Browse Source

Merge pull request #1651 from dgarske/pkcs7_dynamic

Added PKCS7 dynamic allocation support
toddouska 6 years ago
parent
commit
f809a6a17b
4 changed files with 374 additions and 280 deletions
  1. 68 42
      tests/api.c
  2. 183 154
      wolfcrypt/src/pkcs7.c
  3. 112 82
      wolfcrypt/test/test.c
  4. 11 2
      wolfssl/wolfcrypt/pkcs7.h

+ 68 - 42
tests/api.c

@@ -3263,7 +3263,7 @@ static void test_wolfSSL_mcast(void)
  |  Wolfcrypt
  *----------------------------------------------------------------------------*/
 
-/* 
+/*
  * Unit test for the wc_InitBlake2b()
  */
 static int test_wc_InitBlake2b (void)
@@ -7609,7 +7609,7 @@ static int test_wc_Des3_SetKey (void)
     return ret;
 
 } /* END test_wc_Des3_SetKey */
- 
+
 
 /*
  * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
@@ -7856,7 +7856,7 @@ static int test_wc_Chacha_SetKey (void)
 static int test_wc_Poly1305SetKey(void)
 {
     int ret = 0;
-    
+
 #ifdef HAVE_POLY1305
     Poly1305      ctx;
     const byte  key[] =
@@ -7868,8 +7868,8 @@ static int test_wc_Poly1305SetKey(void)
     };
 
     printf(testingFmt, "wc_Poly1305_SetKey()");
-    
-    ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); 
+
+    ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
     /* Test bad args. */
     if (ret == 0) {
         ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
@@ -7887,7 +7887,7 @@ static int test_wc_Poly1305SetKey(void)
     }
 
     printf(resultFmt, ret == 0 ? passed : failed);
-    
+
 #endif
     return ret;
 } /* END test_wc_Poly1305_SetKey() */
@@ -10112,7 +10112,7 @@ static int test_wc_RsaKeyToDer (void)
  *  Testing wc_RsaKeyToPublicDer()
  */
 static int test_wc_RsaKeyToPublicDer (void)
-{ 
+{
     int         ret = 0;
 #if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\
      (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
@@ -14185,6 +14185,25 @@ static int test_wc_ecc_is_valid_idx (void)
 } /* END test_wc_ecc_is_valid_idx */
 
 
+/*
+ * Testing wc_PKCS7_New()
+ */
+static void test_wc_PKCS7_New (void)
+{
+#if defined(HAVE_PKCS7)
+    PKCS7*      pkcs7;
+    void*       heap = NULL;
+
+    printf(testingFmt, "wc_PKCS7_New()");
+
+    pkcs7 = wc_PKCS7_New(heap, devId);
+    AssertNotNull(pkcs7);
+
+    printf(resultFmt, passed);
+    wc_PKCS7_Free(pkcs7);
+#endif
+} /* END test-wc_PKCS7_New */
+
 /*
  * Testing wc_PKCS7_Init()
  */
@@ -14259,6 +14278,7 @@ static void test_wc_PKCS7_InitWithCert (void)
 #endif
     printf(testingFmt, "wc_PKCS7_InitWithCert()");
     /* If initialization is not successful, it's free'd in init func. */
+    pkcs7.isDynamic = 0;
     AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, (word32)certSz), 0);
 
     wc_PKCS7_Free(&pkcs7);
@@ -14356,6 +14376,8 @@ static void test_wc_PKCS7_EncodeData (void)
 
     XMEMSET(output, 0, sizeof(output));
 
+    AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
     AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, certSz), 0);
 
     printf(testingFmt, "wc_PKCS7_EncodeData()");
@@ -14461,6 +14483,8 @@ static void test_wc_PKCS7_EncodeSignedData (void)
     XMEMSET(output, 0, outputSz);
     AssertIntEQ(wc_InitRng(&rng), 0);
 
+    AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
     AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0);
 
     printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
@@ -14472,7 +14496,6 @@ static void test_wc_PKCS7_EncodeSignedData (void)
     pkcs7.encryptOID = RSAk;
     pkcs7.hashOID = SHAh;
     pkcs7.rng = &rng;
-    pkcs7.devId = INVALID_DEVID;
 
