wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Return error when attempting to verify signed data without signers

Browse Source
This commit is contained in:
Sean Parkinson
2018-10-18 13:44:13 +10:00
parent f7eb8bf080
commit 67bb558025
3 changed files with 84 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
wolfcrypt/src/error.c
View File

@ -497,6 +497,9 @@ const char* wc_GetErrorString(int error)
case ZLIB_DECOMPRESS_ERROR: case ZLIB_DECOMPRESS_ERROR:
return "zlib decompress error"; return "zlib decompress error";
case PKCS7_NO_SIGNER_E:
return "No signer in PKCS#7 signed data";
default: default:
return "unknown error number"; return "unknown error number";

155
wolfcrypt/src/pkcs7.c
View File

@ -2132,88 +2132,89 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
if (GetSet(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0) if (GetSet(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (length > 0) { if (length == 0)
/* Get the sequence of the first signerInfo */ return PKCS7_NO_SIGNER_E;
if (GetSequence(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
return ASN_PARSE_E;
/* Get the version */ /* Get the sequence of the first signerInfo */
if (GetMyVersion(pkiMsg2, &idx, &version, pkiMsg2Sz) < 0) if (GetSequence(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (version != 1) { /* Get the version */
WOLFSSL_MSG("PKCS#7 signerInfo needs to be of version 1"); if (GetMyVersion(pkiMsg2, &idx, &version, pkiMsg2Sz) < 0)
return ASN_VERSION_E; return ASN_PARSE_E;
}
/* Get the sequence of IssuerAndSerialNumber */ if (version != 1) {
if (GetSequence(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0) WOLFSSL_MSG("PKCS#7 signerInfo needs to be of version 1");
return ASN_PARSE_E; return ASN_VERSION_E;
/* Skip it */
idx += length;
/* Get the sequence of digestAlgorithm */
if (GetAlgoId(pkiMsg2, &idx, &hashOID, oidHashType, pkiMsg2Sz) < 0) {
return ASN_PARSE_E;
}
pkcs7->hashOID = (int)hashOID;
/* Get the IMPLICIT[0] SET OF signedAttributes */
if (pkiMsg2[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
idx++;
if (GetLength(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
return ASN_PARSE_E;
/* save pointer and length */
signedAttrib = &pkiMsg2[idx];
signedAttribSz = length;
if (wc_PKCS7_ParseAttribs(pkcs7, signedAttrib, signedAttribSz) <0) {
WOLFSSL_MSG("Error parsing signed attributes");
return ASN_PARSE_E;
}
idx += length;
}
/* Get digestEncryptionAlgorithm */
if (GetAlgoId(pkiMsg2, &idx, &sigOID, oidSigType, pkiMsg2Sz) < 0) {
return ASN_PARSE_E;
}
/* store public key type based on digestEncryptionAlgorithm */
ret = wc_PKCS7_SetPublicKeyOID(pkcs7, sigOID);
if (ret <= 0) {
WOLFSSL_MSG("Failed to set public key OID from signature");
return ret;
}
/* Get the signature */
if (pkiMsg2[idx] == ASN_OCTET_STRING) {
idx++;
if (GetLength(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
return ASN_PARSE_E;
/* save pointer and length */
sig = &pkiMsg2[idx];
sigSz = length;
idx += length;
}
pkcs7->content = content;
pkcs7->contentSz = contentSz;
ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, sigSz,
signedAttrib, signedAttribSz,
hashBuf, hashSz);
if (ret < 0)
return ret;
} }
/* Get the sequence of IssuerAndSerialNumber */
if (GetSequence(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
return ASN_PARSE_E;
/* Skip it */
idx += length;
/* Get the sequence of digestAlgorithm */
if (GetAlgoId(pkiMsg2, &idx, &hashOID, oidHashType, pkiMsg2Sz) < 0) {
return ASN_PARSE_E;
}
pkcs7->hashOID = (int)hashOID;
/* Get the IMPLICIT[0] SET OF signedAttributes */
if (pkiMsg2[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) {
idx++;
if (GetLength(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
return ASN_PARSE_E;
/* save pointer and length */
signedAttrib = &pkiMsg2[idx];
signedAttribSz = length;
if (wc_PKCS7_ParseAttribs(pkcs7, signedAttrib, signedAttribSz) <0) {
WOLFSSL_MSG("Error parsing signed attributes");
return ASN_PARSE_E;
}
idx += length;
}
/* Get digestEncryptionAlgorithm */
if (GetAlgoId(pkiMsg2, &idx, &sigOID, oidSigType, pkiMsg2Sz) < 0) {
return ASN_PARSE_E;
}
/* store public key type based on digestEncryptionAlgorithm */
ret = wc_PKCS7_SetPublicKeyOID(pkcs7, sigOID);
if (ret <= 0) {
WOLFSSL_MSG("Failed to set public key OID from signature");
return ret;
}
/* Get the signature */
if (pkiMsg2[idx] == ASN_OCTET_STRING) {
idx++;
if (GetLength(pkiMsg2, &idx, &length, pkiMsg2Sz) < 0)
return ASN_PARSE_E;
/* save pointer and length */
sig = &pkiMsg2[idx];
sigSz = length;
idx += length;
}
pkcs7->content = content;
pkcs7->contentSz = contentSz;
ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, sigSz,
signedAttrib, signedAttribSz,
hashBuf, hashSz);
if (ret < 0)
return ret;
return 0; return 0;
} }

4
wolfssl/wolfcrypt/error-crypt.h
View File

@ -220,7 +220,9 @@ enum {
ZLIB_COMPRESS_ERROR = -267, /* zlib compression error */ ZLIB_COMPRESS_ERROR = -267, /* zlib compression error */
ZLIB_DECOMPRESS_ERROR = -268, /* zlib decompression error */ ZLIB_DECOMPRESS_ERROR = -268, /* zlib decompression error */
WC_LAST_E = -268, /* Update this to indicate last error */ PKCS7_NO_SIGNER_E = -269, /* No signer in PKCS#7 signed data msg */
WC_LAST_E = -269, /* Update this to indicate last error */
MIN_CODE_E = -300 /* errors -101 - -299 */ MIN_CODE_E = -300 /* errors -101 - -299 */
/* add new companion error id strings for any new error codes /* add new companion error id strings for any new error codes