avoid attempt of key decode and free buffer if incorrect recipient found

2026-01-26 23:12:19 +01:00 · 2025-10-06 10:48:59 -06:00
parent fca3028395
commit 7128932eff
1 changed files with 8 additions and 0 deletions
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -10488,6 +10488,14 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                XMEMCPY(encryptedKey, &pkiMsg[*idx], (word32)encryptedKeySz);
            *idx += (word32)encryptedKeySz;

+            /* If this is not the correct recipient then do not try to decode
+             * the encrypted key */
+            if (*recipFound == 0) {
+                XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT);
+                ret = PKCS7_RECIP_E;
+                break;
+            }
+
            /* load private key */
        #ifdef WOLFSSL_SMALL_STACK
            privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap,