reset content length in PKCS7_VerifySignedData for multiPart OCTET_STRING bundles

2025-07-29 18:27:29 +02:00 · 2020-11-06 16:36:58 -07:00
parent c27d5f57c4
commit c0c452b0a1
1 changed files with 6 additions and 2 deletions
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@ -4375,9 +4375,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
                    ret = ASN_PARSE_E;

                if (ret == 0) {
-                    /* Use single OCTET_STRING directly. */
-                    if (localIdx - start + length == (word32)contentLen)
+                    /* Use single OCTET_STRING directly, or reset length. */
+                    if (localIdx - start + length == (word32)contentLen) {
                        multiPart = 0;
+                    } else {
+                        /* reset length to outer OCTET_STRING (contentLen) */
+                        length = contentLen;
+                    }
                    localIdx = start;
                }
            }