     AssertIntGT(wc_PKCS7_EncodeSignedData(&pkcs7, output, outputSz), 0);
 
@@ -14576,6 +14599,8 @@ static void test_wc_PKCS7_VerifySignedData(void)
     XMEMSET(output, 0, outputSz);
     AssertIntEQ(wc_InitRng(&rng), 0);
 
+    AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
     AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0);
 
     printf(testingFmt, "wc_PKCS7_VerifySignedData()");
@@ -15038,43 +15063,43 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
 
 /* Testing wc_SignatureGetSize() for signature type ECC */
 static int test_wc_SignatureGetSize_ecc(void)
-{    
-    int ret = 0; 
+{
+    int ret = 0;
     #if defined(HAVE_ECC) && !defined(NO_ECC256)
         enum wc_SignatureType sig_type;
         word32 key_len;
 
         /* Initialize ECC Key */
-        ecc_key ecc; 
+        ecc_key ecc;
         const char* qx =
             "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
-        const char* qy = 
+        const char* qy =
             "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
-        const char* d = 
+        const char* d =
             "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
-    
+
         ret = wc_ecc_init(&ecc);
         if (ret == 0) {
             ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1");
         }
         printf(testingFmt, "wc_SigntureGetSize_ecc()");
-        if (ret == 0) { 
+        if (ret == 0) {
             /* Input for signature type ECC */
             sig_type = WC_SIGNATURE_TYPE_ECC;
             key_len = sizeof(ecc_key);
             ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
-            
-            /* Test bad args */ 
+
+            /* Test bad args */
             if (ret > 0) {
                 sig_type = (enum wc_SignatureType) 100;
                 ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
                 if (ret == BAD_FUNC_ARG) {
                     sig_type = WC_SIGNATURE_TYPE_ECC;
                     ret = wc_SignatureGetSize(sig_type, NULL, key_len);
-                }  
+                }
                 if (ret >= 0) {
                     key_len = (word32) 0;
-                    ret = wc_SignatureGetSize(sig_type, &ecc, key_len); 
+                    ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
                 }
                 if (ret == BAD_FUNC_ARG) {
                     ret = SIG_TYPE_E;
@@ -15102,7 +15127,7 @@ static int test_wc_SignatureGetSize_ecc(void)
 /* Testing wc_SignatureGetSize() for signature type rsa */
 static int test_wc_SignatureGetSize_rsa(void)
 {
-    int ret = 0; 
+    int ret = 0;
     #ifndef NO_RSA
         enum wc_SignatureType sig_type;
         word32 key_len;
@@ -15112,7 +15137,7 @@ static int test_wc_SignatureGetSize_rsa(void)
         RsaKey rsa_key;
         byte* tmp = NULL;
         size_t bytes;
-     
+
         #ifdef USE_CERT_BUFFERS_1024
             bytes = (size_t)sizeof_client_key_der_1024;
             if (bytes < (size_t)sizeof_client_key_der_1024)
@@ -15128,10 +15153,10 @@ static int test_wc_SignatureGetSize_rsa(void)
         tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp != NULL) {
             #ifdef USE_CERT_BUFFERS_1024
-                XMEMCPY(tmp, client_key_der_1024, 
+                XMEMCPY(tmp, client_key_der_1024,
                     (size_t)sizeof_client_key_der_1024);
             #elif defined(USE_CERT_BUFFERS_2048)
-                XMEMCPY(tmp, client_key_der_2048, 
+                XMEMCPY(tmp, client_key_der_2048,
                     (size_t)sizeof_client_key_der_2048);
             #elif !defined(NO_FILESYSTEM)
                 file = fopen(clientKey, "rb");
@@ -15148,7 +15173,7 @@ static int test_wc_SignatureGetSize_rsa(void)
             if (ret == 0) {
                 ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId);
                 if (ret == 0) {
-                    ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, 
+                    ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key,
                         (word32)bytes);
                 }
             }
@@ -15162,7 +15187,7 @@ static int test_wc_SignatureGetSize_rsa(void)
             sig_type = WC_SIGNATURE_TYPE_RSA;
             key_len = sizeof(RsaKey);
             ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
-            
+
             /* Test bad args */
             if (ret > 0) {
                 sig_type = (enum wc_SignatureType) 100;
@@ -15173,7 +15198,7 @@ static int test_wc_SignatureGetSize_rsa(void)
                 }
             #ifndef HAVE_USER_RSA
                 if (ret == BAD_FUNC_ARG) {
-            #else        
+            #else
                 if (ret == 0) {
             #endif
                     key_len = (word32)0;
@@ -15191,21 +15216,21 @@ static int test_wc_SignatureGetSize_rsa(void)
     #else
         ret = SIG_TYPE_E;
     #endif
-            
+
     if (ret == SIG_TYPE_E) {
         ret = 0;
     }else {
         ret = WOLFSSL_FATAL_ERROR;
     }
- 
+
    printf(resultFmt, ret == 0 ? passed : failed);
    return ret;
 }/* END test_wc_SignatureGetSize_rsa(void) */
-  
+
 /*----------------------------------------------------------------------------*
  | hash.h Tests
  *----------------------------------------------------------------------------*/
-  
+
 static int test_wc_HashInit(void)
 {
     int ret = 0, i;  /* 0 indicates tests passed, 1 indicates failure */
@@ -15604,7 +15629,7 @@ static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(){
 
