pkcs7: Ensure all data in asn1 structure is accounted for Several PKCS7 invalid ASN1 Tests were failing due to extra data bytes or incorrect content lengths going unnoticed. Make the parser aware of possible malformed ASN1 data. Signed-off-by: Nick Child <nick.child@ibm.com>

commit: ec81709516903a8590321eacdef0f6bf074e68f2 [log] [tgz]
author: Nick Child <nick.child@ibm.com> Thu Dec 15 15:54:03 2022 -0600
committer: Nick Child <nick.child@ibm.com> Mon Jan 30 16:44:58 2023 +0000
tree: a2d258ae3689ccba13f17a2849933be697dc6d92
parent: 4983ddf74777304a1854f56db4bf33dbafcdd616 [diff] [blame]
diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h
index 835d2c1..b2cdabc 100644
--- a/include/mbedtls/pkcs7.h
+++ b/include/mbedtls/pkcs7.h

@@ -179,8 +179,9 @@
  * \brief          Parse a single DER formatted pkcs7 content.
  *
  * \param pkcs7    The pkcs7 structure to be filled by parser for the output.
- * \param buf      The buffer holding the DER encoded pkcs7.
- * \param buflen   The size in bytes of \p buf.
+ * \param buf      The buffer holding only the DER encoded pkcs7.
+ * \param buflen   The size in bytes of \p buf. The size must be exactly the
+ *                 length of the DER encoded pkcs7.
  *
  * \note           This function makes an internal copy of the PKCS7 buffer
  *                 \p buf. In particular, \p buf may be destroyed or reused
commit	ec81709516903a8590321eacdef0f6bf074e68f2	[log] [tgz]
author	Nick Child <nick.child@ibm.com>	Thu Dec 15 15:54:03 2022 -0600
committer	Nick Child <nick.child@ibm.com>	Mon Jan 30 16:44:58 2023 +0000
tree	a2d258ae3689ccba13f17a2849933be697dc6d92
parent	4983ddf74777304a1854f56db4bf33dbafcdd616 [diff] [blame]