From 2477574a69a4e23812a6283e578032fb99169b0d Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 2 Dec 2021 11:26:26 -0800
Subject: [PATCH] Fix for PKCS7 verify to handle pkcs7-data content type OID
 with indef BER encoding. ZD13208

---
 wolfcrypt/src/asn.c   |  2 +-
 wolfcrypt/src/pkcs7.c | 26 +++++++++++++++++---------
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index f407966c7..49d3f32de 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -3297,7 +3297,7 @@ static int GetBerHeader(const byte* data, word32* idx, word32 maxIdx,
     tag = data[i++];
 
     /* Indefinite length handled specially */
-    if (data[i] == 0x80) {
+    if (data[i] == ASN_INDEF_LENGTH) {
         /* Check valid tag for indefinite */
         if (((tag & 0xc0) == 0) && ((tag & ASN_CONSTRUCTED) == 0x00)) {
             return ASN_PARSE_E;
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 61d076db0..6d6c7b031 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -4436,7 +4436,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                         NO_USER_CHECK) < 0)
                 ret = ASN_PARSE_E;
 
-            if (ret == 0 && length == 0 && pkiMsg[idx-1] == 0x80) {
+            if (ret == 0 && length == 0 && pkiMsg[idx-1] == ASN_INDEF_LENGTH) {
         #ifdef ASN_BER_TO_DER
                 word32 len = 0;
 
@@ -4512,7 +4512,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
             /* Skip the set. */
             idx += length;
-            degenerate = (length == 0)? 1 : 0;
+            degenerate = (length == 0) ? 1 : 0;
             if (pkcs7->noDegenerate == 1 && degenerate == 1) {
                 ret = PKCS7_NO_SIGNER_E;
             }
@@ -4559,15 +4559,23 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
 
             /* Get the inner ContentInfo contentType */
             if (ret == 0) {
+                int isIndef = 0;
                 word32 tmpIdx = idx;
-
-                if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) != 0)
+                if (length == 0 && pkiMsg[idx-1] == ASN_INDEF_LENGTH) {
+                    isIndef = 1;
+                }
+                if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) == 0) {
+                    contentType = pkiMsg + tmpIdx;
+                    contentTypeSz = length + (idx - tmpIdx);
+                    idx += length;
+                }
+                else {
                     ret = ASN_PARSE_E;
-
-                contentType = pkiMsg + tmpIdx;
-                contentTypeSz = length + (idx - tmpIdx);
-
-                idx += length;
+                }
+                /* if indef, skip EOF */
+                if (isIndef && pkiMsg[idx] == ASN_EOC && pkiMsg[idx+1] == 0) {
+                    idx += 2; /* skip EOF + zero byte */
+                }
             }
 
             if (ret != 0)