add content stream output callback for VerifySignedData function

2025-07-30 10:47:28 +02:00 · 2024-06-26 13:35:16 -06:00
parent 7698546531
commit b1b1c15b35
1 changed files with 67 additions and 28 deletions
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@ -5276,35 +5276,49 @@ static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz,
            /* got partial octet string data */
            /* accumulate partial octet string to buffer */
            if (keepContent) {
-
+                if (pkcs7->streamOutCb) {
-                /* store current content buffer temporarily */
+                    ret = wc_HashUpdate(&pkcs7->stream->hashAlg,
-                tempBuf = pkcs7->stream->content;
+                        pkcs7->stream->hashType,
-                pkcs7->stream->content = NULL;
+                        msg + *idx, pkcs7->stream->expected);
-
+                    if (ret != 0)
-                /* grow content buffer */
+                        break;
-                contBufSz = pkcs7->stream->accumContSz;
+                    pkcs7->streamOutCb(pkcs7, msg + *idx,
-                pkcs7->stream->accumContSz += pkcs7->stream->expected;
+                        pkcs7->stream->expected, pkcs7->streamCtx);
                pkcs7->stream->content =
                                (byte*)XMALLOC(pkcs7->stream->accumContSz,
                                            pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                if (pkcs7->stream->content == NULL) {
                    WOLFSSL_MSG("failed to grow content buffer.");
                    XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                    tempBuf = NULL;
                    ret = MEMORY_E;
                    break;
                }
                else {
-                    /* accumulate content */
+                    /* store current content buffer temporarily */
-                    if (tempBuf != NULL && contBufSz != 0) {
+                    tempBuf = pkcs7->stream->content;
-                        XMEMCPY(pkcs7->stream->content, tempBuf, contBufSz);
+                    pkcs7->stream->content = NULL;
                    /* grow content buffer */
                    contBufSz = pkcs7->stream->accumContSz;
                    pkcs7->stream->accumContSz += pkcs7->stream->expected;
                    pkcs7->stream->content =
                                    (byte*)XMALLOC(pkcs7->stream->accumContSz,
                                               pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                    if (pkcs7->stream->content == NULL) {
                        WOLFSSL_MSG("failed to grow content buffer.");
                            if (tempBuf != NULL) {
                        XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                        tempBuf = NULL;
                            }
                        ret = MEMORY_E;
                        break;
                    }
                    else {
                        /* accumulate content */
                        if (tempBuf != NULL && contBufSz != 0) {
                            XMEMCPY(pkcs7->stream->content, tempBuf, contBufSz);
                        }
                        XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx,
                                                       pkcs7->stream->expected);
                        if (tempBuf != NULL) {
                            XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                            tempBuf = NULL;
                        }
                    }
                    XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx,
                                                    pkcs7->stream->expected);
                    XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                    tempBuf = NULL;
                }
            }
@ -5924,6 +5938,14 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
            wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3);
        #ifndef NO_PKCS7_STREAM
            /* setup hash struct for creating hash of content if needed */
            if (pkcs7->streamOutCb) {
                ret = wc_HashInit_ex(&pkcs7->stream->hashAlg,
                    pkcs7->stream->hashType, pkcs7->heap, pkcs7->devId);
                if (ret != 0)
                    break;
            }
        /* free pkcs7->stream->content buffer */
        XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
        pkcs7->stream->content = NULL;
@ -6586,8 +6608,25 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
                pkcs7->contentSz = (word32)contentSz;
                if (ret == 0) {
-                    ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, (word32)sigSz,
+                #ifndef NO_PKCS7_STREAM
-                                                   signedAttrib, (word32)signedAttribSz,
+                    byte streamHash[WC_MAX_DIGEST_SIZE];
                    /* get final hash if having done hash updates while
                     * streaming out the content */
                    if (pkcs7->streamOutCb) {
                        ret = wc_HashFinal(&pkcs7->stream->hashAlg,
                            pkcs7->stream->hashType, streamHash);
                        hashBuf = streamHash;
                        hashSz  = wc_HashGetDigestSize(pkcs7->stream->hashType);
                        wc_HashFree(&pkcs7->stream->hashAlg,
                            pkcs7->stream->hashType);
                        if (ret != 0)
                            break;
                    }
                #endif
                    ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig,
                            (word32)sigSz, signedAttrib, (word32)signedAttribSz,
                                                   hashBuf, hashSz);
                }
            }