PKCS7 Fixes

[kareem-wolfssl]

Description

Fixes zd#21526,zd#21530

Testing

Built in tests, provided reproducers.

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Fixes PKCS7 decoding/signing edge cases tied to attribute counting and enveloped-data bounds checking (zd#21526, zd#21530).

Changes:

• Adjust signed attributes count to reflect the number of attributes actually added.
• Add a bounds check before caching encrypted content during EnvelopedData decode.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

wolfcrypt/src/pkcs7.c:13237

• pkcs7->cachedEncryptedContent is allocated with XMALLOC but the return value isn’t checked before being passed to wc_PKCS7_DecryptContent(). On allocation failure this can dereference NULL and crash (remote DoS). Add a NULL check and return MEMORY_E (and ensure any partially-set cached size/state is consistent).

                pkcs7->cachedEncryptedContentSz =
                    (word32)encryptedContentTotalSz;
                pkcs7->totalEncryptedContentSz =
                    (word32)encryptedContentTotalSz;
                pkcs7->cachedEncryptedContent = (byte*)XMALLOC(
                        pkcs7->cachedEncryptedContentSz, pkcs7->heap,
                    DYNAMIC_TYPE_PKCS7);

                /* decrypt encryptedContent */
                ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey,
                        (word32)blockKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0,
                        &pkiMsg[idx], encryptedContentTotalSz,
                        pkcs7->cachedEncryptedContent,
                        pkcs7->devId, pkcs7->heap);

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The new bounds/overflow check for idx + encryptedContentTotalSz is a security-relevant behavior change, but there’s no regression test covering a malformed/truncated EnvelopedData where the encryptedContent length exceeds the remaining input. Add a decode-negative test vector (or construct one in the test) that previously would read past the input and now reliably returns BUFFER_E.