Fix checkPad to test for zero padding

This commit is contained in:
Eric Blankenhorn
2026-03-05 08:32:18 -06:00
parent 1c8d593af7
commit 7f487b9869
3 changed files with 57 additions and 1 deletions
+54
View File
@@ -2719,6 +2719,60 @@ int test_wolfSSL_EVP_mdc2(void)
* AAD that triggers the overflow. A properly-fixed implementation should detect
* the overflow and return WOLFSSL_FAILURE before attempting the allocation.
*/
int test_evp_cipher_pkcs7_pad_zero(void)
{
EXPECT_DECLS;
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
defined(OPENSSL_EXTRA)
EVP_CIPHER_CTX *ctx = NULL;
/* AES-128-CBC key and IV */
byte key[AES_BLOCK_SIZE] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
byte iv[AES_BLOCK_SIZE] = {0};
/* Plaintext block ending in 0x00 - when decrypted with padding enabled,
* the last byte (0x00) will be interpreted as the PKCS#7 padding length,
* which is invalid (valid range is 1..block_size). */
byte plain[AES_BLOCK_SIZE] = {
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x00
};
byte cipher[AES_BLOCK_SIZE * 2];
byte decrypted[AES_BLOCK_SIZE * 2];
int outl = 0;
int total = 0;
/* Encrypt the plaintext block with padding disabled so the ciphertext
* is exactly one block. */
ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
ExpectIntEQ(EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1),
WOLFSSL_SUCCESS);
EVP_CIPHER_CTX_set_padding(ctx, 0);
ExpectIntEQ(EVP_CipherUpdate(ctx, cipher, &outl, plain, AES_BLOCK_SIZE),
WOLFSSL_SUCCESS);
total = outl;
ExpectIntEQ(EVP_CipherFinal(ctx, cipher + total, &outl), WOLFSSL_SUCCESS);
total += outl;
ExpectIntEQ(total, AES_BLOCK_SIZE);
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
/* Decrypt the ciphertext with padding enabled (the default).
* checkPad should reject padding value 0 and CipherFinal must fail. */
ExpectNotNull(ctx = EVP_CIPHER_CTX_new());
ExpectIntEQ(EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0),
WOLFSSL_SUCCESS);
ExpectIntEQ(EVP_CipherUpdate(ctx, decrypted, &outl, cipher, total),
WOLFSSL_SUCCESS);
ExpectIntNE(EVP_CipherFinal(ctx, decrypted + outl, &outl),
WOLFSSL_SUCCESS);
EVP_CIPHER_CTX_free(ctx);
#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 && OPENSSL_EXTRA */
return EXPECT_RESULT();
}
int test_evp_cipher_aead_aad_overflow(void)
{
EXPECT_DECLS;
+2
View File
@@ -63,6 +63,7 @@ int test_wolfSSL_EVP_rc4(void);
int test_wolfSSL_EVP_enc_null(void);
int test_wolfSSL_EVP_rc2_cbc(void);
int test_wolfSSL_EVP_mdc2(void);
int test_evp_cipher_pkcs7_pad_zero(void);
int test_evp_cipher_aead_aad_overflow(void);
#define TEST_EVP_CIPHER_DECLS \
@@ -105,6 +106,7 @@ int test_evp_cipher_aead_aad_overflow(void);
TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_enc_null), \
TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_rc2_cbc), \
TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_mdc2), \
TEST_DECL_GROUP("evp_cipher", test_evp_cipher_pkcs7_pad_zero), \
TEST_DECL_GROUP("evp_cipher", test_evp_cipher_aead_aad_overflow)
#endif /* WOLFCRYPT_TEST_EVP_CIPHER_H */
+1 -1
View File
@@ -1264,7 +1264,7 @@ static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *buff)
int i;
int n;
n = buff[ctx->block_size-1];
if (n > ctx->block_size) return -1;
if (n > ctx->block_size || n == 0) return -1;
for (i = 0; i < n; i++) {
if (buff[ctx->block_size-i-1] != n)
return -1;