From 0971b433d747b48151cdc0fd926cd56794a6113e Mon Sep 17 00:00:00 2001
From: aidan garske <aidangarske03@gmail.com>
Date: Tue, 2 Jul 2024 11:30:23 -0700
Subject: [PATCH 1/3] PKCS7-verify example for PKCS7 DER and PEM.

---
 pkcs7/pkcs7-verify.c | 41 +++++++++++++++++++++++++++++++----------
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/pkcs7/pkcs7-verify.c b/pkcs7/pkcs7-verify.c
index 559f383a..9628f9df 100644
--- a/pkcs7/pkcs7-verify.c
+++ b/pkcs7/pkcs7-verify.c
@@ -26,11 +26,16 @@
 
 #ifdef HAVE_PKCS7
 
+static const char* pkcs7SignedDer = "signed.p7b"; /* DER */
+static const char* pkcs7SignedPem = "signed.p7s"; /* PEM */
+
 int main(int argc, char** argv)
 {
     int rc = 0;
     PKCS7 pkcs7;
     XFILE derFile;
+    byte* fileBuf = NULL;
+    word32 fileSz = 0;
     byte* derBuf = NULL;
     word32 derSz = 0;
 
@@ -41,35 +46,50 @@ int main(int argc, char** argv)
     wolfSSL_Debugging_ON();
 #endif
 
-    /* load DER PKCS7 */
-    derFile = fopen("signed.p7s", "rb");
+    /* load PKCS7 */
+    derFile = fopen(pkcs7SignedPem, "rb");
     if (derFile) {
         fseek(derFile, 0, SEEK_END);
-        derSz = (int)ftell(derFile);
+        fileSz = (int)ftell(derFile);
         rewind(derFile);
 
-        derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (derBuf == NULL) {
+        fileBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        derBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (fileBuf == NULL || derBuf == NULL) {
             rc = MEMORY_E; goto exit;
         }
+        derSz = fileSz;
 
-        rc = (int)fread(derBuf, 1, derSz, derFile);
+        rc = (int)fread(fileBuf, 1, fileSz, derFile);
         fclose(derFile);
 
-        if (rc != derSz) {
+        if (rc != fileSz) {
             printf("Failed to read der file!\n");
             return -1;
         }
     }
 
-    printf("Der %d\n", derSz);
-    WOLFSSL_BUFFER(derBuf, derSz);
+    /* PKCS_Init captures/saves this, so make sure
+     * isDynamic = 0 since it is on the stack */
+    pkcs7.isDynamic = 0;
 
     /* Test verify */
     rc = wc_PKCS7_Init(&pkcs7, NULL, INVALID_DEVID);
     if (rc != 0) goto exit;
     rc = wc_PKCS7_InitWithCert(&pkcs7, NULL, 0);
     if (rc != 0) goto exit;
+
+    /* convert PEM to DER */
+    rc = wc_CertPemToDer(fileBuf, fileSz, derBuf, derSz, PKCS7_TYPE);
+    if (rc < 0) {
+        goto exit;
+    }
+    derSz = rc;
+    rc = 0;
+
+    printf("Der %d\n", derSz);
+    WOLFSSL_BUFFER(derBuf, derSz);
+
     rc = wc_PKCS7_VerifySignedData(&pkcs7, derBuf, derSz);
     if (rc != 0) goto exit;
 
@@ -82,6 +102,7 @@ exit:
 
     wc_PKCS7_Free(&pkcs7);
     XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(fileBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return rc;
 }
@@ -94,4 +115,4 @@ int main(int argc, char** argv)
     return 0;
 }
 
-#endif
+#endif
\ No newline at end of file

From 2e8642ddd363acaa4b80959303af5debb3710222 Mon Sep 17 00:00:00 2001
From: aidan garske <aidangarske03@gmail.com>
Date: Tue, 2 Jul 2024 11:30:23 -0700
Subject: [PATCH 2/3] PKCS7-verify example for PKCS7 DER and PEM.

