From 9bda19fd252d3184ec3c0fa641770d1df1e38af9 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Mon, 3 Dec 2018 11:15:33 -0800
Subject: [PATCH] fix for PKCS7 KEKRI array bounds check warning on gcc 8.2.0

---
 wolfcrypt/src/pkcs7.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index c036b5e7f..b03c641e5 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -6683,6 +6683,10 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek,
         return encryptedKeySz;
     }
 
+    if (encryptedKeySz > MAX_ENCRYPTED_KEY_SZ) {
+        return WC_KEY_SIZE_E;
+    }
+
     encKeyOctetStrSz = SetOctetString(encryptedKeySz, encKeyOctetStr);
     totalSz += (encKeyOctetStrSz + encryptedKeySz);