Merge pull request #5564 from douzzer/20220907-fixes

20220907-fixes

wolfcrypt/src/pkcs7.c

@@ -8469,7 +8469,6 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
 {
     int length, encryptedKeySz = 0, ret = 0;
     int keySz, version, sidType = 0;
-    word32 encOID;
     word32 keyIdx;
     byte   issuerHash[KEYID_SIZE];
     byte*  outKey   = NULL;
@@ -8484,9 +8483,6 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
 #ifdef WC_RSA_BLINDING
     WC_RNG rng;
 #endif
-#ifndef WC_NO_RSA_OAEP
-    word32 outLen;
-#endif
 
     byte* encryptedKey = NULL;
 
@@ -8648,19 +8644,30 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                 (*idx) += KEYID_SIZE;
             }
 
+            {
+                word32 encOID = 0;
+
                 if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0)
                     return ASN_PARSE_E;
 
+                if (encOID != pkcs7->publicKeyOID) {
+                    WOLFSSL_MSG("public key OID found in KTRI doesn't match "
+                                "OID stored earlier.");
+                    WOLFSSL_ERROR(ALGO_ID_E);
+                    return ALGO_ID_E;
+                }
+            }
+
             /* key encryption algorithm must be RSA for now */
-            if (encOID != RSAk
+            if (pkcs7->publicKeyOID != RSAk
             #ifndef WC_NO_RSA_OAEP
-                && encOID != RSAESOAEPk 
+                && pkcs7->publicKeyOID != RSAESOAEPk
             #endif
                 )
                 return ALGO_ID_E;
 
         #ifndef WC_NO_RSA_OAEP
-            if (encOID == RSAESOAEPk) {
+            if (pkcs7->publicKeyOID == RSAESOAEPk) {
                 if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) {
                     return ASN_PARSE_E;
                 }
@@ -8697,6 +8704,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
             FALL_THROUGH;
 
         case WC_PKCS7_DECRYPT_KTRI_3:
+
         #ifndef NO_PKCS7_STREAM
             if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
                             pkcs7->stream->expected, &pkiMsg, idx)) != 0) {
@@ -8770,7 +8778,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
             #endif
                 {
             #ifndef WC_NO_RSA_OAEP
-                    if (encOID != RSAESOAEPk) {
+                    if (pkcs7->publicKeyOID != RSAESOAEPk) {
             #endif
                         keySz = wc_RsaPrivateDecryptInline(encryptedKey,
                                                         encryptedKeySz, &outKey,
@@ -8778,7 +8786,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
             #ifndef WC_NO_RSA_OAEP
                     }
                     else {
-                        outLen =  wc_RsaEncryptSize(privKey);
+                        word32 outLen = wc_RsaEncryptSize(privKey);
                         outKey = (byte*)XMALLOC(outLen, pkcs7->heap,
                                                     DYNAMIC_TYPE_TMP_BUFFER);
                         if (!outKey) {
@@ -8819,7 +8827,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                 XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
         #endif
         #ifndef WC_NO_RSA_OAEP
-                if (encOID == RSAESOAEPk) {
+                if (pkcs7->publicKeyOID == RSAESOAEPk) {
                     if (!outKey) {
                         XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
                     }
@@ -8837,7 +8845,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
             XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
         #endif
         #ifndef WC_NO_RSA_OAEP
-            if (encOID == RSAESOAEPk) {
+            if (pkcs7->publicKeyOID == RSAESOAEPk) {
                 if (!outKey) {
                     XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
                 }