forked from wolfSSL/wolfssl
passing the rest of the PKCS7 unit tests
This commit is contained in:
JacobBarthelmeh
@@ -12436,6 +12436,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
tmpIdx = idx;
|
tmpIdx = idx;
|
||||||
pkcs7->stream->aadSz = decryptedKeySz;
|
pkcs7->stream->aadSz = decryptedKeySz;
|
||||||
|
pkcs7->stream->expected = MAX_LENGTH_SZ + MAX_VERSION_SZ + ASN_TAG_SZ;
|
||||||
#endif
|
#endif
|
||||||
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_3);
|
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_3);
|
||||||
FALL_THROUGH;
|
FALL_THROUGH;
|
||||||
@@ -12443,14 +12444,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
case WC_PKCS7_ENV_3:
|
case WC_PKCS7_ENV_3:
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_SEQ_SZ +
|
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
|
||||||
MAX_OID_SZ + MAX_ALGO_SZ + ASN_TAG_SZ +
|
&pkiMsg, &idx)) != 0) {
|
||||||
MAX_LENGTH_SZ, &pkiMsg, &idx))
|
|
||||||
!= 0) {
|
|
||||||
//if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
|
|
||||||
// MAX_VERSION_SZ + ASN_TAG_SZ +
|
|
||||||
// MAX_LENGTH_SZ, &pkiMsg, &idx))
|
|
||||||
// != 0) {
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
|
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
|
||||||
@@ -12464,6 +12459,18 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
/* Did we get enough for the expected length? */
|
||||||
|
if (length > (int)pkcs7->stream->expected &&
|
||||||
|
length > (int)pkiMsgSz) {
|
||||||
|
pkcs7->stream->expected = length + 1;
|
||||||
|
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
|
||||||
|
&pkiMsg, &idx)) != 0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
|
if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
|
||||||
pkiMsgSz) < 0) {
|
pkiMsgSz) < 0) {
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
@@ -13407,12 +13414,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
byte authTag[WC_AES_BLOCK_SIZE];
|
byte authTag[WC_AES_BLOCK_SIZE];
|
||||||
byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */
|
byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */
|
||||||
int nonceSz = 0, authTagSz = 0, macSz = 0;
|
int nonceSz = 0, authTagSz = 0, macSz = 0;
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
byte* decryptedKey = NULL;
|
byte* decryptedKey = NULL;
|
||||||
#else
|
|
||||||
byte decryptedKey[MAX_ENCRYPTED_KEY_SZ];
|
|
||||||
#endif
|
|
||||||
int encryptedContentSz = 0;
|
int encryptedContentSz = 0;
|
||||||
int encryptedAllocSz = 0;
|
int encryptedAllocSz = 0;
|
||||||
byte* encryptedContent = NULL;
|
byte* encryptedContent = NULL;
|
||||||
@@ -13464,7 +13466,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
|
decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap,
|
||||||
DYNAMIC_TYPE_PKCS7);
|
DYNAMIC_TYPE_PKCS7);
|
||||||
if (decryptedKey == NULL) {
|
if (decryptedKey == NULL) {
|
||||||
@@ -13476,7 +13477,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
}
|
}
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
pkcs7->stream->key = decryptedKey;
|
pkcs7->stream->key = decryptedKey;
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
|
XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ);
|
||||||
FALL_THROUGH;
|
FALL_THROUGH;
|
||||||
@@ -13490,10 +13490,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
case WC_PKCS7_DECRYPT_ORI:
|
case WC_PKCS7_DECRYPT_ORI:
|
||||||
|
|
||||||
decryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
|
decryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifndef NO_PKCS7_STREAM
|
||||||
#ifndef NO_PKCS7_STREAM
|
|
||||||
decryptedKey = pkcs7->stream->key;
|
decryptedKey = pkcs7->stream->key;
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ret = wc_PKCS7_DecryptRecipientInfos(pkcs7, in, inSz, &idx,
|
ret = wc_PKCS7_DecryptRecipientInfos(pkcs7, in, inSz, &idx,
|
||||||
@@ -13511,14 +13509,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
tmpIdx = idx;
|
tmpIdx = idx;
|
||||||
|
pkcs7->stream->expected = MAX_SEQ_SZ;
|
||||||
#endif
|
#endif
|
||||||
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_3);
|
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_3);
|
||||||
FALL_THROUGH;
|
FALL_THROUGH;
|
||||||
|
|
||||||
case WC_PKCS7_AUTHENV_3:
|
case WC_PKCS7_AUTHENV_3:
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_SEQ_SZ +
|
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
|
||||||
MAX_ALGO_SZ + MAX_ALGO_SZ + ASN_TAG_SZ,
|
|
||||||
&pkiMsg, &idx)) != 0) {
|
&pkiMsg, &idx)) != 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -13526,10 +13524,21 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* remove EncryptedContentInfo */
|
/* remove EncryptedContentInfo */
|
||||||
if (ret == 0 && GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) {
|
if (ret == 0 && GetSequence_ex(pkiMsg, &idx, &length, pkiMsgSz, 0) < 0) {
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* check that the expected size was acurate */
|
||||||
|
if (ret == 0) {
|
||||||
|
if (length > (int)pkcs7->stream->expected && length > (int)pkiMsgSz) {
|
||||||
|
pkcs7->stream->expected = length + 1;
|
||||||
|
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
|
||||||
|
&pkiMsg, &idx)) != 0) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
|
if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType,
|
||||||
pkiMsgSz) < 0) {
|
pkiMsgSz) < 0) {
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
@@ -13639,8 +13648,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == 0 && GetLength(pkiMsg, &idx, &encryptedContentSz,
|
if (ret == 0 && GetLength_ex(pkiMsg, &idx, &encryptedContentSz,
|
||||||
pkiMsgSz) <= 0) {
|
pkiMsgSz, 0) <= 0) {
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -13680,7 +13689,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pkcs7->stream->expected = (word32)encryptedContentSz;
|
pkcs7->stream->expected = (word32)encryptedContentSz + MAX_LENGTH_SZ +
|
||||||
|
ASN_TAG_SZ + ASN_TAG_SZ;
|
||||||
wc_PKCS7_StreamStoreVar(pkcs7, encOID, blockKeySz,
|
wc_PKCS7_StreamStoreVar(pkcs7, encOID, blockKeySz,
|
||||||
encryptedContentSz);
|
encryptedContentSz);
|
||||||
#endif
|
#endif
|
||||||
@@ -13690,21 +13700,19 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
|
|
||||||
case WC_PKCS7_AUTHENV_5:
|
case WC_PKCS7_AUTHENV_5:
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
|
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
|
||||||
ASN_TAG_SZ + ASN_TAG_SZ + pkcs7->stream->expected,
|
|
||||||
&pkiMsg, &idx)) != 0) {
|
&pkiMsg, &idx)) != 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
|
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
|
||||||
|
|
||||||
encryptedContentSz = (int)pkcs7->stream->expected;
|
wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz, &encryptedContentSz);
|
||||||
#else
|
#else
|
||||||
pkiMsgSz = inSz;
|
pkiMsgSz = inSz;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (expBlockSz == 0) {
|
if (expBlockSz == 0) {
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
wc_PKCS7_StreamGetVar(pkcs7, &encOID, NULL, NULL);
|
|
||||||
#endif
|
#endif
|
||||||
if (encOID == 0)
|
if (encOID == 0)
|
||||||
expBlockSz = 1;
|
expBlockSz = 1;
|
||||||
@@ -13737,7 +13745,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
idx += (word32)encryptedContentSz;
|
idx += (word32)encryptedContentSz;
|
||||||
}
|
}
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
pkcs7->stream->bufferPt = encryptedContent;
|
pkcs7->stream->bufferPt = encryptedContent;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* may have IMPLICIT [1] authenticatedAttributes */
|
/* may have IMPLICIT [1] authenticatedAttributes */
|
||||||
@@ -13748,8 +13756,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
encodedAttribs = pkiMsg + idx;
|
encodedAttribs = pkiMsg + idx;
|
||||||
idx++;
|
idx++;
|
||||||
|
|
||||||
if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) <= 0)
|
if (GetLength_ex(pkiMsg, &idx, &length, pkiMsgSz, 0) <= 0) {
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
|
}
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
pkcs7->stream->expected = (word32)length;
|
pkcs7->stream->expected = (word32)length;
|
||||||
#endif
|
#endif
|
||||||
@@ -13768,8 +13777,13 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
XMEMCPY(pkcs7->stream->aad, encodedAttribs,
|
/* From RFC5083, "For the purpose of constructing the AAD, the
|
||||||
(idx - encodedAttribIdx));
|
* IMPLICIT [1] tag in the authAttrs field is not used for the
|
||||||
|
* DER encoding: rather a universal SET OF tag is used. */
|
||||||
|
if (SetSet(length, pkcs7->stream->aad) < 0) {
|
||||||
|
ret = ASN_PARSE_E;
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -13784,7 +13798,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
|
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
pkcs7->stream->expected = MAX_LENGTH_SZ + ASN_TAG_SZ;
|
||||||
#endif
|
#endif
|
||||||
|
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND);
|
||||||
goto authenv_atrbend; /* jump over attribute cases */
|
goto authenv_atrbend; /* jump over attribute cases */
|
||||||
}
|
}
|
||||||
FALL_THROUGH;
|
FALL_THROUGH;
|
||||||
@@ -13813,14 +13829,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
idx += (word32)length;
|
idx += (word32)length;
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if (encodedAttribSz > 0) {
|
if (pkcs7->stream->aadSz > 0) {
|
||||||
XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - (word32)length),
|
XMEMCPY(pkcs7->stream->aad + (pkcs7->stream->aadSz - (word32)length),
