Merge pull request #10175 from yosuke-wolfssl/f_2205

Fix authTagSz validation
This commit is contained in:
David Garske
2026-04-13 09:33:14 -07:00
committed by GitHub
2 changed files with 16 additions and 1 deletions
+1 -1
View File
@@ -12596,7 +12596,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
/* Check validity of parameters. */
if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
(authTagSz == 0)) {
(authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ)) {
ret = BAD_FUNC_ARG;
}
+15
View File
@@ -18362,6 +18362,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
/* Regression test: wc_AesGcmDecryptFinal must reject authTagSz below
* WOLFSSL_MIN_AUTH_TAG_SZ, consistent with wc_AesGcmDecrypt and
* wc_AesGcmEncryptFinal. */
#if defined(HAVE_AES_DECRYPT) && WOLFSSL_MIN_AUTH_TAG_SZ > 1
ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecryptFinal(enc, t1, WOLFSSL_MIN_AUTH_TAG_SZ - 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* HAVE_AES_DECRYPT && WOLFSSL_MIN_AUTH_TAG_SZ > 1 */
/* alen is the size to pass in with each update. */
for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) {
ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));