Skip to content

Commit 4fe2e7f

Browse files
JacobBarthelmehJacobBarthelmeh
authored
Merge pull request #10128 from kareem-wolfssl/zd21526_21530
PKCS7 Fixes
2 parents 9d46b57 + b3c2877 commit 4fe2e7f

1 file changed

Lines changed: 35 additions & 17 deletions

File tree

wolfcrypt/src/pkcs7.c

Lines changed: 35 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -2197,7 +2197,6 @@ static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd,
21972197
#endif
21982198
word32 idx = 0;
21992199
word32 atrIdx = 0;
2200-
word32 cannedAttribsCount;
22012200

22022201
if (pkcs7 == NULL || esd == NULL || contentType == NULL ||
22032202
contentTypeOid == NULL || messageDigestOid == NULL ||
@@ -2220,8 +2219,6 @@ static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd,
22202219
return timeSz;
22212220
#endif
22222221

2223-
cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);
2224-
22252222
XMEMSET(&cannedAttribs[idx], 0, sizeof(cannedAttribs[idx]));
22262223

22272224
if ((pkcs7->defaultSignedAttribs & WOLFSSL_CONTENT_TYPE_ATTRIBUTE) ||
@@ -2253,10 +2250,10 @@ static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd,
22532250
idx++;
22542251
}
22552252

2256-
esd->signedAttribsCount += cannedAttribsCount;
2253+
esd->signedAttribsCount += idx;
22572254
esd->signedAttribsSz += (word32)EncodeAttributes(
22582255
&esd->signedAttribs[atrIdx], (int)idx, cannedAttribs,
2259-
(int)cannedAttribsCount);
2256+
(int)idx);
22602257
atrIdx += idx;
22612258
} else {
22622259
esd->signedAttribsCount = 0;
@@ -13242,6 +13239,13 @@ int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
1324213239
}
1324313240
wc_PKCS7_DecryptContentFree(pkcs7, encOID, pkcs7->heap);
1324413241
} else {
13242+
word32 tmpSum;
13243+
if (!WC_SAFE_SUM_WORD32(idx, (word32)encryptedContentTotalSz, tmpSum) ||
13244+
tmpSum > pkiMsgSz) {
13245+
ret = BUFFER_E;
13246+
break;
13247+
}
13248+
1324513249
pkcs7->cachedEncryptedContentSz =
1324613250
(word32)encryptedContentTotalSz;
1324713251
pkcs7->totalEncryptedContentSz =
@@ -14387,9 +14391,17 @@ int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
1438714391
}
1438814392

1438914393
if (ret == 0) {
14390-
XMEMCPY(encryptedContent, &pkiMsg[idx],
14394+
word32 tmpSum;
14395+
if (!WC_SAFE_SUM_WORD32(idx, (word32)encryptedContentSz,
14396+
tmpSum) ||
14397+
tmpSum > pkiMsgSz) {
14398+
ret = BUFFER_E;
14399+
break;
14400+
} else {
14401+
XMEMCPY(encryptedContent, &pkiMsg[idx],
1439114402
(word32)encryptedContentSz);
14392-
idx += (word32)encryptedContentSz;
14403+
idx += (word32)encryptedContentSz;
14404+
}
1439314405
}
1439414406
#ifndef NO_PKCS7_STREAM
1439514407
pkcs7->stream->bufferPt = encryptedContent;
@@ -15323,16 +15335,22 @@ int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz,
1532315335
}
1532415336

1532515337
if (ret == 0) {
15326-
XMEMCPY(encryptedContent, &pkiMsg[idx],
15327-
(unsigned int)encryptedContentSz);
15328-
idx += (word32)encryptedContentSz;
15329-
15330-
/* decrypt encryptedContent */
15331-
ret = wc_PKCS7_DecryptContent(pkcs7, encOID,
15332-
pkcs7->encryptionKey, pkcs7->encryptionKeySz,
15333-
tmpIv, expBlockSz, NULL, 0, NULL, 0,
15334-
encryptedContent, encryptedContentSz,
15335-
encryptedContent, pkcs7->devId, pkcs7->heap);
15338+
word32 tmpSum;
15339+
if (!WC_SAFE_SUM_WORD32(idx, (word32)encryptedContentSz, tmpSum) ||
15340+
tmpSum > pkiMsgSz) {
15341+
ret = BUFFER_E;
15342+
} else {
15343+
XMEMCPY(encryptedContent, &pkiMsg[idx],
15344+
(unsigned int)encryptedContentSz);
15345+
idx += (word32)encryptedContentSz;
15346+
15347+
/* decrypt encryptedContent */
15348+
ret = wc_PKCS7_DecryptContent(pkcs7, encOID,
15349+
pkcs7->encryptionKey, pkcs7->encryptionKeySz,
15350+
tmpIv, expBlockSz, NULL, 0, NULL, 0,
15351+
encryptedContent, encryptedContentSz,
15352+
encryptedContent, pkcs7->devId, pkcs7->heap);
15353+
}
1533615354
if (ret != 0) {
1533715355
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
1533815356
}

0 commit comments

Comments
 (0)