eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pkcs7: do not store content type OID

Browse source 
Since only one content type (signed data) is supported, storing the
content type just wastes memory.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
This commit is contained in:
Demi Marie Obenour 2022-11-28 00:20:42 -05:00 committed by Dave Rodgman
parent 512818b1d2
commit aaf3c0028d
2 changed files with 28 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/mbedtls/pkcs7.h
View file

@ -165,7 +165,6 @@ mbedtls_pkcs7_signed_data;
*/ */
typedef struct mbedtls_pkcs7 { typedef struct mbedtls_pkcs7 {
mbedtls_pkcs7_buf MBEDTLS_PRIVATE(raw); mbedtls_pkcs7_buf MBEDTLS_PRIVATE(raw);
mbedtls_pkcs7_buf MBEDTLS_PRIVATE(content_type_oid);
mbedtls_pkcs7_signed_data MBEDTLS_PRIVATE(signed_data); mbedtls_pkcs7_signed_data MBEDTLS_PRIVATE(signed_data);
} }
mbedtls_pkcs7; mbedtls_pkcs7;

55
library/pkcs7.c
View file

@ -556,7 +556,6 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf,
unsigned char *end, *end_content_info; unsigned char *end, *end_content_info;
size_t len = 0; size_t len = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int isoidset = 0;
if (pkcs7 == NULL) { if (pkcs7 == NULL) {
return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA;
@ -572,34 +571,42 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf,
pkcs7->raw.len = buflen; pkcs7->raw.len = buflen;
end = p + buflen; end = p + buflen;
ret = pkcs7_get_content_info_type(&p, end, &end_content_info, ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED
&pkcs7->content_type_oid); | MBEDTLS_ASN1_SEQUENCE);
if (ret != 0) { if (ret != 0) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret);
goto out;
}
if ((size_t) (end - p) != len) {
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
goto out;
}
if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) {
if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
goto out;
}
p = pkcs7->raw.p;
len = buflen; len = buflen;
goto try_data; goto try_data;
} }
/* Ensure PKCS7 data uses the exact number of bytes specified in buflen */ if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_DATA, p, len)) {
if (end_content_info != end) { if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DATA, p, len)
ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, p, len)
|| !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENVELOPED_DATA, p, len)
|| !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, p, len)
|| !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DIGESTED_DATA, p, len)) {
ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
} else {
ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA;
}
goto out; goto out;
} }
if (!MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &pkcs7->content_type_oid) p += len;
|| !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_ENVELOPED_DATA, &pkcs7->content_type_oid)
|| !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, &pkcs7->content_type_oid)
|| !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DIGESTED_DATA, &pkcs7->content_type_oid)
|| !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid)) {
ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
goto out;
}
if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_SIGNED_DATA, &pkcs7->content_type_oid)) {
ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA;
goto out;
}
isoidset = 1;
ret = pkcs7_get_next_content_len(&p, end, &len); ret = pkcs7_get_next_content_len(&p, end, &len);
if (ret != 0) { if (ret != 0) {
@ -618,12 +625,6 @@ try_data:
goto out; goto out;
} }
if (!isoidset) {
pkcs7->content_type_oid.tag = MBEDTLS_ASN1_OID;
pkcs7->content_type_oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS7_SIGNED_DATA);
pkcs7->content_type_oid.p = (unsigned char *) MBEDTLS_OID_PKCS7_SIGNED_DATA;
}
ret = MBEDTLS_PKCS7_SIGNED_DATA; ret = MBEDTLS_PKCS7_SIGNED_DATA;
out: out: