Skip to content

Fix PKCS7 SignerIdentifier SKID to implicit [0] tagging#10937

Open
embhorn wants to merge 1 commit into
wolfSSL:masterfrom
embhorn:zd22160
Open

Fix PKCS7 SignerIdentifier SKID to implicit [0] tagging#10937
embhorn wants to merge 1 commit into
wolfSSL:masterfrom
embhorn:zd22160

Conversation

@embhorn

@embhorn embhorn commented Jul 16, 2026

Copy link
Copy Markdown
Member

Description

PKCS7_EncodeSigned emitted the SignedData SignerIdentifier subjectKeyIdentifier as an explicit [0] wrapper around an OCTET STRING (0xA0 len 0x04 len value). RFC 5652 defines the CMS module with IMPLICIT TAGS, so the [0] choice must use an implicit context tag that replaces the OCTET STRING tag (0x80 len value). Strict DER parsers such as OpenSSL reject the explicit form.

Encode with SetImplicit(ASN_OCTET_STRING, ...) and remove the now unused inner OCTET STRING header and its ESD struct members. The decoder already accepts both the explicit and implicit forms, so SignedData produced by earlier releases still verifies.

Fixes zd22160

Testing

Add a regression test asserting the implicit wire form and round-trip verify, plus a decode test that verifies a captured explicit-form fixture so the backward-compatible parse path stays covered.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@embhorn embhorn self-assigned this Jul 16, 2026
Copilot AI review requested due to automatic review settings July 16, 2026 21:22

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request corrects CMS/PKCS7 SignedData SignerIdentifier.subjectKeyIdentifier encoding to use implicit context-specific [0] tagging (per RFC 5652 IMPLICIT TAGS), improving interoperability with strict DER parsers (e.g., OpenSSL) while keeping decode compatibility with legacy explicit-form outputs.

Changes:

  • Update PKCS7_EncodeSigned() to emit SKID as implicit [0] (context-specific primitive tag 0x80) rather than an explicit wrapper.
  • Remove the now-unneeded inner OCTET STRING header fields/sizing from the ESD encoding state.
  • Add regression tests to (a) assert implicit wire form + round-trip verify, and (b) verify decoding of a captured legacy explicit-form fixture.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
wolfcrypt/src/pkcs7.c Switch SKID SignerIdentifier encoding to implicit [0] tagging and adjust size/write-out logic accordingly.
tests/api/test_pkcs7.h Register two new PKCS7 SignedData regression tests in the test declarations list.
tests/api/test_pkcs7.c Add encoding/decoding regression tests covering implicit SKID emission and legacy explicit SKID acceptance.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Frauschi

Copy link
Copy Markdown
Contributor

Jenkins retest this please

@Frauschi Frauschi left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@embhorn

embhorn commented Jul 17, 2026

Copy link
Copy Markdown
Member Author

Pending customer review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants