wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

simplify and fix max stream buffer length

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-06-30 15:26:44 +07:00
parent 55002c56d2
commit 23eededc36
1 changed files with 84 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

293
wolfcrypt/src/pkcs7.c
View File

@@ -116,11 +116,6 @@ struct PKCS7State {
}; };
enum PKCS7_MaxLen {
PKCS7_DEFAULT_PEEK = 0,
PKCS7_SEQ_PEEK
};
/* creates a PKCS7State structure and returns 0 on success */ /* creates a PKCS7State structure and returns 0 on success */
static int wc_PKCS7_CreateStream(PKCS7* pkcs7) static int wc_PKCS7_CreateStream(PKCS7* pkcs7)
{ {
@@ -318,15 +313,21 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz,
} }
/* Does two things /* setter function for stored variables */
* 1) Tries to get the length from current buffer and set it as max length static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2,
* 2) Retrieves the set max length int var3)
* {
* if no flag value is set then the stored max length is returned. if (pkcs7 != NULL && pkcs7->stream != NULL) {
* returns length found on success and defSz if no stored data is found pkcs7->stream->varOne = var1;
pkcs7->stream->varTwo = var2;
pkcs7->stream->varThree = var3;
}
}
/* Tries to peek at the SEQ and get the length
* returns 0 on success
*/ */
static long wc_PKCS7_GetMaxStream(PKCS7* pkcs7, byte flag, byte* in, static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz)
word32 defSz)
{ {
/* check there is a buffer to read from */ /* check there is a buffer to read from */
if (pkcs7) { if (pkcs7) {
@@ -334,7 +335,6 @@ static long wc_PKCS7_GetMaxStream(PKCS7* pkcs7, byte flag, byte* in,
word32 idx = 0, maxIdx; word32 idx = 0, maxIdx;
byte* pt; byte* pt;
if (flag != PKCS7_DEFAULT_PEEK) {
if (pkcs7->stream->length > 0) { if (pkcs7->stream->length > 0) {
length = pkcs7->stream->length; length = pkcs7->stream->length;
pt = pkcs7->stream->buffer; pt = pkcs7->stream->buffer;
@@ -346,58 +346,35 @@ static long wc_PKCS7_GetMaxStream(PKCS7* pkcs7, byte flag, byte* in,
maxIdx = (word32)length; maxIdx = (word32)length;
if (length < MAX_SEQ_SZ) { if (length < MAX_SEQ_SZ) {
WOLFSSL_MSG("PKCS7 Error not enough data for SEQ peek\n"); WOLFSSL_MSG("PKCS7 Error not enough data for SEQ peek");
return 0; return 0;
} }
if (flag == PKCS7_SEQ_PEEK) {
if ((ret = GetSequence_ex(pt, &idx, &length, maxIdx, if ((ret = GetSequence_ex(pt, &idx, &length, maxIdx, NO_USER_CHECK))
NO_USER_CHECK)) < 0) { < 0) {
return ret; return ret;
} }
pkcs7->stream->maxLen = length + idx;
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
if (length == 0 && ret == 0) { if (length == 0 && ret == 0) {
idx = 0;
if ((ret = wc_BerToDer(pt, defSz, NULL, if ((ret = wc_BerToDer(pt, defSz, NULL,
(word32*)&length)) != LENGTH_ONLY_E) { (word32*)&length)) != LENGTH_ONLY_E) {
return ret; return ret;
} }
/* BER encoding can have 0's padded to the end. As long as
* we were able to parse out a length that was less than the
* 'defSz' passed in then set the max index that can be read
* to include the potential padding */
pkcs7->stream->maxLen = defSz;
} }
#endif /* ASN_BER_TO_DER */ #endif /* ASN_BER_TO_DER */
} pkcs7->stream->maxLen = length + idx;
}
if (pkcs7->stream->maxLen == 0) { if (pkcs7->stream->maxLen == 0) {
pkcs7->stream->maxLen = defSz; pkcs7->stream->maxLen = defSz;
} }
/* if some buffer has been read then treat that as max otherwise
* return the previous max length stored */
return (pkcs7->stream->length > 0)? pkcs7->stream->length:
pkcs7->stream->maxLen;
} }
return defSz; return 0;
} }
/* setter function for stored variables */
static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2,
int var3)
{
if (pkcs7 != NULL && pkcs7->stream != NULL) {
pkcs7->stream->varOne = var1;
pkcs7->stream->varTwo = var2;
pkcs7->stream->varThree = var3;
}
}
/* getter function for stored variables */ /* getter function for stored variables */
static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2, static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2,
int* var3) int* var3)
@@ -4308,7 +4285,6 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
