Hi Beat,
I'm not sure that I am following the reasoning behind needing to reset "ret = 0" at that location in pkcs7.c. It is expected behavior that "ret" would be set to ASN_PARSE_E in the following section of code for your use case, since tag != ASN_OCTET_STRING:
/* get length of content in case of single part */
if (ret == 0 && !multiPart) {
if (tag != ASN_OCTET_STRING)
ret = ASN_PARSE_E;
if (ret == 0 && GetLength_ex(pkiMsg, &localIdx,
&length, pkiMsgSz, NO_USER_CHECK) < 0)
ret = ASN_PARSE_E;
}
Later on, we enter the "else" block like you mentioned above, where "detached" gets set to 1, "length" to 0, and "contentLen" to 0. The next time "ret" is checked is inside the "#ifndef NO_PKCS7_STREAM" section right below that, where:
/* content expected? */
if ((ret == 0 && length > 0) &&
!(pkiMsg2 && pkiMsg2Sz > 0 && hashBuf && hashSz > 0)) {
pkcs7->stream->expected = length + ASN_TAG_SZ + MAX_LENGTH_SZ;
}
Here, the value of "ret" won't matter since "length" has already been set to 0. Then, just a little below that, we reset the value of "ret" with the following call:
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &stateIdx, &idx)) != 0) {
break;
}
I re-ran your reproducer application against wolfSSL (current master), after making the following changes and verification passed successfully without the additional reset of "ret". Changes to main.c:
1. Removed setting "pkcs7.content" and "pkcs7.contentSz" explicitly. No longer needed for this use case after our previous modifications.
2. Switched wc_PKCS7_VerifySignedData() to "wc_PKCS7_VerifySignedData_ex(), passing in "shaSumOfBinary".
I have re-attached the reproducer bundle I am using here. Steps I am using to compile/test are:
$ git clone https://github.com/wolfSSL/wolfssl.git
$ cd wolfssl
$ ./autogen.sh
$ ./configure --enable-pkcs7
$ make
$ sudo make install
$ unzip signature_and_binary_v2.zip
$ cd signature_and_binary_v2
$ gcc main.c -lwolfssl
$ ./a.out -s 4dda5fe7-55d8-481a-b6eb-cf74b1b58d4d-d319ae60-1645-42b9-a9c0-eca4395587be.bin -b test.bin
calculated SHA256 of test.bin
56 d3 bb f1 e0 a9 27 b6 57 ba 90 ea 7d c0 ec e6
ba 60 22 39 f0 ac 00 ad 8b 87 96 af ad 20 d1 40
Sucessfully verified
Let me know if you think I'm still overlooking something, but this looks to be working as expected for this code path to me.
Thanks,
Chris
Post's attachmentssignature_and_binary_v2.zip 6.69 kb, file has never been downloaded.
You don't have the permssions to download the attachments of this post.