add check on padSz return, coverity issue 394711

JacobBarthelmeh · JacobBarthelmeh · commit c880fcf822e9 · 2024-07-05T12:07:42.000-06:00
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
@@ -8634,6 +8634,8 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
         return BAD_FUNC_ARG;
 
     padSz = wc_PKCS7_GetPadSize(inSz, blockSz);
+    if (padSz < 0)
+        return padSz;
 
     if (outSz < (inSz + padSz))
         return BAD_FUNC_ARG;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -49471,6 +49471,11 @@ static wc_test_ret_t pkcs7signed_run_vectors(
 
     XMEMSET(out, 0, outSz);
 
+    /* test inner pad size error with block size being 0 */
+    ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 0);
+    if (ret > 0)
+        ERROR_OUT(-1, out);
+
     ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
     if (ret < 0)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