---
 pkcs7/pkcs7-verify.c |  41 +++++++++++++++++++++++++++++++----------
 pkcs7/signed.p7s     | Bin 1633 -> 2257 bytes
 2 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/pkcs7/pkcs7-verify.c b/pkcs7/pkcs7-verify.c
index 559f383a..9628f9df 100644
--- a/pkcs7/pkcs7-verify.c
+++ b/pkcs7/pkcs7-verify.c
@@ -26,11 +26,16 @@
 
 #ifdef HAVE_PKCS7
 
+static const char* pkcs7SignedDer = "signed.p7b"; /* DER */
+static const char* pkcs7SignedPem = "signed.p7s"; /* PEM */
+
 int main(int argc, char** argv)
 {
     int rc = 0;
     PKCS7 pkcs7;
     XFILE derFile;
+    byte* fileBuf = NULL;
+    word32 fileSz = 0;
     byte* derBuf = NULL;
     word32 derSz = 0;
 
@@ -41,35 +46,50 @@ int main(int argc, char** argv)
     wolfSSL_Debugging_ON();
 #endif
 
-    /* load DER PKCS7 */
-    derFile = fopen("signed.p7s", "rb");
+    /* load PKCS7 */
+    derFile = fopen(pkcs7SignedPem, "rb");
     if (derFile) {
         fseek(derFile, 0, SEEK_END);
-        derSz = (int)ftell(derFile);
+        fileSz = (int)ftell(derFile);
         rewind(derFile);
 
-        derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (derBuf == NULL) {
+        fileBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        derBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (fileBuf == NULL || derBuf == NULL) {
             rc = MEMORY_E; goto exit;
         }
+        derSz = fileSz;
 
-        rc = (int)fread(derBuf, 1, derSz, derFile);
+        rc = (int)fread(fileBuf, 1, fileSz, derFile);
         fclose(derFile);
 
-        if (rc != derSz) {
+        if (rc != fileSz) {
             printf("Failed to read der file!\n");
             return -1;
         }
     }
 
-    printf("Der %d\n", derSz);
-    WOLFSSL_BUFFER(derBuf, derSz);
+    /* PKCS_Init captures/saves this, so make sure
+     * isDynamic = 0 since it is on the stack */
+    pkcs7.isDynamic = 0;
 
     /* Test verify */
     rc = wc_PKCS7_Init(&pkcs7, NULL, INVALID_DEVID);
     if (rc != 0) goto exit;
     rc = wc_PKCS7_InitWithCert(&pkcs7, NULL, 0);
     if (rc != 0) goto exit;
+
+    /* convert PEM to DER */
+    rc = wc_CertPemToDer(fileBuf, fileSz, derBuf, derSz, PKCS7_TYPE);
+    if (rc < 0) {
+        goto exit;
+    }
+    derSz = rc;
+    rc = 0;
+
+    printf("Der %d\n", derSz);
+    WOLFSSL_BUFFER(derBuf, derSz);
+
     rc = wc_PKCS7_VerifySignedData(&pkcs7, derBuf, derSz);
     if (rc != 0) goto exit;
 
@@ -82,6 +102,7 @@ exit:
 
     wc_PKCS7_Free(&pkcs7);
     XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(fileBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return rc;
 }
@@ -94,4 +115,4 @@ int main(int argc, char** argv)
     return 0;
 }
 
