mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 17:50:48 +02:00
Merge pull request #10175 from yosuke-wolfssl/f_2205
Fix authTagSz validation
This commit is contained in:
+1
-1
@@ -12596,7 +12596,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz)
|
||||
|
||||
/* Check validity of parameters. */
|
||||
if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) ||
|
||||
(authTagSz == 0)) {
|
||||
(authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ)) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
@@ -18362,6 +18362,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
|
||||
#endif
|
||||
|
||||
/* Regression test: wc_AesGcmDecryptFinal must reject authTagSz below
|
||||
* WOLFSSL_MIN_AUTH_TAG_SZ, consistent with wc_AesGcmDecrypt and
|
||||
* wc_AesGcmEncryptFinal. */
|
||||
#if defined(HAVE_AES_DECRYPT) && WOLFSSL_MIN_AUTH_TAG_SZ > 1
|
||||
ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
ret = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
|
||||
if (ret != 0)
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
ret = wc_AesGcmDecryptFinal(enc, t1, WOLFSSL_MIN_AUTH_TAG_SZ - 1);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
#endif /* HAVE_AES_DECRYPT && WOLFSSL_MIN_AUTH_TAG_SZ > 1 */
|
||||
|
||||
/* alen is the size to pass in with each update. */
|
||||
for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) {
|
||||
ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
|
||||
|
||||
Reference in New Issue
Block a user