word32 pkiMsgSz = inSz; word32 pkiMsgSz = inSz;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 stateIdx = 0; word32 stateIdx = 0;
long rc;
#endif #endif
byte* pkiMsg2 = in2; byte* pkiMsg2 = in2;
@@ -4356,12 +4332,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
break; break;
} }
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_SEQ_PEEK, in, inSz); if ((ret = wc_PKCS7_SetMaxStream(pkcs7, in, inSz)) != 0) {
if (rc < 0) {
ret = (int)rc;
break; break;
} }
pkiMsgSz = (word32)rc; pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
inSz;
#endif #endif
/* determine total message size */ /* determine total message size */
@@ -4397,12 +4372,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
return ASN_PARSE_E; return ASN_PARSE_E;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_SEQ_PEEK, if ((ret = wc_PKCS7_SetMaxStream(pkcs7, in, inSz)) != 0) {
pkiMsg, pkiMsgSz);
if (rc < 0) {
ret = (int)rc;
break; break;
} }
rc = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
#endif #endif
#else #else
ret = BER_INDEF_E; ret = BER_INDEF_E;
@@ -4682,19 +4655,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
break; break;
} }
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK,
pkiMsg, pkiMsgSz);
if (rc < 0) {
ret = (int)rc;
break;
}
#ifdef ASN_BER_TO_DER #ifdef ASN_BER_TO_DER
if (pkcs7->derSz != 0) if (pkcs7->derSz != 0)
pkiMsgSz = pkcs7->derSz; pkiMsgSz = pkcs7->derSz;
else else
#endif #endif
pkiMsgSz = (word32)rc; pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
inSz;
wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, (int*)&localIdx, &length); wc_PKCS7_StreamGetVar(pkcs7, &pkiMsg2Sz, (int*)&localIdx, &length);
if (pkcs7->stream->length > 0) { if (pkcs7->stream->length > 0) {
@@ -8295,7 +8262,6 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 tmpIdx = *idx; word32 tmpIdx = *idx;
long rc;
#endif #endif
#ifdef WC_RSA_BLINDING #ifdef WC_RSA_BLINDING
WC_RNG rng; WC_RNG rng;
@@ -8318,15 +8284,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
&pkiMsg, idx)) != 0) { &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK,
in, inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
if (GetMyVersion(pkiMsg, idx, &version, pkiMsgSz) < 0) if (GetMyVersion(pkiMsg, idx, &version, pkiMsgSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
@@ -9082,7 +9040,6 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
word32 pkiMsgSz = inSz; word32 pkiMsgSz = inSz;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 stateIdx = *idx; word32 stateIdx = *idx;
long rc;
#endif #endif
if (pkcs7->oriDecryptCb == NULL) { if (pkcs7->oriDecryptCb == NULL) {
@@ -9100,14 +9057,7 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz,
pkcs7->stream->length, &pkiMsg, idx)) != 0) { pkcs7->stream->length, &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
/* get OtherRecipientInfo sequence length */ /* get OtherRecipientInfo sequence length */
if (GetLength(pkiMsg, idx, &seqSz, pkiMsgSz) < 0) if (GetLength(pkiMsg, idx, &seqSz, pkiMsgSz) < 0)
@@ -9181,7 +9131,6 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
byte tag; byte tag;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 tmpIdx = *idx; word32 tmpIdx = *idx;
long rc;
#endif #endif
switch (pkcs7->state) { switch (pkcs7->state) {
@@ -9193,14 +9142,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
pkcs7->stream->length, &pkiMsg, idx)) != 0) { pkcs7->stream->length, &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
/* remove KeyDerivationAlgorithmIdentifier */ /* remove KeyDerivationAlgorithmIdentifier */
if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0) if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0)
@@ -9407,7 +9349,6 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
word32 pkiMsgSz = inSz; word32 pkiMsgSz = inSz;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 tmpIdx = *idx; word32 tmpIdx = *idx;
long rc;
#endif #endif
WOLFSSL_ENTER("wc_PKCS7_DecryptKekri"); WOLFSSL_ENTER("wc_PKCS7_DecryptKekri");
@@ -9420,14 +9361,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz,
pkcs7->stream->length, &pkiMsg, idx)) != 0) { pkcs7->stream->length, &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