-#endif
+#endif
\ No newline at end of file
diff --git a/pkcs7/signed.p7s b/pkcs7/signed.p7s
index e1e6280c2d193089b25844ddc263e98a1d76ab0d..f9da08e11f7ab2c5e5fc110dd3e57aac011adc16 100755
GIT binary patch
literal 2257
zcmbW3OSiH(7KZ2iik`c^B_g5>Y7i0#Ah&Q8W*`U(h>Bc)edDRVoI0zzR(CVYX0www
z?Dt82{aPMD#ES7Z>j<6wXZVZK6$PJ2s2-b0Df+Vk$Qd?E%)LP<lnn$#9MKF6A+PeH
z%!P>PBFIGvAW#Z<`J{^Siur*SgaPN$Kz#R9=25V_C5&A~P!Mfj$wS7UQpkd(uxNb>
zqh`o+{n`K>Qh+EB6aeUe#?X0UM@hDbhyolupf8KlNjpFiBA*Z}4yy0XqN^`Dz{V3H
z7><<BNOO#<F523CaubOT*sqtuFvuR`7pZKwk^ApB%m+DT_%^Bx*F~a7>4NfmwPDa~
z>@!g?_Gi4Qk~<kO0)dblz5sL`ZPRT!?Y0Rs*5|F!YPHcPu6S7r{9)-TutO3DyE>tT
zAITt-26{9RV01(#-4$tlR%2=jPQM4me+3uq-k)f<KKt|!?bzL__bA{yO1H%U4PToi
zBT$fJtI`RUx(NMe-QQ(X|BvqPvZ>{l{e^A_fujuQ4~-@Y0s$z`MGGMK>4OF?0|6Xe
zWd)oe@Q&pRIJ4?nw9SnhZEbF~Xq`>0VNNN13zIGwg!ii-4vgu86&1W<<K4>wtBJ^+
zIydN)eHO1zQw_v?`83;Eayz|rBUN3w6tiY`*ganw0F7DKab8m1`;eaV4G*7|YB>Sv
z%dA{qje6spX5;8MI}gaE+5u^36?~T;tbKm^tBxC;BfKZKk(!N}5lg7S-JWhCL+?XK
zATRe9ji{QYIMUdkY@#NYo_9%AmikKM%QGpTrL4K~#iA<KG^FBYN4&q<)Z-jA#UnuE
zP%%x*;!$JyoCGaLa}I9=(lt3$LvTJ?+e1vM*tH-Pjh9MOeZ~^%nl*f4*K^>j^{tzE
zhl%vXFCqZ3DU=8bHy5a%)|TzX(znHci>W9WK<ogFSE3>SLPRhqQiDMHl}K1o%8BPV
zorYACh<kb1o$w<FB2vpZI$7R8$)7H?>6;+rgVX@e!smOPa(tA;nc`fGE=s5NeE~Ut
z9#H<3YXKs!m)Q`=Px+Ubmi|svLIPbN7{V3<;z`1wLm|&!!a^T`oRNS&R4SkU1P~yt
z1c3QzBoR1|m}a()*4FM_c#fNcP{jTO!b+2F*&AklR8+yi?AGSnbT)qA=b<Oh+T)!$
z1C`Z<v!=C;uF^+!w6gcO>DZcWBIG=$Rd8)^b2}AN!-am+?Ze(~nm0?=t3isw>Ye#i
zd86GGJJMu-;kS0H5PJxC^13K;?@B6c$RpvZ(28^N<TmE2S27$16Yh><(y+PBQeJ;u
zrKV=AX41MVXYQWJWLf%ZxZKv>Wv8o9+XKU)m@_RSGA<bQ3@9=?g{gAaw3sqW%<i7g
z!=bPGL{frjy*obf^tdN#I)$4V!{Fd~RX)yjqh~tz7<O>p_c=<Ou-#ytx)!cvt#{H&
z1g4g}u7%b6rdjOo2t#oG;9JJaIUp>Q%KnVf)K5(Ruau^KV){F-{u^3RKQa9sSAR*X
z<v?0oGAu|7)li8P5O_!c$_H0J5vDCMaiJEtY+SB$HRa44Xwk>IU+{>!#S<}`<bs=2
zqesKs^0C=$;f}U2!e}+=Ck}J*>B*T;>d3)4kKoO!TEs|=7G@Vr?O$A*wThx|h$=e;
z@?kP=j5I_@YmZNz--mW_3F%Y4bFPBLMRA`UYwoPc&r=brV@KWBYoL(Kt=C4TC}ma~
zmU1rpaaIhlzPzsPX4d@J7Ow%j+pB74-0IsQZMnPpP;YtysC@wMy1WNTWn3CYeH6XN
zwR1Z%C>#rzGVQM8c4N0M{aB$ls4VZT6=!Q-7MQD6k2S^9r<Hzx(!K9Yd;QI|+>oB^
zk*H#Ew??PbDsN@<kFcU|&^JSx??6`EZx;WKAMR-jsZIXdZ`9XiMKsX&tIOX3v}n)v

