wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard
verified publisher icon wolfSSL

wolfSSL can't parse Authenticode PKCS7 SignedData but OpenSSL can

Open vanddlf-debug opened this issue 3 months ago • 3 comments

Version

5.8.2

Description

When I try to parse PKCS7 SignedData from PE file authenticode signatures, wolfSSL fails but OpenSSL works fine with the same data. The failure happens here

To reproduce:

  1. Get a PE file with an authenticode signature
  2. Extract the PKCS7 SignedData from it
  3. Try to parse it with wolfSSL - it fails with ASN_PARSE_E
  4. Same data works fine with OpenSSL

These are just standard PKCS7 SignedData structures so wolfSSL should be able to handle them.

vanddlf-debug avatar Sep 17 '25 21:09 vanddlf-debug

Hi @vanddlf-debug ,

Please share an example PE file, it would also be helpful if you can share your full reproducer. Alternatively a debug log would be helpful (--enable-debug --enable-debug-trace-errcodes and run wolfSSL_Debugging_ON() at the beginning of your program). How are you building wolfSSL? Please share your build settings.

kareem-wolfssl avatar Sep 17 '25 22:09 kareem-wolfssl

Hi @vanddlf-debug ,

Please share an example PE file, it would also be helpful if you can share your full reproducer. Alternatively a debug log would be helpful (--enable-debug --enable-debug-trace-errcodes and run wolfSSL_Debugging_ON() at the beginning of your program). How are you building wolfSSL? Please share your build settings.

Code Sample,

bootmgfw.zip

vanddlf-debug avatar Sep 18 '25 03:09 vanddlf-debug

Thanks for the followup. I'm assigning this issue to my colleague who will review it further.

In the meantime, can you give us more information about your project? Are you using wolfSSL in a commercial or personal project?

kareem-wolfssl avatar Sep 18 '25 17:09 kareem-wolfssl