diff --git a/tests/api.c b/tests/api.c index d10ac925b..d72c50bb1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -6127,7 +6127,7 @@ static int test_wc_AesGcmEncryptDecrypt (void) 0xab, 0xad, 0xda, 0xd2 }; byte iv[] = "1234567890a"; - byte badIV[] = "1234567890abcde"; + byte longIV[] = "1234567890abcdefghij"; byte enc[sizeof(vector)]; byte resultT[AES_BLOCK_SIZE]; byte dec[sizeof(vector)]; @@ -6142,17 +6142,16 @@ static int test_wc_AesGcmEncryptDecrypt (void) ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)); if (ret == 0) { - ret = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), + gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } - if (ret == 0) { /* If encrypt fails, no decrypt. */ - gcmE = 0; - ret = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), + if (gcmE == 0) { /* If encrypt fails, no decrypt. */ + gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); - if(ret == 0 || (XMEMCMP(vector, dec, sizeof(vector)) == 0)) { - gcmD = 0; + if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) { + gcmD = SSL_FATAL_ERROR; } } printf(testingFmt, "wc_AesGcmEncrypt()"); @@ -6172,65 +6171,61 @@ static int test_wc_AesGcmEncryptDecrypt (void) resultT, sizeof(resultT) - 5, a, sizeof(a)); } if (gcmE == BAD_FUNC_ARG) { - gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), badIV, - sizeof(badIV)/sizeof(byte), resultT, sizeof(resultT), + gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV, + sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } - #ifdef HAVE_FIPS - if (gcmE == BAD_FUNC_ARG) { - gcmE = 0; - } else { - gcmE = SSL_FATAL_ERROR; - } - #endif + #ifdef HAVE_FIPS + if (gcmE == BAD_FUNC_ARG) { + gcmE = 0; + } else { + gcmE = SSL_FATAL_ERROR; + } + #endif } /* END wc_AesGcmEncrypt */ printf(resultFmt, gcmE == 0 ? passed : failed); - printf(testingFmt, "wc_AesGcmDecrypt()"); + #ifdef HAVE_AES_DECRYPT + printf(testingFmt, "wc_AesGcmDecrypt()"); - if (gcmD == 0) { - gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), - iv, sizeof(iv)/sizeof(byte), resultT, - sizeof(resultT), a, sizeof(a)); - if (gcmD == BAD_FUNC_ARG) { - gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), - iv, sizeof(iv)/sizeof(byte), resultT, - sizeof(resultT), a, sizeof(a)); - } - if (gcmD == BAD_FUNC_ARG) { - gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), - iv, sizeof(iv)/sizeof(byte), resultT, - sizeof(resultT), a, sizeof(a)); - } - if (gcmD == BAD_FUNC_ARG) { - gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), - NULL, sizeof(iv)/sizeof(byte), resultT, - sizeof(resultT), a, sizeof(a)); - } - if (gcmD == BAD_FUNC_ARG) { - gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), - iv, sizeof(iv)/sizeof(byte), NULL, - sizeof(resultT), a, sizeof(a)); - } - if (gcmD == BAD_FUNC_ARG) { - gcmD = wc_AesGcmDecrypt(&aes, dec, enc, 0, iv, - sizeof(iv)/sizeof(byte), resultT, - sizeof(resultT), a, sizeof(a)); - } - if (gcmD == BAD_FUNC_ARG) { - gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), - iv, sizeof(iv)/sizeof(byte), resultT, - sizeof(resultT) + 1, a, sizeof(a)); + if (gcmD == 0) { + gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + } + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + } + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), + NULL, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT), a, sizeof(a)); + } + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), NULL, + sizeof(resultT), a, sizeof(a)); + } + if (gcmD == BAD_FUNC_ARG) { + gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), + iv, sizeof(iv)/sizeof(byte), resultT, + sizeof(resultT) + 1, a, sizeof(a)); + } if (gcmD == BAD_FUNC_ARG) { gcmD = 0; } else { gcmD = SSL_FATAL_ERROR; } - } - } /* END wc_AesGcmDecrypt */ - - printf(resultFmt, gcmD == 0 ? passed : failed); + } /* END wc_AesGcmDecrypt */ + printf(resultFmt, gcmD == 0 ? passed : failed); + #endif /* HAVE_AES_DECRYPT */ #endif return 0; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index fcce35f35..a63fdd723 100755 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -122,8 +122,8 @@ const byte* authIn, word32 authInSz) { if (aes == NULL || authTagSz > AES_BLOCK_SIZE - || ivSz != WOLFSSL_MIN_AUTH_TAG_SZ - || authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { + || authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || + ivSz > AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } @@ -137,10 +137,9 @@ const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - if (aes == NULL || out == NULL || in == NULL || sz == 0 - || iv == NULL || authTag == NULL - || ivSz != WOLFSSL_MIN_AUTH_TAG_SZ - ||authTagSz > AES_BLOCK_SIZE) { + if (aes == NULL || out == NULL || in == NULL || iv == NULL + || authTag == NULL || authTagSz > AES_BLOCK_SIZE || + ivSz > AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } @@ -7265,7 +7264,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* argument checks */ - if (aes == NULL || out == NULL || in == NULL || sz == 0 || iv == NULL || + if (aes == NULL || out == NULL || in == NULL || iv == NULL || authTag == NULL || authTagSz > AES_BLOCK_SIZE) { return BAD_FUNC_ARG; }