literal 1633
zcmXqLVvA+t)N1o+`_9YA&a|M3&Cj5T&5MbV(U9MOmyI)_&4V$OnT3gwmBBy-p^$Nb
zIE$!nr9x_6a(+r`ih_%4kV0~5QHdVIf+iL_gC-U$gC=IB1<Xv0OiWAy3?P%Bb}(`S
zO=_HO$Zf#M#vIDRCd?EXY$$9X2;y+?aD^upXJqE3m*nRe3K;N#1lf7mgHsbrN^(+R
zB3wM|<@q^j!NER;A_hVrHQYShE~#ayIr#;-sd*)a5(Z)*QDz?g^73*$klNzn9KGcH
zTtj&SS-49$8N~!L^V0GikQ5lmiSrs-7?>HD7#SLx7#l^2^BRG;hET3S;}levg8~Wc
zayI{>^i-g$1r7KiuI32HFDl7N%uAt%vzr)|ki!@lTg*+2{0s(7j9g4jjEoFRPW)im
z5b3mJ4a;U#<1g-OO7%Z)*PVawbhF>dyUK~XryY>a-p_Al8DJN+t#{kUgAX<``)f~*
zdSqR>{`#o|mgb_H)sv5J);eQ)DOk=?Zt;A}RhtelH7}dFLM7<FY!PoQ*W#15suT9P
zFZrjOc2)JW$&yJ=9oQ$#ZV>0@kScunP+Tkg^{%5zO>=jAJagxpkV7~3ye}Jcx4dnb
zz<u$3%@$6bO+w<**Ik*S>;4BjMXDG-w4HcFWtHP;pYrq5n|sA1E~a0tyOvX&){z-u
zVlzEU=RuD5;~N4|=eE4m_l<~{{V7JQVDa~lOH?zB52cGg)tOpmBf0Fs)d07gYaufi
z@3s%RIhl!>k%4h>;{=1oUU0gT6=q>FU;w5%Z~|}p;l#+u!otkNx&W9ym_udxSj1RF
zJhi)dCQlIF_~B{c%E+{U8HF=rz8c7bq?K8KDXc-nCS85zy}ha1<|(S5-8sEz)Aa+*
z*THF4mY<RFKiIqn5c5=7#0*5(IJDUqSy|bcncyrI<VXW%3}B=&GI&kfa=WB^Q_6F;
zHKiXUqQVs<rff{Ex-c(vMr!oob$?#_d54CDv5CkVz1;d_Lsdr5f2XeobGg)o?`@aO
zdz7b<VzTP=(?tuil;dPpyll<by-nY(OZTzoz5`(q)2>gQWGno;r^I>t-@DQrjxu6j
zx$Y}eUly6L!fD#Csm-?<xprN7zh3d-jA+Gm+F~yru~Y>8*jMuC>~9kt|0kPwEjahM
zSIN|FyZiL%9g-6d=QU?9?l+wrFQNU7Nql07y2qSNx2zm@JX^Kr)6e{zAhFZ`yjJ9_
zoVzLZWN)#A>YhN)gyWVg3?Ex9=W{y0`vLEk8Jh!px<roJ|8xD}z^A+GQOobE7B8yj
z7&bAU0w&yJz%t07ao*r9D_{j1auJDI&apHxGSr9s+G%v6INwAtuqRC3xp&P3tG4@6
z?cSG#{qA4uTU@a7!pCL_`%Q**Z7-L;dhwujC%;g!fbN4yH*Z97Cq6&+Zr_@!Lmb8-
zoU$6uA!;A5T#w)}dZV@2_H9dIZLj$3DT`SC&CL4VHG4U?+|q{`bMof@KcL7ydG_Zx
zg-*E{mroRVe>~Id@b}jv|CrOEOI$khEZ<DZGqYU$@wU~RS)M(|4!liRZcuk1FF1a2
zQfAv%tIgJiH_QxM)XO%{-t}C1_r$P{%K=X&Rr6=QzbYfUNG~VtyX!xrsx5m%HoZAr
swRw$ftW1E4N4mYp61`A6vtJR@Jr0FDGx_#FuC3zyw`(hXYY$xm0Evr9G5`Po


