wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

parse ASN1 only with SMIME_read_PKCS7

Browse Source
This commit is contained in:
JacobBarthelmeh
2023-06-12 16:39:00 -06:00
parent f2809c5a24
commit f0354b4cbe
2 changed files with 43 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/ssl.c
View File

@@ -37036,19 +37036,14 @@ PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len)
return wolfSSL_d2i_PKCS7_ex(p7, in, len, NULL, 0); return wolfSSL_d2i_PKCS7_ex(p7, in, len, NULL, 0);
} }
/***************************************************************************** /* This internal function is only decoding and setting up the PKCS7 struct. It
* wolfSSL_d2i_PKCS7_ex - Converts the given unsigned char buffer of size len * does not verify the PKCS7 signature.
* into a PKCS7 object. Optionally, accepts a byte buffer of content which
* is stored as the PKCS7 object's content, to support detached signatures.
* @param content The content which is signed, in case the signature is
* detached. Ignored if NULL.
* @param contentSz The size of the passed in content.
* *
* RETURNS: * RETURNS:
* returns pointer to a PKCS7 structure on success, otherwise returns NULL * returns pointer to a PKCS7 structure on success, otherwise returns NULL
*/ */
PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len, static PKCS7* wolfSSL_d2i_PKCS7_only(PKCS7** p7, const unsigned char** in,
byte* content, word32 contentSz) int len, byte* content, word32 contentSz)
{ {
WOLFSSL_PKCS7* pkcs7 = NULL; WOLFSSL_PKCS7* pkcs7 = NULL;
@@ -37072,12 +37067,6 @@ PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len,
pkcs7->pkcs7.content = content; pkcs7->pkcs7.content = content;
pkcs7->pkcs7.contentSz = contentSz; pkcs7->pkcs7.contentSz = contentSz;
} }
if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len)
!= 0) {
WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed");
wolfSSL_PKCS7_free((PKCS7*)pkcs7);
return NULL;
}
if (p7 != NULL) if (p7 != NULL)
*p7 = (PKCS7*)pkcs7; *p7 = (PKCS7*)pkcs7;
@@ -37085,6 +37074,43 @@ PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len,
return (PKCS7*)pkcs7; return (PKCS7*)pkcs7;
} }
/*****************************************************************************
* wolfSSL_d2i_PKCS7_ex - Converts the given unsigned char buffer of size len
* into a PKCS7 object. Optionally, accepts a byte buffer of content which
* is stored as the PKCS7 object's content, to support detached signatures.
* @param content The content which is signed, in case the signature is
* detached. Ignored if NULL.
* @param contentSz The size of the passed in content.
*
* RETURNS:
* returns pointer to a PKCS7 structure on success, otherwise returns NULL
*/
PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len,
byte* content, word32 contentSz)
{
WOLFSSL_PKCS7* pkcs7 = NULL;
WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_ex");
if (in == NULL || *in == NULL || len < 0)
return NULL;
pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_d2i_PKCS7_only(p7, in, len, content,
contentSz);
if (pkcs7 != NULL) {
if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len)
!= 0) {
WOLFSSL_MSG("wc_PKCS7_VerifySignedData failed");
wolfSSL_PKCS7_free((PKCS7*)pkcs7);
return NULL;
}
}
return (PKCS7*)pkcs7;
}
/** /**
* This API was added as a helper function for libest. It * This API was added as a helper function for libest. It
* extracts a stack of certificates from the pkcs7 object. * extracts a stack of certificates from the pkcs7 object.
@@ -38256,7 +38282,7 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
WOLFSSL_MSG("Error base64 decoding S/MIME message."); WOLFSSL_MSG("Error base64 decoding S/MIME message.");
goto error; goto error;
} }
pkcs7 = wolfSSL_d2i_PKCS7_ex(NULL, (const unsigned char**)&out, outLen, pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out, outLen,
bcontMem, bcontMemSz); bcontMem, bcontMemSz);
wc_MIME_free_hdrs(allHdrs); wc_MIME_free_hdrs(allHdrs);

2
tests/api.c
View File

@@ -48860,7 +48860,7 @@ static int test_wolfSSL_SMIME_read_PKCS7(void)
smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r"); smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
ExpectNull(pkcs7); ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */
ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
PKCS7_NOVERIFY), SSL_FAILURE); PKCS7_NOVERIFY), SSL_FAILURE);
XFCLOSE(smimeTestFile); XFCLOSE(smimeTestFile);