wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

resolve kari decode without recipient certificate

Browse Source
This commit is contained in:
JacobBarthelmeh
2023-06-13 17:15:22 -06:00
parent f0354b4cbe
commit 7866a40d06
2 changed files with 44 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/api.c
View File

@@ -25658,7 +25658,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
} }
ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
BAD_FUNC_ARG); BUFFER_E);
if (pkcs7 != NULL) { if (pkcs7 != NULL) {
pkcs7->singleCertSz = tempWrd32; pkcs7->singleCertSz = tempWrd32;
@@ -25667,7 +25667,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
} }
ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
BAD_FUNC_ARG); ASN_PARSE_E);
if (pkcs7 != NULL) { if (pkcs7 != NULL) {
pkcs7->singleCert = tmpBytePtr; pkcs7->singleCert = tmpBytePtr;
} }

25
wolfcrypt/src/pkcs7.c
View File

@@ -5771,11 +5771,12 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
int ret; int ret;
word32 idx; word32 idx;
if (kari == NULL || kari->decoded == NULL || if (kari == NULL || kari->decoded == NULL) {
cert == NULL || certSz == 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
/* decode certificate */ /* decode certificate */
if (cert != NULL) {
InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap); InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap);
kari->decodedInit = 1; kari->decodedInit = 1;
ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0); ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0);
@@ -5793,7 +5794,7 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
WOLFSSL_MSG("Failed to read subject key ID from recipient cert"); WOLFSSL_MSG("Failed to read subject key ID from recipient cert");
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
}
ret = wc_ecc_init_ex(kari->recipKey, kari->heap, kari->devId); ret = wc_ecc_init_ex(kari->recipKey, kari->heap, kari->devId);
if (ret != 0) if (ret != 0)
return ret; return ret;
@@ -5802,6 +5803,10 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert,
/* get recip public key */ /* get recip public key */
if (kari->direction == WC_PKCS7_ENCODE) { if (kari->direction == WC_PKCS7_ENCODE) {
if (cert == NULL) {
WOLFSSL_MSG("Error recipient cert can not be null with encode");
return BAD_FUNC_ARG;
}
idx = 0; idx = 0;
ret = wc_EccPublicKeyDecode(kari->decoded->publicKey, &idx, ret = wc_EccPublicKeyDecode(kari->decoded->publicKey, &idx,
@@ -9270,9 +9275,16 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari,
} }
/* if we found correct recipient, issuer hashes will match */ /* if we found correct recipient, issuer hashes will match */
if (kari->decodedInit == 1) {
if (XMEMCMP(rid, kari->decoded->issuerHash, keyIdSize) == 0) { if (XMEMCMP(rid, kari->decoded->issuerHash, keyIdSize) == 0) {
*recipFound = 1; *recipFound = 1;
} }
}
else {
/* can not confirm recipient serial number with no cert provided */
WOLFSSL_MSG("No recipient cert loaded to match with CMS serial number");
*recipFound = 1;
}
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
serial = (mp_int*)XMALLOC(sizeof(mp_int), kari->heap, serial = (mp_int*)XMALLOC(sizeof(mp_int), kari->heap,
@@ -9308,7 +9320,8 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari,
return ret; return ret;
} }
if (mp_cmp(recipSerial, serial) != MP_EQ) { if (kari->decodedInit == 1 &&
mp_cmp(recipSerial, serial) != MP_EQ) {
mp_clear(serial); mp_clear(serial);
mp_clear(recipSerial); mp_clear(recipSerial);
WOLFSSL_MSG("CMS serial number does not match recipient"); WOLFSSL_MSG("CMS serial number does not match recipient");
@@ -9944,8 +9957,6 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
WOLFSSL_ENTER("wc_PKCS7_DecryptKari"); WOLFSSL_ENTER("wc_PKCS7_DecryptKari");
if (pkcs7 == NULL || pkiMsg == NULL || if (pkcs7 == NULL || pkiMsg == NULL ||
((pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) &&
pkcs7->wrapCEKCb == NULL) ||
idx == NULL || decryptedKey == NULL || decryptedKeySz == NULL) { idx == NULL || decryptedKey == NULL || decryptedKeySz == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -9986,7 +9997,6 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
encryptedKeySz = MAX_ENCRYPTED_KEY_SZ; encryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
/* parse cert and key */ /* parse cert and key */
if (pkcs7->singleCert != NULL) {
ret = wc_PKCS7_KariParseRecipCert(kari, (byte*)pkcs7->singleCert, ret = wc_PKCS7_KariParseRecipCert(kari, (byte*)pkcs7->singleCert,
pkcs7->singleCertSz, pkcs7->privateKey, pkcs7->singleCertSz, pkcs7->privateKey,
pkcs7->privateKeySz); pkcs7->privateKeySz);
@@ -9997,7 +10007,6 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
#endif #endif
return ret; return ret;
} }
}
/* remove OriginatorIdentifierOrKey */ /* remove OriginatorIdentifierOrKey */
ret = wc_PKCS7_KariGetOriginatorIdentifierOrKey(kari, pkiMsg, ret = wc_PKCS7_KariGetOriginatorIdentifierOrKey(kari, pkiMsg,