From 08c24d4cf3fda23d110000404405e0492d1e6c81 Mon Sep 17 00:00:00 2001
From: aidan garske <aidangarske03@gmail.com>
Date: Mon, 8 Jul 2024 11:35:58 -0700
Subject: [PATCH 3/3] Added pkcs7-verify verification of matching output and
 .p7b added DER to PEM check  wc_DerToPem.

---
 pkcs7/pkcs7-verify.c |  43 ++++++++++++++++++++++++++++++++++++++++++-
 pkcs7/signed.p7b     | Bin 0 -> 1633 bytes
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 pkcs7/signed.p7b

diff --git a/pkcs7/pkcs7-verify.c b/pkcs7/pkcs7-verify.c
index 9628f9df..8ddb855a 100644
--- a/pkcs7/pkcs7-verify.c
+++ b/pkcs7/pkcs7-verify.c
@@ -18,7 +18,9 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
+#ifndef WOLFSSL_USER_SETTINGS
 #include <wolfssl/options.h>
+#endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/pkcs7.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -65,8 +67,10 @@ int main(int argc, char** argv)
 
         if (rc != fileSz) {
             printf("Failed to read der file!\n");
-            return -1;
+            rc = -1;
+            goto exit;
         }
+        rc = 0;
     }
 
     /* PKCS_Init captures/saves this, so make sure
@@ -95,6 +99,43 @@ int main(int argc, char** argv)
 
     printf("PKCS7 Verify Success\n");
 
+    #ifdef WOLFSSL_DER_TO_PEM
+        memset(fileBuf, 0, fileSz);
+        rc = wc_DerToPem(derBuf, derSz, fileBuf, fileSz, PKCS7_TYPE);
+        if (rc <= 0) {
+            printf("DER to PEM failed: %d\n", rc);
+            goto exit;
+        }
+        printf("%s", fileBuf);
+    #endif
+
+    /* load PKCS7 */
+    derFile = fopen(pkcs7SignedDer, "rb");
+    if (derFile) {
+        fseek(derFile, 0, SEEK_END);
+        fileSz = (int)ftell(derFile);
+        rewind(derFile);
+
+        rc = (int)fread(fileBuf, 1, fileSz, derFile);
+        fclose(derFile);
+
+        if (rc != fileSz) {
+            printf("Failed to read der file!\n");
+            rc = -1;
+            goto exit;
+        }
+        rc = 0;
+    }
+
+    /* Verify DER output matches expected output */
+    if (fileSz != derSz || memcmp(fileBuf, derBuf, derSz) != 0) {
+        fprintf(stderr, "DER output didn't match expected\n");
+        rc = -1;
+    }
+    else {
+        printf("DER output matches the original PEM\n");
+    }
+
 exit:
 
