Merge pull request #8634 from JacobBarthelmeh/pkcs7_stream

account for edge case with pkcs7 streaming
2025-04-07 16:01:14 -07:00
parent 18ed67a27d 04dce0e223
commit 6d299ea943
1 changed files with 22 additions and 11 deletions
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@ -2635,21 +2635,32 @@ static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes,
            /* check and handle octet boundary */
            sz = contentDataRead;
            if ((int)idx + sz > BER_OCTET_LENGTH) {
-                sz = BER_OCTET_LENGTH - (int)idx;
+                int amtWritten = 0;
                contentDataRead -= sz;
-                XMEMCPY(contentData + idx, buf, (word32)sz);
+                /* loop over current buffer until it is empty */
-                ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType,
+                while (idx + (word32)sz > BER_OCTET_LENGTH) {
-                    aes, encContentOut, contentData, BER_OCTET_LENGTH, out,
+                    sz = BER_OCTET_LENGTH;
-                    &outIdx, esd);
+                    if (idx > 0) { /* account for previously stored data */
-                if (ret != 0) {
+                        sz = BER_OCTET_LENGTH - (int)idx;
-                    XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
+                    }
-                    XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
+                    contentDataRead -= sz;
-                    return ret;
+
                    XMEMCPY(contentData + idx, buf, (word32)sz);
                    ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType,
                        aes, encContentOut, contentData, BER_OCTET_LENGTH, out,
                        &outIdx, esd);
                    if (ret != 0) {
                        XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7);
                        XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7);
                        return ret;
                    }
                    idx = 0; /* cleared out previously stored data */
                    amtWritten += sz;
                    sz  = contentDataRead;
                }
                /* copy over any remaining data */
-                XMEMCPY(contentData, buf + sz, (word32)contentDataRead);
+                XMEMCPY(contentData, buf + amtWritten, (word32)contentDataRead);
                idx = (word32)contentDataRead;
            }
            else {