|
||||||
authAttrib, (word32)authAttribSz);
|
authAttrib, (word32)authAttribSz);
|
||||||
}
|
}
|
||||||
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
|
if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
pkcs7->stream->expected = MAX_LENGTH_SZ + ASN_TAG_SZ;
|
||||||
#endif
|
#endif
|
||||||
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND);
|
wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND);
|
||||||
FALL_THROUGH;
|
FALL_THROUGH;
|
||||||
@@ -13828,8 +13844,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
|
|||||||
case WC_PKCS7_AUTHENV_ATRBEND:
|
case WC_PKCS7_AUTHENV_ATRBEND:
|
||||||
authenv_atrbend:
|
authenv_atrbend:
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ +
|
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
|
||||||
ASN_TAG_SZ, &pkiMsg, &idx)) != 0) {
|
&pkiMsg, &idx)) != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
|
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
|
||||||
@@ -13841,17 +13857,30 @@ authenv_atrbend:
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* get authTag OCTET STRING */
|
localIdx = idx;
|
||||||
if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) {
|
|
||||||
|
/* Get authTag OCTET STRING */
|
||||||
|
if (ret == 0 && pkiMsg[localIdx] != ASN_OCTET_STRING) {
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
if (ret == 0 && tag != ASN_OCTET_STRING) {
|
localIdx++; /* move past ASN_OCTET_STRING */
|
||||||
|
|
||||||
|
if (ret == 0 && GetLength_ex(pkiMsg, &localIdx, &authTagSz, pkiMsgSz, 0) < 0) {
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == 0 && GetLength(pkiMsg, &idx, &authTagSz, pkiMsgSz) < 0) {
|
/* there might not be enough data for the auth tag too, check here */
|
||||||
ret = ASN_PARSE_E;
|
if (ret == 0) {
|
||||||
|
if ((authTagSz + (localIdx - idx)) > pkcs7->stream->expected &&
|
||||||
|
(authTagSz + (localIdx - idx)) > pkiMsgSz) {
|
||||||
|
pkcs7->stream->expected = authTagSz + (localIdx - idx);
|
||||||
|
if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
|
||||||
|
&pkiMsg, &idx)) != 0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
idx = localIdx;
|
||||||
|
|
||||||
if (ret == 0 && authTagSz > (int)sizeof(authTag)) {
|
if (ret == 0 && authTagSz > (int)sizeof(authTag)) {
|
||||||
WOLFSSL_MSG("AuthEnvelopedData authTag too large for buffer");
|
WOLFSSL_MSG("AuthEnvelopedData authTag too large for buffer");
|
||||||
@@ -13940,9 +13969,7 @@ authenv_atrbend:
|
|||||||
wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz,
|
wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz,
|
||||||
&encryptedContentSz);
|
&encryptedContentSz);
|
||||||
encryptedContent = pkcs7->stream->bufferPt;
|
encryptedContent = pkcs7->stream->bufferPt;
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
decryptedKey = pkcs7->stream->key;
|
decryptedKey = pkcs7->stream->key;
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* decrypt encryptedContent */
|
/* decrypt encryptedContent */
|
||||||
@@ -13969,12 +13996,10 @@ authenv_atrbend:
|
|||||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
encryptedContent = NULL;
|
encryptedContent = NULL;
|
||||||
ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
decryptedKey = NULL;
|
decryptedKey = NULL;
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
pkcs7->stream->key = NULL;
|
pkcs7->stream->key = NULL;
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
ret = encryptedContentSz;
|
ret = encryptedContentSz;
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
@@ -13987,23 +14012,25 @@ authenv_atrbend:
|
|||||||
ret = BAD_FUNC_ARG;
|
ret = BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
|
if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
|
||||||
if (decryptedKey != NULL) {
|
if (decryptedKey != NULL) {
|
||||||
ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
||||||
|
XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
|
decryptedKey = NULL;
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
pkcs7->stream->key = NULL;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
if (ret < 0) {
|
|
||||||
if (encryptedContent != NULL) {
|
if (encryptedContent != NULL) {
|
||||||
ForceZero(encryptedContent, (word32)encryptedContentSz);
|
ForceZero(encryptedContent, (word32)encryptedContentSz);
|
||||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||||
encryptedContent = NULL;
|
encryptedContent = NULL;
|
||||||
|
#ifndef NO_PKCS7_STREAM
|
||||||
|
pkcs7->stream->bufferPt = NULL;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ);
|
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef NO_PKCS7_STREAM
|
#ifndef NO_PKCS7_STREAM
|
||||||
if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
|
if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user