     if (rc != 0)
diff --git a/pkcs7/signed.p7b b/pkcs7/signed.p7b
new file mode 100644
index 0000000000000000000000000000000000000000..e1e6280c2d193089b25844ddc263e98a1d76ab0d
GIT binary patch
literal 1633
zcmXqLVvA+t)N1o+`_9YA&a|M3&Cj5T&5MbV(U9MOmyI)_&4V$OnT3gwmBBy-p^$Nb
zIE$!nr9x_6a(+r`ih_%4kV0~5QHdVIf+iL_gC-U$gC=IB1<Xv0OiWAy3?P%Bb}(`S
zO=_HO$Zf#M#vIDRCd?EXY$$9X2;y+?aD^upXJqE3m*nRe3K;N#1lf7mgHsbrN^(+R
zB3wM|<@q^j!NER;A_hVrHQYShE~#ayIr#;-sd*)a5(Z)*QDz?g^73*$klNzn9KGcH
zTtj&SS-49$8N~!L^V0GikQ5lmiSrs-7?>HD7#SLx7#l^2^BRG;hET3S;}levg8~Wc
zayI{>^i-g$1r7KiuI32HFDl7N%uAt%vzr)|ki!@lTg*+2{0s(7j9g4jjEoFRPW)im
z5b3mJ4a;U#<1g-OO7%Z)*PVawbhF>dyUK~XryY>a-p_Al8DJN+t#{kUgAX<``)f~*
zdSqR>{`#o|mgb_H)sv5J);eQ)DOk=?Zt;A}RhtelH7}dFLM7<FY!PoQ*W#15suT9P
zFZrjOc2)JW$&yJ=9oQ$#ZV>0@kScunP+Tkg^{%5zO>=jAJagxpkV7~3ye}Jcx4dnb
zz<u$3%@$6bO+w<**Ik*S>;4BjMXDG-w4HcFWtHP;pYrq5n|sA1E~a0tyOvX&){z-u
zVlzEU=RuD5;~N4|=eE4m_l<~{{V7JQVDa~lOH?zB52cGg)tOpmBf0Fs)d07gYaufi
z@3s%RIhl!>k%4h>;{=1oUU0gT6=q>FU;w5%Z~|}p;l#+u!otkNx&W9ym_udxSj1RF
zJhi)dCQlIF_~B{c%E+{U8HF=rz8c7bq?K8KDXc-nCS85zy}ha1<|(S5-8sEz)Aa+*
z*THF4mY<RFKiIqn5c5=7#0*5(IJDUqSy|bcncyrI<VXW%3}B=&GI&kfa=WB^Q_6F;
zHKiXUqQVs<rff{Ex-c(vMr!oob$?#_d54CDv5CkVz1;d_Lsdr5f2XeobGg)o?`@aO
zdz7b<VzTP=(?tuil;dPpyll<by-nY(OZTzoz5`(q)2>gQWGno;r^I>t-@DQrjxu6j
zx$Y}eUly6L!fD#Csm-?<xprN7zh3d-jA+Gm+F~yru~Y>8*jMuC>~9kt|0kPwEjahM
zSIN|FyZiL%9g-6d=QU?9?l+wrFQNU7Nql07y2qSNx2zm@JX^Kr)6e{zAhFZ`yjJ9_
zoVzLZWN)#A>YhN)gyWVg3?Ex9=W{y0`vLEk8Jh!px<roJ|8xD}z^A+GQOobE7B8yj
z7&bAU0w&yJz%t07ao*r9D_{j1auJDI&apHxGSr9s+G%v6INwAtuqRC3xp&P3tG4@6
z?cSG#{qA4uTU@a7!pCL_`%Q**Z7-L;dhwujC%;g!fbN4yH*Z97Cq6&+Zr_@!Lmb8-
zoU$6uA!;A5T#w)}dZV@2_H9dIZLj$3DT`SC&CL4VHG4U?+|q{`bMof@KcL7ydG_Zx
zg-*E{mroRVe>~Id@b}jv|CrOEOI$khEZ<DZGqYU$@wU~RS)M(|4!liRZcuk1FF1a2
zQfAv%tIgJiH_QxM)XO%{-t}C1_r$P{%K=X&Rr6=QzbYfUNG~VtyX!xrsx5m%HoZAr
swRw$ftW1E4N4mYp61`A6vtJR@Jr0FDGx_#FuC3zyw`(hXYY$xm0Evr9G5`Po

literal 0
HcmV?d00001