sizeof(outerOid);
+    byte signedDataOid[MAX_OID_SZ];
    word32 signedDataOidSz;
    if (pkcs7 == NULL || pkcs7->contentSz == 0 ||
        pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 ||
@@ -1116,12 +1112,25 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
        ret = wc_SetContentType(pkcs7->contentOID, pkcs7->contentType,
                                sizeof(pkcs7->contentType));
-        if (ret < 0)
+        if (ret < 0) {
 #ifdef WOLFSSL_SMALL_STACK
        XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
            return ret;
-
+        }
        pkcs7->contentTypeSz = ret;
    }
    /* set signedData outer content type */
    ret = wc_SetContentType(SIGNED_DATA, signedDataOid, sizeof(signedDataOid));
    if (ret < 0) {
 #ifdef WOLFSSL_SMALL_STACK
        XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
        return ret;
    }
    signedDataOidSz = ret;
    esd->hashType = wc_OidGetHash(pkcs7->hashOID);
    if (wc_HashGetDigestSize(esd->hashType) != (int)hashSz) {
        WOLFSSL_MSG("hashSz did not match hashOID");
@@ -1238,14 +1247,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
    esd->versionSz = SetMyVersion(1, esd->version, 0);
    totalSz = esd->versionSz + esd->singleDigAlgoIdSz + esd->digAlgoIdSetSz +
-              esd->contentInfoSeqSz + innerOidSz + esd->innerContSeqSz +
+              esd->contentInfoSeqSz + pkcs7->contentTypeSz +
-              esd->innerOctetsSz + pkcs7->contentSz;
+              esd->innerContSeqSz + esd->innerOctetsSz + pkcs7->contentSz;
    total2Sz = esd->certsSetSz + pkcs7->singleCertSz + signerInfoSz;
    esd->innerSeqSz = SetSequence(totalSz + total2Sz, esd->innerSeq);
    totalSz += esd->innerSeqSz;
    esd->outerContentSz = SetExplicit(0, totalSz + total2Sz, esd->outerContent);
-    totalSz += esd->outerContentSz + outerOidSz;
+    totalSz += esd->outerContentSz + signedDataOidSz;
    esd->outerSeqSz = SetSequence(totalSz + total2Sz, esd->outerSeq);
    totalSz += esd->outerSeqSz;
@@ -1268,8 +1277,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
    idx = 0;
    XMEMCPY(output + idx, esd->outerSeq, esd->outerSeqSz);
    idx += esd->outerSeqSz;
-    XMEMCPY(output + idx, outerOid, outerOidSz);
+    XMEMCPY(output + idx, signedDataOid, signedDataOidSz);
-    idx += outerOidSz;
+    idx += signedDataOidSz;
    XMEMCPY(output + idx, esd->outerContent, esd->outerContentSz);
    idx += esd->outerContentSz;
    XMEMCPY(output + idx, esd->innerSeq, esd->innerSeqSz);