Updated PKCS#7 Support in wolfSSL 3.14.0

wolfSSL recently expanded our PKCS#7 support in the wolfSSL embedded TLS library with the addition of:

  • Functional parsing of multiple certificates in SignedData types
  • Support for parsing SignedData degenerate types
  • A getter function for retrieving bundle attributes
  • Internal BER to DER translation
  • A public API for PKCS#7 type padding

Expanding on the feature list above, our PKCS#7 certificate handling prior to wolfSSL 3.14.0 parsed only the first certificate in the chain when a SignedData bundle contained multiple certificates. As of 3.14.0, wolfSSL is now able to parse multiple certificates.

The pad function, wc_PKCS7_PadData(), adds pad bytes to the input data and operates on a particular block size.

In wolfSSL 3.14.0, we added a translation function for internally converting from BER ASN.1 encoding to DER encoding for interoperability, as well as adding a getter function (wc_PKCS7_GetAttributeValue()) to return data attribute values.

Lastly, support for PKCS#7 degenerate SignedData types, where there are no signers on the content was added. The degenerate case provides means for disseminating certificates and certificate-revocation lists, as defined in RFC 2315. These additions to wolfSSL’s PKCS#7 support further strengthen the security for IoT devices requiring TLS functionality.