wolfSSL recently expanded our PKCS#7 support in the wolfSSL embedded TLS library with the addition of:
- Functional parsing of multiple certificates in SignedData types
- Support for parsing SignedData degenerate types
- A getter function for retrieving bundle attributes
- Internal BER to DER translation
- A public API for PKCS#7 type padding
Expanding on the feature list above, our PKCS#7 certificate handling prior to wolfSSL 3.14.0 parsed only the first certificate in the chain when a SignedData bundle contained multiple certificates. As of 3.14.0, wolfSSL is now able to parse multiple certificates.
The pad function, wc_PKCS7_PadData(), adds pad bytes to the input data and operates on a particular block size.
In wolfSSL 3.14.0, we added a translation function for internally converting from BER ASN.1 encoding to DER encoding for interoperability, as well as adding a getter function (wc_PKCS7_GetAttributeValue()) to return data attribute values.
Lastly, support for PKCS#7 degenerate SignedData types, where there are no signers on the content was added. The degenerate case provides means for disseminating certificates and certificate-revocation lists, as defined in RFC 2315. These additions to wolfSSL’s PKCS#7 support further strengthen the security for IoT devices requiring TLS functionality.