/* remove KEKIdentifier */ /* remove KEKIdentifier */
if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0)
@@ -9555,7 +9489,6 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
word32 pkiMsgSz = inSz; word32 pkiMsgSz = inSz;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 tmpIdx = (idx) ? *idx : 0; word32 tmpIdx = (idx) ? *idx : 0;
long rc;
#endif #endif
WOLFSSL_ENTER("wc_PKCS7_DecryptKari"); WOLFSSL_ENTER("wc_PKCS7_DecryptKari");
@@ -9577,14 +9510,7 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
pkcs7->stream->length, &pkiMsg, idx)) != 0) { pkcs7->stream->length, &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
kari = wc_PKCS7_KariNew(pkcs7, WC_PKCS7_DECODE); kari = wc_PKCS7_KariNew(pkcs7, WC_PKCS7_DECODE);
@@ -9814,7 +9740,6 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
byte tag; byte tag;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 tmpIdx; word32 tmpIdx;
long rc;
#endif #endif
if (pkcs7 == NULL || pkiMsg == NULL || idx == NULL || if (pkcs7 == NULL || pkiMsg == NULL || idx == NULL ||
@@ -9876,11 +9801,7 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
savedIdx = *idx; savedIdx = *idx;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in, inSz); pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
if (rc < 0) {
return (int)rc;
}
pkiMsgSz = (word32)rc;
if (pkcs7->stream->length > 0) if (pkcs7->stream->length > 0)
pkiMsg = pkcs7->stream->buffer; pkiMsg = pkcs7->stream->buffer;
#endif #endif
@@ -10056,7 +9977,6 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
byte tag; byte tag;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 tmpIdx = 0; word32 tmpIdx = 0;
long rc;
#endif #endif
if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0 || idx == NULL) if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0 || idx == NULL)
@@ -10094,13 +10014,10 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
ASN_TAG_SZ, &pkiMsg, idx)) != 0) { ASN_TAG_SZ, &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
if ((ret = wc_PKCS7_SetMaxStream(pkcs7, in, inSz)) != 0) {
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_SEQ_PEEK, in, inSz);
if (rc < 0) {
ret = (int)rc;
break; break;
} }
pkiMsgSz = (word32)rc; pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
#endif #endif
/* read past ContentInfo, verify type is envelopedData */ /* read past ContentInfo, verify type is envelopedData */
if (ret == 0 && GetSequence_ex(pkiMsg, idx, &length, pkiMsgSz, if (ret == 0 && GetSequence_ex(pkiMsg, idx, &length, pkiMsgSz,
@@ -10124,14 +10041,8 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
&pkiMsg, idx)) != 0) { &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length:
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, inSz;
in, inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
len = 0; len = 0;
@@ -10219,14 +10130,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
MAX_VERSION_SZ, &pkiMsg, idx)) != 0) { MAX_VERSION_SZ, &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
/* remove EnvelopedData and version */ /* remove EnvelopedData and version */
if (pkcs7->contentOID != FIRMWARE_PKG_DATA || if (pkcs7->contentOID != FIRMWARE_PKG_DATA ||
@@ -10258,14 +10162,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in,
MAX_SET_SZ, &pkiMsg, idx)) != 0) { MAX_SET_SZ, &pkiMsg, idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
version = pkcs7->stream->varOne; version = pkcs7->stream->varOne;
#endif #endif
@@ -10379,7 +10276,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
word32 idx = 0; word32 idx = 0;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 tmpIdx = 0; word32 tmpIdx = 0;
long rc;
#endif #endif
word32 contentType, encOID = 0; word32 contentType, encOID = 0;
word32 decryptedKeySz = MAX_ENCRYPTED_KEY_SZ; word32 decryptedKeySz = MAX_ENCRYPTED_KEY_SZ;
@@ -10493,14 +10389,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
!= 0) { != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#else #else
ret = 0; ret = 0;
#endif #endif
@@ -10571,14 +10460,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in,
pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
wc_PKCS7_StreamGetVar(pkcs7, 0, 0, &length); wc_PKCS7_StreamGetVar(pkcs7, 0, 0, &length);
