diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 4be4f0f3cb..03b61bc058 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -558,7 +558,8 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz, return MEMORY_E; }); /* unicode set up from asn.c */ - if ((pswSz * 2 + 2) > MAX_UNICODE_SZ) { + if (pswSz >= MAX_UNICODE_SZ || + (pswSz * 2 + 2) > MAX_UNICODE_SZ) { WOLFSSL_MSG("PKCS12 max unicode size too small"); ret = UNICODE_SIZE_E; goto exit_mac; diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index 9c80ee1da4..a136db514f 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -467,7 +467,9 @@ int wc_CryptKey(const char* password, int passwordSz, const byte* salt, int i, idx = 0; byte unicodePasswd[MAX_UNICODE_SZ]; - if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) { + if (passwordSz < 0 || + passwordSz >= (int)sizeof(unicodePasswd) || + (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) { ret = UNICODE_SIZE_E; break; }