wolfcrypt/src/pkcs7.c: in wc_PKCS7_DecodeAuthEnvelopedData(), accommodate AES*GCMb with !HAVE_AESGCM, and add AES-CCM authTagSz check.

This commit is contained in:
Daniel Pouzzner
2026-06-27 16:09:57 -05:00
parent 262b0ed3b8
commit 47cf8d066c
+12
View File
@@ -15263,11 +15263,23 @@ authenv_atrbend:
if (ret == 0 &&
(encOID == AES128GCMb || encOID == AES192GCMb ||
encOID == AES256GCMb)) {
#ifdef HAVE_AESGCM
ret = wc_local_AesGcmCheckTagSz(authTagSz);
if (ret != 0) {
ret = ASN_PARSE_E;
WOLFSSL_MSG("AuthEnvelopedData GCM authTag invalid size");
}
#else
ret = ASN_PARSE_E;
WOLFSSL_MSG("AuthEnvelopedData GCM with GCM not compiled in");
#endif
}
if (ret == 0 &&
(encOID == AES128CCMb || encOID == AES192CCMb ||
encOID == AES256CCMb) &&
authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
WOLFSSL_MSG("AuthEnvelopedData CCM authTag too small");
ret = ASN_PARSE_E;
}
#ifndef NO_PKCS7_STREAM