tmpIv = pkcs7->stream->tmpIv; tmpIv = pkcs7->stream->tmpIv;
@@ -11285,7 +11167,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
word32 idx = 0; word32 idx = 0;
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 tmpIdx = 0; word32 tmpIdx = 0;
long rc;
#endif #endif
word32 contentType, encOID = 0; word32 contentType, encOID = 0;
word32 decryptedKeySz = 0; word32 decryptedKeySz = 0;
@@ -11406,14 +11287,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
&pkiMsg, &idx)) != 0) { &pkiMsg, &idx)) != 0) {
break; break;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK,
in, inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
/* remove EncryptedContentInfo */ /* remove EncryptedContentInfo */
@@ -11474,14 +11348,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
&pkiMsg, &idx)) != 0) { &pkiMsg, &idx)) != 0) {
break; break;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
if (ret == 0 && GetLength(pkiMsg, &idx, &nonceSz, pkiMsgSz) < 0) { if (ret == 0 && GetLength(pkiMsg, &idx, &nonceSz, pkiMsgSz) < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
@@ -11575,14 +11442,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in,
&pkiMsg, &idx)) != 0) { &pkiMsg, &idx)) != 0) {
break; break;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
encryptedContentSz = pkcs7->stream->expected; encryptedContentSz = pkcs7->stream->expected;
#endif #endif
@@ -11695,14 +11555,7 @@ authenv_atrbend:
ASN_TAG_SZ, &pkiMsg, &idx)) != 0) { ASN_TAG_SZ, &pkiMsg, &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK,
in, inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
if (pkcs7->stream->aadSz > 0) { if (pkcs7->stream->aadSz > 0) {
encodedAttribSz = pkcs7->stream->aadSz; encodedAttribSz = pkcs7->stream->aadSz;
@@ -12188,7 +12041,6 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
#ifndef NO_PKCS7_STREAM #ifndef NO_PKCS7_STREAM
word32 tmpIdx = 0; word32 tmpIdx = 0;
long rc;
#endif #endif
word32 contentType, encOID; word32 contentType, encOID;
@@ -12230,12 +12082,10 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
return ret; return ret;
} }
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_SEQ_PEEK, in, inSz); if ((ret = wc_PKCS7_SetMaxStream(pkcs7, in, inSz)) != 0) {
if (rc < 0) { return ret;
ret = (int)rc;
break;
} }
pkiMsgSz = (word32)rc; pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
#endif #endif
if (GetSequence_ex(pkiMsg, &idx, &length, pkiMsgSz, if (GetSequence_ex(pkiMsg, &idx, &length, pkiMsgSz,
@@ -12270,14 +12120,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
&idx)) != 0) { &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
if (pkcs7->version != 3) { if (pkcs7->version != 3) {
if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0)
@@ -12313,14 +12156,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
&pkiMsg, &idx)) != 0) { &pkiMsg, &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
#endif #endif
/* get version, check later */ /* get version, check later */
haveAttribs = 0; haveAttribs = 0;
@@ -12366,14 +12202,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
ASN_TAG_SZ + MAX_LENGTH_SZ, &pkiMsg, &idx)) != 0) { ASN_TAG_SZ + MAX_LENGTH_SZ, &pkiMsg, &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
/* restore saved variables */ /* restore saved variables */
expBlockSz = pkcs7->stream->varOne; expBlockSz = pkcs7->stream->varOne;
@@ -12411,14 +12240,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
MAX_LENGTH_SZ, &pkiMsg, &idx)) != 0) { MAX_LENGTH_SZ, &pkiMsg, &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
/* use IV buffer from stream structure */ /* use IV buffer from stream structure */
tmpIv = pkcs7->stream->tmpIv; tmpIv = pkcs7->stream->tmpIv;
@@ -12464,14 +12286,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { pkcs7->stream->expected, &pkiMsg, &idx)) != 0) {
return ret; return ret;
} }
pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz;
rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK, in,
inSz);
if (rc < 0) {
ret = (int)rc;
break;
}
pkiMsgSz = (word32)rc;
/* restore saved variables */ /* restore saved variables */
expBlockSz = pkcs7->stream->varOne; expBlockSz = pkcs7->stream->varOne;