     XMEMSET(nullstr, 0, 32);
     asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
-                    sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, 
+                    sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL,
                     DYNAMIC_TYPE_TMP_BUFFER);
     XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);
     wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
@@ -18374,14 +18399,14 @@ static void test_wolfSSL_SHA(void)
             "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
             "\x15\xAD";
         unsigned char out[WC_SHA256_DIGEST_SIZE];
-     
+
         XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
         AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
         AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
     }
     #endif
 
-    #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) 
+    #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512)
     {
         const unsigned char in[] = "abc";
         unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
@@ -18590,9 +18615,9 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){
     unsigned long flags;
     int p_len;
     unsigned char rbuf[255];
-    
+
     printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()");
-    
+
     /* setup */
     XMEMSET(rbuf, 0, 255);
     bio = BIO_new(BIO_s_mem());
@@ -19777,7 +19802,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
                 DYNAMIC_TYPE_TMP_BUFFER));
     tpp = pp;
     XMEMSET(pp, 0, ret + 1);
-    wolfSSL_i2c_ASN1_INTEGER(a, &pp); 
+    wolfSSL_i2c_ASN1_INTEGER(a, &pp);
     pp--;
     AssertIntEQ(*pp, 40);
     XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -19792,7 +19817,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
                 DYNAMIC_TYPE_TMP_BUFFER));
     tpp = pp;
     XMEMSET(pp, 0, ret + 1);
-    wolfSSL_i2c_ASN1_INTEGER(a, &pp); 
+    wolfSSL_i2c_ASN1_INTEGER(a, &pp);
     pp--;
     AssertIntEQ(*(pp--), 128);
     AssertIntEQ(*pp, 0);
@@ -19809,7 +19834,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
                 DYNAMIC_TYPE_TMP_BUFFER));
     tpp = pp;
     XMEMSET(pp, 0, ret + 1);
-    wolfSSL_i2c_ASN1_INTEGER(a, &pp); 
+    wolfSSL_i2c_ASN1_INTEGER(a, &pp);
     pp--;
     AssertIntEQ(*pp, 216);
     XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -19825,7 +19850,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
                 DYNAMIC_TYPE_TMP_BUFFER));
     tpp = pp;
     XMEMSET(pp, 0, ret + 1);
-    wolfSSL_i2c_ASN1_INTEGER(a, &pp); 
+    wolfSSL_i2c_ASN1_INTEGER(a, &pp);
     pp--;
     AssertIntEQ(*pp, 128);
     XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -19841,13 +19866,13 @@ static void test_wolfSSL_i2c_ASN1_INTEGER()
             DYNAMIC_TYPE_TMP_BUFFER));
     tpp = pp;
     XMEMSET(pp, 0, ret + 1);
-    wolfSSL_i2c_ASN1_INTEGER(a, &pp); 
+    wolfSSL_i2c_ASN1_INTEGER(a, &pp);
     pp--;
     AssertIntEQ(*(pp--), 56);
     AssertIntEQ(*pp, 255);
 
     XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    wolfSSL_ASN1_INTEGER_free(a); 
+    wolfSSL_ASN1_INTEGER_free(a);
 
     printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA */
@@ -20176,6 +20201,7 @@ void ApiTest(void)
     AssertIntEQ(test_wc_ecc_mulmod(), 0);
     AssertIntEQ(test_wc_ecc_is_valid_idx(), 0);
 
+    test_wc_PKCS7_New();
     test_wc_PKCS7_Init();
     test_wc_PKCS7_InitWithCert();
     test_wc_PKCS7_EncodeData();
@@ -20183,7 +20209,7 @@ void ApiTest(void)
     test_wc_PKCS7_VerifySignedData();
     test_wc_PKCS7_EncodeDecodeEnvelopedData();
     test_wc_PKCS7_EncodeEncryptedData();
-     
+
     printf(" End API Tests\n");
 
 }

File diff suppressed because it is too large
+ 183 - 154
wolfcrypt/src/pkcs7.c


+ 112 - 82
wolfcrypt/test/test.c

@@ -18054,7 +18054,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
 
     byte   enveloped[2048];
     byte   decoded[2048];
-    PKCS7  pkcs7;
+    PKCS7* pkcs7;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     FILE*  pkcs7File;
 #endif
@@ -18132,64 +18132,75 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
     testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector);
 
     for (i = 0; i < testSz; i++) {
-        ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT,
+        pkcs7 = wc_PKCS7_New(HEAP_HINT,
         #ifdef WOLFSSL_ASYNC_CRYPT
             INVALID_DEVID /* async PKCS7 is not supported */
         #else
             devId
         #endif
         );
-        if (ret != 0)
+        if (pkcs7 == NULL)
             return -9214;
 
-        ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert,
+        ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
                                     (word32)testVectors[i].certSz);
-        if (ret != 0)
+        if (ret != 0) {
+            wc_PKCS7_Free(pkcs7);
             return -9215;
+        }
 
-        pkcs7.content      = (byte*)testVectors[i].content;
-        pkcs7.contentSz    = testVectors[i].contentSz;
-        pkcs7.contentOID   = testVectors[i].contentOID;
-        pkcs7.encryptOID   = testVectors[i].encryptOID;
-        pkcs7.keyWrapOID   = testVectors[i].keyWrapOID;
-        pkcs7.keyAgreeOID  = testVectors[i].keyAgreeOID;
-        pkcs7.privateKey   = testVectors[i].privateKey;
-        pkcs7.privateKeySz = testVectors[i].privateKeySz;
-        pkcs7.ukm          = testVectors[i].optionalUkm;
-        pkcs7.ukmSz        = testVectors[i].optionalUkmSz;
+        pkcs7->content      = (byte*)testVectors[i].content;
+        pkcs7->contentSz    = testVectors[i].contentSz;
+        pkcs7->contentOID   = testVectors[i].contentOID;
+        pkcs7->encryptOID   = testVectors[i].encryptOID;
+        pkcs7->keyWrapOID   = testVectors[i].keyWrapOID;
+        pkcs7->keyAgreeOID  = testVectors[i].keyAgreeOID;
+        pkcs7->privateKey   = testVectors[i].privateKey;
+        pkcs7->privateKeySz = testVectors[i].privateKeySz;
+        pkcs7->ukm          = testVectors[i].optionalUkm;
+        pkcs7->ukmSz        = testVectors[i].optionalUkmSz;
 
         /* encode envelopedData */
-        envelopedSz = wc_PKCS7_EncodeEnvelopedData(&pkcs7, enveloped,
+        envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
                                                    sizeof(enveloped));
         if (envelopedSz <= 0) {
             printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz);
+            wc_PKCS7_Free(pkcs7);
             return -9216;
         }
 
         /* decode envelopedData */
-        decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz,
+        decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
                                                  decoded, sizeof(decoded));
-        if (decodedSz <= 0)
+        if (decodedSz <= 0) {
+            wc_PKCS7_Free(pkcs7);
             return -9217;
+        }
 
         /* test decode result */
-        if (XMEMCMP(decoded, data, sizeof(data)) != 0)
+        if (XMEMCMP(decoded, data, sizeof(data)) != 0){
+            wc_PKCS7_Free(pkcs7);
             return -9218;
+        }
 
