pkcs7: Respond to feeback on parsing logic

After recieving review on the pkcs7 parsing functions, attempt to use better API's, increase consisitency and use better documentation. The changes are in response to the following comments: - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1] - make lack of support for authenticatedAttributes more clear [2] - increment pointer in pkcs7_get_content_info_type rather than after [3] - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4] [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877 [4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103 Signed-off-by: Nick Child <nick.child@ibm.com>
2022-10-28 12:28:54 -05:00 · 2022-10-28 12:28:54 -05:00 · bb82ab764f
commit bb82ab764f
parent 73621ef0f0
2 changed files with 17 additions and 13 deletions
--- a/include/mbedtls/pkcs7.h
+++ b/include/mbedtls/pkcs7.h
@ -38,6 +38,9 @@
 *  - The RFC specifies the Signed Data type can contain
 *    certificate-revocation lists (crls). This implementation has no support
 *    for crls so it is assumed to be an empty list.
+ *  - The RFC allows for SignerInfo structure to optionally contain
+ *    unauthenticatedAttributes and authenticatedAttributes. In Mbed TLS it is
+ *    assumed these fields are empty.
 */

 #ifndef MBEDTLS_PKCS7_H