From 47303ed445e8b672ff8b8e3ad3799e035838fdda Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 12 Oct 2018 15:51:16 -0600
Subject: [PATCH] fix decryption of EnvelopedData PWRI KEK size

---
 wolfcrypt/src/pkcs7.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 4506229f8..2af5561fc 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -7181,7 +7181,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
     byte tmpIv[MAX_CONTENT_IV_SIZE];
 
-    int ret = 0, length, saltSz, iterations, blockSz;
+    int ret = 0, length, saltSz, iterations, blockSz, kekKeySz;
     int hashOID = WC_SHA; /* default to SHA1 */
     word32 kdfAlgoId, pwriEncAlgoId, keyEncAlgoId, cekSz;
     byte* pkiMsg = in;
@@ -7262,6 +7262,13 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
                 return blockSz;
             }
 
+            /* get content-encryption key size, based on algorithm */
+            kekKeySz = wc_PKCS7_GetOIDKeySize(pwriEncAlgoId);
+            if (kekKeySz < 0) {
+                XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                return kekKeySz;
+            }
+
             /* get block cipher IV, stored in OPTIONAL parameter of AlgoID */
             if ( (pkiMsgSz > ((*idx) + 1)) &&
                  (pkiMsg[(*idx)++] != ASN_OCTET_STRING) ) {
@@ -7304,7 +7311,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* generate KEK */
-            kek = (byte*)XMALLOC(blockSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+            kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
             if (kek == NULL) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -7313,7 +7320,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
 
             ret = wc_PKCS7_GenerateKEK_PWRI(pkcs7, pkcs7->pass, pkcs7->passSz,
                                             salt, saltSz, kdfAlgoId, hashOID,
-                                            iterations, kek, blockSz);
+                                            iterations, kek, kekKeySz);
             if (ret < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -7322,9 +7329,10 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz,
             }
 
             /* decrypt CEK with KEK */
-            ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, blockSz, pkiMsg + (*idx),
-                                               length, cek, cekSz, tmpIv,
-                                               blockSz, pwriEncAlgoId);
+            ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, kekKeySz,
+                                             pkiMsg + (*idx), length, cek,
+                                             cekSz, tmpIv, blockSz,
+                                             pwriEncAlgoId);
             if (ret < 0) {
                 XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                 XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7);