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
         /* output pkcs7 envelopedData for external testing */
         pkcs7File = fopen(testVectors[i].outFileName, "wb");
-        if (!pkcs7File)
+        if (!pkcs7File) {
+            wc_PKCS7_Free(pkcs7);
             return -9219;
+        }
 
         ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File);
         fclose(pkcs7File);
         if (ret != envelopedSz) {
+            wc_PKCS7_Free(pkcs7);
             return -9220;
         }
 #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
 
-        wc_PKCS7_Free(&pkcs7);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
     }
 
 #if !defined(HAVE_ECC) || defined(NO_AES)
@@ -18317,7 +18328,7 @@ int pkcs7encrypted_test(void)
     int ret = 0;
     int i, testSz;
     int encryptedSz, decodedSz, attribIdx;
-    PKCS7 pkcs7;
+    PKCS7* pkcs7;
     byte  encrypted[2048];
     byte  decoded[2048];
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
@@ -18441,55 +18452,65 @@ int pkcs7encrypted_test(void)
     testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
 
     for (i = 0; i < testSz; i++) {
-        ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId);
-        if (ret != 0)
+        pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
+        if (pkcs7 == NULL)
             return -9400;
 
-        pkcs7.content              = (byte*)testVectors[i].content;
-        pkcs7.contentSz            = testVectors[i].contentSz;
-        pkcs7.contentOID           = testVectors[i].contentOID;
-        pkcs7.encryptOID           = testVectors[i].encryptOID;
-        pkcs7.encryptionKey        = testVectors[i].encryptionKey;
-        pkcs7.encryptionKeySz      = testVectors[i].encryptionKeySz;
-        pkcs7.unprotectedAttribs   = testVectors[i].attribs;
-        pkcs7.unprotectedAttribsSz = testVectors[i].attribsSz;
+        pkcs7->content              = (byte*)testVectors[i].content;
+        pkcs7->contentSz            = testVectors[i].contentSz;
+        pkcs7->contentOID           = testVectors[i].contentOID;
+        pkcs7->encryptOID           = testVectors[i].encryptOID;
+        pkcs7->encryptionKey        = testVectors[i].encryptionKey;
+        pkcs7->encryptionKeySz      = testVectors[i].encryptionKeySz;
+        pkcs7->unprotectedAttribs   = testVectors[i].attribs;
+        pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
 
         /* encode encryptedData */
-        encryptedSz = wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted,
+        encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
                                                    sizeof(encrypted));
-        if (encryptedSz <= 0)
+        if (encryptedSz <= 0) {
+            wc_PKCS7_Free(pkcs7);
             return -9401;
+        }
 
         /* decode encryptedData */
-        decodedSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz,
+        decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
                                                  decoded, sizeof(decoded));
-        if (decodedSz <= 0)
+        if (decodedSz <= 0){
+            wc_PKCS7_Free(pkcs7);
             return -9402;
+        }
 
         /* test decode result */
-        if (XMEMCMP(decoded, data, sizeof(data)) != 0)
+        if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
+            wc_PKCS7_Free(pkcs7);
             return -9403;
+        }
 
         /* verify decoded unprotected attributes */
-        if (pkcs7.decodedAttrib != NULL) {
-            decodedAttrib = pkcs7.decodedAttrib;
+        if (pkcs7->decodedAttrib != NULL) {
+            decodedAttrib = pkcs7->decodedAttrib;
             attribIdx = 1;
 
             while (decodedAttrib != NULL) {
 
                 /* expected attribute, stored list is reversed */
-                expectedAttrib = &(pkcs7.unprotectedAttribs
-                        [pkcs7.unprotectedAttribsSz - attribIdx]);
+                expectedAttrib = &(pkcs7->unprotectedAttribs
+                        [pkcs7->unprotectedAttribsSz - attribIdx]);
 
                 /* verify oid */
                 if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
-                            decodedAttrib->oidSz) != 0)
+                            decodedAttrib->oidSz) != 0) {
+                    wc_PKCS7_Free(pkcs7);
                     return -9404;
+                }
 
