Unable to parse PKCS7 Der

[lijintv07]

Question

Hi,
I am trying to parse Der format PKCS7 certificate using mbedtls_pkcs7_parse_der function. but parse fails at pkcs7_get_signed_data and returns " mbedtls_pkcs7_parse_der_ret: -5560" .
On further debugging it seems that the error pops from pkcs7_get_digest_algorithm_set where mbedtls_asn1_get_alg_null fails and returns MBEDTLS_ERR_ASN1_OUT_OF_DATA.

The same PKCS7 certificate is getting successfully parsed using OpenSSL and WolfSSL.

Attached the source

#define PKCS7_TEST_CERT                                                         \
"MIIBgQYJKoZIhvcNAQcCoIIBcjCCAW4CAQExADALBgkqhkiG9w0BBwGgggFWMIIB\r\n"		\
"UjCB+qADAgECAgkAsOsMO552gHQwCgYIKoZIzj0EAwIwFzEVMBMGA1UEAxMMZXN0\r\n"		\
"RXhhbXBsZUNBMB4XDTE5MDgwOTIwMjUzOFoXDTI5MDgwNjIwMjUzOFowFzEVMBMG\r\n"		\
"A1UEAxMMZXN0RXhhbXBsZUNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEe/4T\r\n"		\
"lZtkyUP7v6F8GHdJLzjQvwahFDBj0L/oPfxf00oDHya5wsU2wT0cV7L70hPD1n4d\r\n"		\
"xhG/1JYX2UK10zflqKMvMC0wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU2f8OcSG4\r\n"		\
"J8B3LPU203cyUF2DQCEwCgYIKoZIzj0EAwIDRwAwRAIgTgMXKl86lcQr3mTo2uXb\r\n"		\
"SZt8had163ft+9LBCqoxHiICIAfzhrTBBKSUxZQDeGIahr4OLQlS7GeSNGK1ey5t\r\n"		\
"EG+ZMQA=\r\n"

#define MAX_DATA_SIZE (4096)

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "mbedtls/pkcs7.h"
#include "mbedtls/base64.h"
int main()
{
    printf("Conversion of PKCS7 to X.509\r\n");
    int ret = 0;
    mbedtls_pkcs7 PKCS7;
    char cert[] = PKCS7_TEST_CERT;
    char OutBuf[MAX_DATA_SIZE];
    size_t OutLen;
    ret = mbedtls_base64_decode(OutBuf, MAX_DATA_SIZE, &OutLen, cert, strlen(cert));
    if(ret !=0 )
    {
        printf("failed! mbedtls_base64_decode_ret: -%04x\r\n", -ret);
        return ret;
    }
    mbedtls_pkcs7_init(&PKCS7);
    ret = mbedtls_pkcs7_parse_der(OutBuf, OutLen, &PKCS7);
    if(ret !=0 )
    {
        printf("failed! mbedtls_pkcs7_parse_der_ret: -%04x\r\n", -ret);
        return ret;
    }
    mbedtls_pkcs7_free(&PKCS7);
}

[yanyan1694]

How did you solve this problem in the end, I encountered the same problem, I would like to refer to your solution