| commit | bb82ab764f064495cb5890493d2519e313ce55d0 | [log] [tgz] |
|---|---|---|
| author | Nick Child <nick.child@ibm.com> | Fri Oct 28 12:28:54 2022 -0500 |
| committer | Nick Child <nick.child@ibm.com> | Fri Oct 28 12:28:54 2022 -0500 |
| tree | a1d1db54c819dae8827c45041e0062bbf7de2f85 | |
| parent | 73621ef0f08951885b321f0b9964203ae04c9fb5 [diff] [blame] |
pkcs7: Respond to feeback on parsing logic After recieving review on the pkcs7 parsing functions, attempt to use better API's, increase consisitency and use better documentation. The changes are in response to the following comments: - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1] - make lack of support for authenticatedAttributes more clear [2] - increment pointer in pkcs7_get_content_info_type rather than after [3] - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4] [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877 [4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103 Signed-off-by: Nick Child <nick.child@ibm.com>
diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 9486c71..2a557bf 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h
@@ -38,6 +38,9 @@ * - The RFC specifies the Signed Data type can contain * certificate-revocation lists (crls). This implementation has no support * for crls so it is assumed to be an empty list. + * - The RFC allows for SignerInfo structure to optionally contain + * unauthenticatedAttributes and authenticatedAttributes. In Mbed TLS it is + * assumed these fields are empty. */ #ifndef MBEDTLS_PKCS7_H