From 1c7826b1997a36774d7cb60c5f703b8cc363f761 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 1 Dec 2022 12:54:57 -0600
Subject: [PATCH] wolfcrypt/src/port/kcapi/kcapi_aes.c: fix error checking on
 KCAPI wc_AesGcmEncrypt() and wc_AesGcmDecrypt().

---
 wolfcrypt/src/port/kcapi/kcapi_aes.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/port/kcapi/kcapi_aes.c b/wolfcrypt/src/port/kcapi/kcapi_aes.c
index 83c2ffb28..32c6d52bb 100644
--- a/wolfcrypt/src/port/kcapi/kcapi_aes.c
+++ b/wolfcrypt/src/port/kcapi/kcapi_aes.c
@@ -241,7 +241,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 #endif
 
     /* argument checks */
-    if (aes == NULL || authTagSz > AES_BLOCK_SIZE) {
+    if ((aes == NULL) || ((sz != 0 && (in == NULL || out == NULL))) ||
+        (iv == NULL) || ((authTag == NULL) && (authTagSz > 0)) ||
+        (authTagSz > AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -352,8 +354,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 #endif
 
     /* argument checks */
-    if (aes == NULL || (sz != 0 && (in == NULL || out == NULL)) ||
-                                                   authTagSz > AES_BLOCK_SIZE) {
+    if ((aes == NULL) || ((sz != 0 && (in == NULL || out == NULL))) ||
+        (iv == NULL) || ((authTag == NULL) && (authTagSz > 0)) ||
+        (authTagSz > AES_BLOCK_SIZE) || ((authIn == NULL) && (authInSz > 0))) {
         ret = BAD_FUNC_ARG;
     }