                 /* verify value */
                 if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
-                            decodedAttrib->valueSz) != 0)
+                            decodedAttrib->valueSz) != 0) {
+                    wc_PKCS7_Free(pkcs7);
                     return -9405;
+                }
 
                 decodedAttrib = decodedAttrib->next;
                 attribIdx++;
@@ -18499,8 +18520,10 @@ int pkcs7encrypted_test(void)
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
         /* output pkcs7 envelopedData for external testing */
         pkcs7File = fopen(testVectors[i].outFileName, "wb");
-        if (!pkcs7File)
+        if (!pkcs7File) {
+            wc_PKCS7_Free(pkcs7);
             return -9406;
+        }
 
         ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File);
         fclose(pkcs7File);
@@ -18509,7 +18532,7 @@ int pkcs7encrypted_test(void)
             ret = 0;
 #endif
 
-        wc_PKCS7_Free(&pkcs7);
+        wc_PKCS7_Free(pkcs7);
     }
 
     return ret;
@@ -18543,7 +18566,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
     byte*  out;
     word32 outSz;
     WC_RNG rng;
-    PKCS7  pkcs7;
+    PKCS7* pkcs7;
 #ifdef PKCS7_OUTPUT_TEST_BUNDLES
     FILE*  file;
 #endif
@@ -18683,26 +18706,30 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
     }
 
     for (i = 0; i < testSz; i++) {
+        pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
+        if (pkcs7 == NULL)
+            return -9410;
 
-        pkcs7.heap = HEAP_HINT;
-        pkcs7.devId = INVALID_DEVID;
-        ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert,
+        pkcs7->heap = HEAP_HINT;
+        pkcs7->devId = INVALID_DEVID;
+        ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
                                     (word32)testVectors[i].certSz);
 
         if (ret != 0) {
             XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            wc_PKCS7_Free(pkcs7);
             return -9410;
         }
 
-        pkcs7.rng             = &rng;
-        pkcs7.content         = (byte*)testVectors[i].content;
-        pkcs7.contentSz       = testVectors[i].contentSz;
-        pkcs7.hashOID         = testVectors[i].hashOID;
-        pkcs7.encryptOID      = testVectors[i].encryptOID;
-        pkcs7.privateKey      = testVectors[i].privateKey;
-        pkcs7.privateKeySz    = testVectors[i].privateKeySz;
-        pkcs7.signedAttribs   = testVectors[i].signedAttribs;
-        pkcs7.signedAttribsSz = testVectors[i].signedAttribsSz;
+        pkcs7->rng             = &rng;
+        pkcs7->content         = (byte*)testVectors[i].content;
+        pkcs7->contentSz       = testVectors[i].contentSz;
+        pkcs7->hashOID         = testVectors[i].hashOID;
+        pkcs7->encryptOID      = testVectors[i].encryptOID;
+        pkcs7->privateKey      = testVectors[i].privateKey;
+        pkcs7->privateKeySz    = testVectors[i].privateKeySz;
+        pkcs7->signedAttribs   = testVectors[i].signedAttribs;
+        pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
 
         /* generate senderNonce */
         {
@@ -18712,7 +18739,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
             ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
             if (ret != 0) {
                 XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-                wc_PKCS7_Free(&pkcs7);
+                wc_PKCS7_Free(pkcs7);
                 return -9411;
             }
         }
@@ -18735,20 +18762,20 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
             ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
             if (ret != 0) {
                 XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-                wc_PKCS7_Free(&pkcs7);
+                wc_PKCS7_Free(pkcs7);
                 return -9412;
             }
-            wc_ShaUpdate(&sha, pkcs7.publicKey, pkcs7.publicKeySz);
+            wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
             wc_ShaFinal(&sha, digest);
             wc_ShaFree(&sha);
         #else
             ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
             if (ret != 0) {
                 XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-                wc_PKCS7_Free(&pkcs7);
+                wc_PKCS7_Free(pkcs7);
                 return -9413;
             }
-            wc_Sha256Update(&sha, pkcs7.publicKey, pkcs7.publicKeySz);
+            wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
             wc_Sha256Final(&sha, digest);
             wc_Sha256Free(&sha);
         #endif
@@ -18758,10 +18785,10 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
             }
         }
 
-        encodedSz = wc_PKCS7_EncodeSignedData(&pkcs7, out, outSz);
+        encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
         if (encodedSz < 0) {
             XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-            wc_PKCS7_Free(&pkcs7);
+            wc_PKCS7_Free(pkcs7);
             return -9414;
         }
 
