mirror of https://github.com/wolfSSL/wolfssl
Merge pull request #1238 from cconlon/pkcs7cleanup
PKCS7 cleanup: remove dependencies on 3DES and SHA1
This commit is contained in:
commit
53ec80b291
|
@ -3790,8 +3790,6 @@ then
|
|||
ENABLED_X963KDF="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
|
||||
fi
|
||||
AS_IF([test "x$ENABLED_DES3" = "xno"],
|
||||
[ENABLED_DES3=yes])
|
||||
fi
|
||||
|
||||
if test "x$ENABLED_DES3" = "xno"
|
||||
|
|
|
@ -387,7 +387,7 @@ typedef struct ESD {
|
|||
enum wc_HashType hashType;
|
||||
byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */
|
||||
byte contentAttribsDigest[WC_MAX_DIGEST_SIZE];
|
||||
byte encContentDigest[512];
|
||||
byte encContentDigest[MAX_ENCRYPTED_KEY_SZ];
|
||||
|
||||
byte outerSeq[MAX_SEQ_SZ];
|
||||
byte outerContent[MAX_EXP_SZ];
|
||||
|
@ -3222,7 +3222,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
|||
int keySz;
|
||||
word32 encOID;
|
||||
word32 keyIdx;
|
||||
byte issuerHash[WC_SHA_DIGEST_SIZE];
|
||||
byte issuerHash[KEYID_SIZE];
|
||||
byte* outKey = NULL;
|
||||
|
||||
#ifdef WC_RSA_BLINDING
|
||||
|
@ -3250,7 +3250,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz,
|
|||
return ASN_PARSE_E;
|
||||
|
||||
/* if we found correct recipient, issuer hashes will match */
|
||||
if (XMEMCMP(issuerHash, pkcs7->issuerHash, WC_SHA_DIGEST_SIZE) == 0) {
|
||||
if (XMEMCMP(issuerHash, pkcs7->issuerHash, KEYID_SIZE) == 0) {
|
||||
*recipFound = 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -14092,8 +14092,10 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
|||
{
|
||||
/* key transport key encryption technique */
|
||||
#ifndef NO_RSA
|
||||
#ifndef NO_DES3
|
||||
{data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
|
||||
rsaPrivKey, rsaPrivKeySz, NULL, 0, "pkcs7envelopedDataDES3.der"},
|
||||
#endif
|
||||
|
||||
#ifndef NO_AES
|
||||
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
|
||||
|
@ -14553,7 +14555,11 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
|||
static byte senderNonceOid[] =
|
||||
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
|
||||
0x09, 0x05 };
|
||||
#ifndef NO_SHA
|
||||
static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
|
||||
#else
|
||||
static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
|
||||
#endif
|
||||
static byte messageType[] = { 0x13, 2, '1', '9' };
|
||||
static byte senderNonce[PKCS7_NONCE_SZ + 2];
|
||||
|
||||
|
@ -14697,15 +14703,21 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
|||
}
|
||||
}
|
||||
|
||||
/* generate trans ID */
|
||||
/* generate transactionID (used with SCEP) */
|
||||
{
|
||||
#ifndef NO_SHA
|
||||
wc_Sha sha;
|
||||
byte digest[WC_SHA_DIGEST_SIZE];
|
||||
#else
|
||||
wc_Sha256 sha;
|
||||
byte digest[WC_SHA256_DIGEST_SIZE];
|
||||
#endif
|
||||
int j,k;
|
||||
|
||||
transId[0] = 0x13;
|
||||
transId[1] = WC_SHA_DIGEST_SIZE * 2;
|
||||
transId[1] = sizeof(digest) * 2;
|
||||
|
||||
#ifndef NO_SHA
|
||||
ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
@ -14715,8 +14727,19 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
|
|||
wc_ShaUpdate(&sha, pkcs7.publicKey, pkcs7.publicKeySz);
|
||||
wc_ShaFinal(&sha, digest);
|
||||
wc_ShaFree(&sha);
|
||||
#else
|
||||
ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
return -7704;
|
||||
}
|
||||
wc_Sha256Update(&sha, pkcs7.publicKey, pkcs7.publicKeySz);
|
||||
wc_Sha256Final(&sha, digest);
|
||||
wc_Sha256Free(&sha);
|
||||
#endif
|
||||
|
||||
for (j = 0, k = 2; j < WC_SHA_DIGEST_SIZE; j++, k += 2) {
|
||||
for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
|
||||
XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue