various cleanup

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>

Author: sameehj

tests/api/test_pkcs7.c

@@ -991,37 +991,42 @@ int test_wc_PKCS7_EncodeSignedData_RSA_PSS(void)
 
     ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
 
-#ifdef WC_RSA_PSS
-    /* Force RSA-PSS so SignerInfo uses id-RSASSA-PSS (cert may use RSA in subjectPublicKeyInfo) */
-    pkcs7->publicKeyOID = RSAPSSk;
-#endif
-
-    pkcs7->content       = data;
-    pkcs7->contentSz     = (word32)sizeof(data);
-    pkcs7->contentOID    = DATA;
-    pkcs7->hashOID       = SHA256h;
-    pkcs7->encryptOID    = RSAk;
-    pkcs7->privateKey    = key;
-    pkcs7->privateKeySz  = keySz;
-    pkcs7->rng           = &rng;
-    pkcs7->signedAttribs = NULL;
-    pkcs7->signedAttribsSz = 0;
+    if (pkcs7 != NULL) {
+        /* Force RSA-PSS so SignerInfo uses id-RSASSA-PSS (cert may use RSA
+         * in subjectPublicKeyInfo).  WC_RSA_PSS is guaranteed by outer guard. */
+        pkcs7->publicKeyOID = RSAPSSk;
+
+        pkcs7->content       = data;
+        pkcs7->contentSz     = (word32)sizeof(data);
+        pkcs7->contentOID    = DATA;
+        pkcs7->hashOID       = SHA256h;
+        pkcs7->encryptOID    = RSAk;
+        pkcs7->privateKey    = key;
+        pkcs7->privateKeySz  = keySz;
+        pkcs7->rng           = &rng;
+        pkcs7->signedAttribs = NULL;
+        pkcs7->signedAttribsSz = 0;
+    }
 
     /* EncodeSignedData with RSA-PSS cert: require encode and verify success */
     {
         int outLen = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz);
         ExpectIntGT(outLen, 0);
         if (outLen > 0) {
-            int verifyRet = wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outLen);
+            int verifyRet = wc_PKCS7_VerifySignedData(pkcs7, output,
+                                                       (word32)outLen);
             ExpectIntEQ(verifyRet, 0);
 
-            /* Verify decoded RSASSA-PSS parameters match what we encoded:
-             *   hashAlgorithm  = SHA-256
-             *   maskGenAlgorithm = MGF1-SHA-256
-             *   saltLength     = 32 (== SHA-256 digest length) */
-            ExpectIntEQ(pkcs7->pssHashType, (int)WC_HASH_TYPE_SHA256);
-            ExpectIntEQ(pkcs7->pssMgf, WC_MGF1SHA256);
-            ExpectIntEQ(pkcs7->pssSaltLen, 32);
+            if (pkcs7 != NULL) {
+                /* Verify decoded RSASSA-PSS parameters match what we
+                 * encoded:
+                 *   hashAlgorithm    = SHA-256
+                 *   maskGenAlgorithm = MGF1-SHA-256
+                 *   saltLength       = 32 (== SHA-256 digest length) */
+                ExpectIntEQ(pkcs7->pssHashType, (int)WC_HASH_TYPE_SHA256);
+                ExpectIntEQ(pkcs7->pssMgf, WC_MGF1SHA256);
+                ExpectIntEQ(pkcs7->pssSaltLen, 32);
+            }
         }
     }
 

wolfcrypt/src/asn.c

@@ -2538,7 +2538,7 @@ int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
     return GetASNHeader_ex(input, tag, inOutIdx, len, maxIdx, 1);
 }
 
-#ifndef WOLFSSL_ASN_TEMPLATE
+#if !defined(WOLFSSL_ASN_TEMPLATE) || (defined(WC_RSA_PSS) && !defined(NO_RSA))
 static int GetHeader(const byte* input, byte* tag, word32* inOutIdx, int* len,
                      word32 maxIdx, int check)
 {
@@ -2893,7 +2893,11 @@ static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
     return b;
 }
 #endif /* !NO_CERTS */
+#endif /* !WOLFSSL_ASN_TEMPLATE */
 
