mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 07:30:50 +02:00
366000eec2
Server-side PKCS#7 encode improvements that let downstream EST/SCEP enrollment code (wolfCert) drive the existing encoder through the public API rather than hand-rolling DER. Everything is gated under the existing HAVE_PKCS7 — no new build options and no new public functions; the convenience wrappers live caller-side. Allow degenerate (certs-only) SignedData encode Relax the hashOID != 0 requirement in PKCS7_EncodeSigned() when sidType == DEGENERATE_SID, so a caller can produce a certs-only bundle (no signer, attributes, or eContent — the form used by EST /cacerts and SCEP GetCACert) by selecting DEGENERATE_SID via wc_PKCS7_SetSignerIdentifierType() and calling wc_PKCS7_EncodeSignedData(). The output round-trips through wc_PKCS7_VerifySignedData(). Size the signed-attribute array to the actual count The SignerInfo attribute working array is now sized to the real attribute count instead of a fixed [7] array. An inline buffer (sized MAX_SIGNED_ATTRIBS_SZ, the historical footprint) covers the common allocation-free case; a heap buffer is used only when the count exceeds it. The default-attribute count comes from a single helper (wc_PKCS7_GetDefaultSignedAttribCount) so the sizing matches the emission logic exactly, and the canned-attribute write is bound-checked against the array capacity. This also fixes a latent overflow where the backing array was hardcoded [7] while the bound check used MAX_SIGNED_ATTRIBS_SZ. The macro is retained for source compatibility but no longer caps the count. Document the decoded-attribute value shape Documented the stable shape of PKCS7DecodedAttrib.value (the contents of the SET OF AttributeValue, outer SET tag stripped) so callers can rely on it. No behavior change. Fix multi-certificate decode in non-streaming builds Bound the additional-certificate loop in wc_PKCS7_VerifySignedData against the absolute end of the certificate set (idx + length) rather than the relative length. In NO_PKCS7_STREAM builds the old bound dropped trailing certificates (all but the first when a large eContent preceded the set), failing verification when the signer cert was among those dropped. Streaming builds were unaffected. Tests Added coverage in pkcs7signed_test: degenerate certs-only encode via the public API, nine-attribute encode (beyond the inline capacity), decoded attribute value shape for PrintableString and OCTET STRING, and a multi-certificate decode regression with large content that triggers the bound bug under NO_PKCS7_STREAM. Added a signed-attribute selection round-trip covering a messageDigest-only subset and the no-attributes case via wc_PKCS7_SetDefaultSignedAttribs/wc_PKCS7_NoDefaultSignedAttribs, a WOLFSSL_NO_MALLOC over-capacity case that must return BUFFER_E instead of overrunning the inline buffer, and a malformed certificate-set length that exercises the certSetEnd clamp in the verifier. Config-sensitive cases are guarded.