From bf95f80c6d390a93d0bd98ad511b92b3668cc47a Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 8 Apr 2025 10:00:42 -0600
Subject: [PATCH 1/4] additional PKCS7 streaming test case

---
 tests/api.c | 76 +++++++++++++++++++++++++++++++----------------------
 1 file changed, 44 insertions(+), 32 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index 0a0913586..c87f24ab0 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -15631,6 +15631,7 @@ typedef struct encodeSignedDataStream {
     byte out[FOURK_BUF*3];
     int  idx;
     word32 outIdx;
+    word32 chunkSz; /* max amount of data to be returned */
 } encodeSignedDataStream;
 
 
@@ -15641,8 +15642,8 @@ static int GetContentCB(PKCS7* pkcs7, byte** content, void* ctx)
     encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
 
     if (strm->outIdx  < pkcs7->contentSz) {
-        ret = (pkcs7->contentSz > strm->outIdx + FOURK_BUF)?
-                FOURK_BUF : pkcs7->contentSz - strm->outIdx;
+        ret = (pkcs7->contentSz > strm->outIdx + strm->chunkSz)?
+                strm->chunkSz : pkcs7->contentSz - strm->outIdx;
         *content = strm->out + strm->outIdx;
         strm->outIdx += ret;
     }
@@ -15793,8 +15794,12 @@ static int test_wc_PKCS7_EncodeSignedData(void)
 
     /* reinitialize and test setting stream mode */
     {
-        int signedSz = 0;
+        int signedSz = 0, i;
         encodeSignedDataStream strm;
+        int numberOfChunkSizes = 4;
+        word32 chunkSizes[] = { 4080, 4096, 5000, 9999 };
+        /* chunkSizes were choosen to test around the default 4096 octet string
+         * size used in pkcs7.c */
 
         ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
         ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
@@ -15829,41 +15834,48 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
 
         /* use exact signed buffer size since BER encoded */
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz),
-            0);
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output,
+            (word32)signedSz), 0);
         wc_PKCS7_Free(pkcs7);
 
         /* now try with using callbacks for IO */
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+        for (i = 0; i < numberOfChunkSizes; i++) {
+            strm.idx    = 0;
+            strm.outIdx = 0;
+            strm.chunkSz = chunkSizes[i];
 
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
 
-        if (pkcs7 != NULL) {
-            pkcs7->contentSz  = FOURK_BUF*2;
-            pkcs7->privateKey = key;
-            pkcs7->privateKeySz = (word32)sizeof(key);
-            pkcs7->encryptOID = encryptOid;
-        #ifdef NO_SHA
-            pkcs7->hashOID = SHA256h;
-        #else
-            pkcs7->hashOID = SHAh;
-        #endif
-            pkcs7->rng = &rng;
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+            if (pkcs7 != NULL) {
+                pkcs7->contentSz  = 10000;
+                pkcs7->privateKey = key;
+                pkcs7->privateKeySz = (word32)sizeof(key);
+                pkcs7->encryptOID = encryptOid;
+            #ifdef NO_SHA
+                pkcs7->hashOID = SHA256h;
+            #else
+                pkcs7->hashOID = SHAh;
+            #endif
+                pkcs7->rng = &rng;
+            }
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+                StreamOutputCB, (void*)&strm), 0);
+
+            ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0),
+                0);
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+            /* use exact signed buffer size since BER encoded */
+            ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out,
+                (word32)signedSz), 0);
         }
-        XMEMSET(&strm, 0, sizeof(strm));
-        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
-            StreamOutputCB, (void*)&strm), 0);
-
-        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0), 0);
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-        /* use exact signed buffer size since BER encoded */
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out, (word32)signedSz), 0);
     }
 #endif
 #ifndef NO_PKCS7_STREAM

From 0171024c4b1fd6ca495053932ef47bc6b67f24a6 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 8 Apr 2025 10:02:16 -0600
Subject: [PATCH 2/4] fix for typo in comments

---
 tests/api.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/api.c b/tests/api.c
index c87f24ab0..31f346424 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -15798,7 +15798,7 @@ static int test_wc_PKCS7_EncodeSignedData(void)
         encodeSignedDataStream strm;
         int numberOfChunkSizes = 4;
         word32 chunkSizes[] = { 4080, 4096, 5000, 9999 };
-        /* chunkSizes were choosen to test around the default 4096 octet string
+        /* chunkSizes were chosen to test around the default 4096 octet string
          * size used in pkcs7.c */
 
         ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));

From fb6cbdd5be54a92744342f2be07742265ece06ee Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Tue, 8 Apr 2025 10:15:18 -0600
Subject: [PATCH 3/4] free PKCS7 struct at the end of test case for loop

---
 tests/api.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/api.c b/tests/api.c
index 31f346424..14c708456 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -15875,6 +15875,8 @@ static int test_wc_PKCS7_EncodeSignedData(void)
             /* use exact signed buffer size since BER encoded */
             ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out,
                 (word32)signedSz), 0);
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
         }
     }
 #endif

From 3787dbde2ba1f3734f18777cc80c237cf0490fd2 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Wed, 9 Apr 2025 09:48:50 -0600
Subject: [PATCH 4/4] fix test case, set data chunk size to use

---
 tests/api.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/api.c b/tests/api.c
index 14c708456..e7acad6a0 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -17551,6 +17551,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
 
         if (i == 0) {
             XMEMSET(&strm, 0, sizeof(strm));
+            strm.chunkSz = FOURK_BUF;
             ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
                 StreamOutputCB, (void*)&strm), 0);
             encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0);