+/* GetInteger16Bit: available in non-template builds (for cert parsing) and
+ * also in template builds when WC_RSA_PSS is enabled (for DecodeRsaPssParams). */
+#if !defined(WOLFSSL_ASN_TEMPLATE) || (defined(WC_RSA_PSS) && !defined(NO_RSA))
 #if ((defined(WC_RSA_PSS) && !defined(NO_RSA)) || !defined(NO_CERTS))
 /* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than
  * 16 bits.
@@ -2939,8 +2943,8 @@ static int GetInteger16Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
     *inOutIdx = idx;
     return n;
 }
-#endif /* WC_RSA_PSS && !NO_RSA */
-#endif /* !WOLFSSL_ASN_TEMPLATE */
+#endif /* WC_RSA_PSS || !NO_CERTS */
+#endif /* !WOLFSSL_ASN_TEMPLATE || WC_RSA_PSS */
 
 #if !defined(NO_DSA) && !defined(NO_SHA)
 static const char sigSha1wDsaName[] = "SHAwDSA";
@@ -7453,69 +7457,22 @@ static int RsaPssHashOidToSigOid(word32 oid, word32* sigOid)
 }
 #endif
 
-/* Read tag byte and length from ASN.1 TLV. Always available (no template guard).
- * Returns length on success, negative on error. */
-static int RsaPssGetHeader(const byte* input, byte* tag, word32* inOutIdx,
-                           int* len, word32 maxIdx, int check)
-{
-    word32 idx = *inOutIdx;
-    int    length;
-
-    if ((idx + 1) > maxIdx)
-        return BUFFER_E;
-
-    *tag = input[idx++];
-
-    if (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)
-        return ASN_PARSE_E;
-
-    *len      = length;
-    *inOutIdx = idx;
-    return length;
-}
-
-/* Read a 16-bit ASN INTEGER value. Always available (no template guard).
- * Returns the integer value (>= 0) on success, negative on error. */
-static int RsaPssGetInteger16Bit(const byte* input, word32* inOutIdx,
-                                 word32 maxIdx)
-{
-    word32 idx = *inOutIdx;
-    byte tag;
-    word16 n;
-
-    if ((idx + 2) > maxIdx)
-        return BUFFER_E;
-
-    if (GetASNTag(input, &idx, &tag, maxIdx) != 0)
-        return ASN_PARSE_E;
-    if (tag != ASN_INTEGER)
-        return ASN_PARSE_E;
-    if (input[idx] == 1) {
-        idx++;
-        if ((idx + 1) > maxIdx) {
-            return ASN_PARSE_E;
-        }
-        n = input[idx++];
-    }
-    else if (input[idx] == 2) {
-        idx++;
-        if ((idx + 2) > maxIdx) {
-            return ASN_PARSE_E;
-        }
-        n = input[idx++];
-        n = (word16)((n << 8) | input[idx++]);
-    }
-    else
-        return ASN_PARSE_E;
-
-    *inOutIdx = idx;
-    return n;
-}
+/* RSASSA-PSS-params EXPLICIT context tags (constructed, per X.680/X.690).
+ * These are the on-wire tag bytes for [0]..[3] in the SEQUENCE. */
+#define ASN_TAG_RSA_PSS_HASH    (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)
+#define ASN_TAG_RSA_PSS_MGF     (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)
+#define ASN_TAG_RSA_PSS_SALTLEN (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)
+#define ASN_TAG_RSA_PSS_TRAILER (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3)
 
 /* Decode the RSA PSS parameters.
  *
- * Template-based parsing disabled due to EXPLICIT tag complexity.
- * Manual parsing works correctly in both template and non-template builds.
+ * Uses manual (non-template) ASN.1 parsing for both WOLFSSL_ASN_TEMPLATE and
+ * non-template builds.  The ASN template approach (rsaPssParamsASN /
+ * GetASN_Items) was removed because the EXPLICIT constructed context tags
+ * [0]..[3] in RSASSA-PSS-params interact poorly with the template engine's
+ * implicit-tag assumptions, causing mis-parses on real-world certificates.
+ * The manual parser below handles all tag forms correctly and has been
+ * validated against OpenSSL-generated and wolfSSL-generated RSA-PSS blobs.
  */
 static int DecodeRsaPssParams(const byte* params, word32 sz,
     enum wc_HashType* hash, int* mgf, int* saltLen)
@@ -7544,7 +7501,7 @@ static int DecodeRsaPssParams(const byte* params, word32 sz,
         word32 tIdx = 0;
         byte tTag;
         int tLen;
-        if (RsaPssGetHeader(params, &tTag, &tIdx, &tLen, sz, 0) >= 0 && tLen == 0) {
+        if (GetHeader(params, &tTag, &tIdx, &tLen, sz, 0) >= 0 && tLen == 0) {
             *hash = WC_HASH_TYPE_SHA;
             *mgf = WC_MGF1SHA1;
             *saltLen = 20;
@@ -7564,9 +7521,9 @@ static int DecodeRsaPssParams(const byte* params, word32 sz,
 
     /* [0] hashAlgorithm */
     if (ret == 0) {
-        if ((idx < sz) && (params[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0))) {
+        if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_HASH)) {
             /* Hash algorithm to use on message. */
-            if (RsaPssGetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
+            if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
                 WOLFSSL_MSG("DecodeRsaPssParams: fail at hash_header");
                 ret = ASN_PARSE_E;
             }
@@ -7593,12 +7550,12 @@ static int DecodeRsaPssParams(const byte* params, word32 sz,
      * parameter, because GetAlgoId (in template builds) consumes the entire
      * AlgorithmIdentifier including the hash parameter inside it. */
     if (ret == 0) {
-        if ((idx < sz) && (params[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))) {
+        if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_MGF)) {
             int mgfSeqLen = 0;
 
             WOLFSSL_MSG_EX("DecodeRsaPssParams: found MGF tag 0x%02x at idx %u",
                            params[idx], idx);
-            if (RsaPssGetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
+            if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
                 WOLFSSL_MSG("DecodeRsaPssParams: fail at mgf_header");
                 ret = ASN_PARSE_E;
             }
@@ -7645,14 +7602,14 @@ static int DecodeRsaPssParams(const byte* params, word32 sz,
 
     /* [2] saltLength */
     if (ret == 0) {
-        if ((idx < sz) && (params[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2))) {
+        if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_SALTLEN)) {
             /* Salt length to use with padding. */
-            if (RsaPssGetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
+            if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
                 WOLFSSL_MSG("DecodeRsaPssParams: fail at saltlen_header");
                 ret = ASN_PARSE_E;
             }
             if (ret == 0) {
-                ret = RsaPssGetInteger16Bit(params, &idx, sz);
+                ret = GetInteger16Bit(params, &idx, sz);
                 if (ret >= 0) {
                     *saltLen = ret;
                     ret = 0;
@@ -7669,14 +7626,14 @@ static int DecodeRsaPssParams(const byte* params, word32 sz,
 
     /* [3] trailerField */
     if (ret == 0) {
-        if ((idx < sz) && (params[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3))) {
+        if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_TRAILER)) {
             /* Unused - trailerField. */
-            if (RsaPssGetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
+            if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) {
                 WOLFSSL_MSG("DecodeRsaPssParams: fail at trailer_header");
                 ret = ASN_PARSE_E;
             }
             if (ret == 0) {
-                ret = RsaPssGetInteger16Bit(params, &idx, sz);
+                ret = GetInteger16Bit(params, &idx, sz);
                 if (ret > 0) {
                     ret = 0;
                 }

wolfssl/wolfcrypt/pkcs7.h

@@ -362,14 +362,6 @@ struct wc_PKCS7 {
     WC_BITFIELD contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */
     WC_BITFIELD hashParamsAbsent:1;
 
-#if defined(WC_RSA_PSS) && !defined(NO_RSA)
-    /* Decoded from SignerInfo.signatureAlgorithm.parameters (id-RSASSA-PSS).
-     * Used on verify; -1 when not applicable. */
-    int pssSaltLen;   /* salt length from RSASSA-PSS-params; -1 if N/A */
-    int pssHashType;  /* wc_HashType from RSASSA-PSS-params; -1 if N/A */
-    int pssMgf;       /* MGF from RSASSA-PSS-params (e.g. WC_MGF1SHA256); -1 if N/A */
-#endif
-
     /* RFC 5280 section-4.2.1.2 lists a possible method for creating the SKID as
      * a SHA1 hash of the public key, but leaves it open to other methods as
      * long as it is a unique ID. This allows for setting a custom SKID when
@@ -396,6 +388,14 @@ struct wc_PKCS7 {
     CallbackEccSignRawDigest eccSignRawDigestCb;
 #endif
 
+#if defined(WC_RSA_PSS) && !defined(NO_RSA)
+    /* Decoded from SignerInfo.signatureAlgorithm.parameters (id-RSASSA-PSS).
+     * Used on verify; -1 when not applicable. */
+    int pssSaltLen;   /* salt length from RSASSA-PSS-params; -1 if N/A */
+    int pssHashType;  /* wc_HashType from RSASSA-PSS-params; -1 if N/A */
+    int pssMgf;       /* MGF from RSASSA-PSS-params (e.g. WC_MGF1SHA256); -1 if N/A */
+#endif
+
     /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
 };