@@ -18770,35 +18797,38 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
         file = fopen(testVectors[i].outFileName, "wb");
         if (!file) {
             XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-            wc_PKCS7_Free(&pkcs7);
+            wc_PKCS7_Free(pkcs7);
             return -9415;
         }
         ret = (int)fwrite(out, 1, encodedSz, file);
         fclose(file);
         if (ret != (int)encodedSz) {
             XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-            wc_PKCS7_Free(&pkcs7);
+            wc_PKCS7_Free(pkcs7);
             return -9416;
         }
     #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
 
-        wc_PKCS7_Free(&pkcs7);
-        wc_PKCS7_InitWithCert(&pkcs7, NULL, 0);
+        wc_PKCS7_Free(pkcs7);
+
+        pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
+        if (pkcs7 == NULL)
+            return -9410;
+        wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
 
-        ret = wc_PKCS7_VerifySignedData(&pkcs7, out, outSz);
+        ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
         if (ret < 0) {
             XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-            wc_PKCS7_Free(&pkcs7);
+            wc_PKCS7_Free(pkcs7);
             return -9417;
         }
 
-        if (pkcs7.singleCert == NULL || pkcs7.singleCertSz == 0) {
+        if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
             XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-            wc_PKCS7_Free(&pkcs7);
+            wc_PKCS7_Free(pkcs7);
             return -9418;
         }
 
-
         {
             /* check getting signed attributes */
         #ifndef NO_SHA
@@ -18811,25 +18841,25 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
             int bufSz = 0;
 
             if (testVectors[i].signedAttribs != NULL &&
-                    wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz,
+                    wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
                     NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
                 XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-                wc_PKCS7_Free(&pkcs7);
+                wc_PKCS7_Free(pkcs7);
                 return -9419;
             }
 
             if (bufSz > (int)sizeof(buf)) {
                 XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-                wc_PKCS7_Free(&pkcs7);
+                wc_PKCS7_Free(pkcs7);
                 return -9420;
             }
 
-            bufSz = wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz,
+            bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
                     buf, (word32*)&bufSz);
             if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
                 (testVectors[i].signedAttribs == NULL && bufSz > 0)) {
                 XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-                wc_PKCS7_Free(&pkcs7);
+                wc_PKCS7_Free(pkcs7);
                 return -9421;
             }
         }
@@ -18838,14 +18868,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
         file = fopen("./pkcs7cert.der", "wb");
         if (!file) {
             XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-            wc_PKCS7_Free(&pkcs7);
+            wc_PKCS7_Free(pkcs7);
             return -9422;
         }
-        ret = (int)fwrite(pkcs7.singleCert, 1, pkcs7.singleCertSz, file);
+        ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
         fclose(file);
     #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
 
-        wc_PKCS7_Free(&pkcs7);
+        wc_PKCS7_Free(pkcs7);
     }
 
     XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);

+ 11 - 2
wolfssl/wolfcrypt/pkcs7.h

@@ -95,10 +95,13 @@ typedef struct PKCS7DecodedAttrib {
 } PKCS7DecodedAttrib;
 
 
+/* Public Structure Warning:
+ * Existing members must not be changed to maintain backwards compatibility! 
+ */
 typedef struct PKCS7 {
     WC_RNG* rng;
     PKCS7Attrib* signedAttribs;
-    byte* content;                /* inner content, not owner             */
+    byte*  content;               /* inner content, not owner             */
     byte*  singleCert;            /* recipient cert, DER, not owner       */
     byte*  issuer;                /* issuer name of singleCert            */
     byte*  privateKey;            /* private key, DER, not owner          */
@@ -136,11 +139,17 @@ typedef struct PKCS7 {
     int devId;                    /* device ID for HW based private key   */
     byte issuerHash[KEYID_SIZE];  /* hash of all alt Names                */
     byte issuerSn[MAX_SN_SZ];     /* singleCert's serial number           */
-    byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/
+    byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
     word32 certSz[MAX_PKCS7_CERTS];
+    
+     /* flags - up to 16-bits */
+    word16 isDynamic:1;
+
+    /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
 } PKCS7;
 
 
+WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
 WOLFSSL_API int  wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
 WOLFSSL_API int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
 WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);

Some files were not shown because too many files changed in this diff