Merge pull request #3248 from SparkiDev/aes_cbc_oob

AES-CBC check for input size of 0

tests/api.c

@@ -11934,6 +11934,7 @@ static int test_wc_AesCbcEncryptDecrypt (void)
     int     cbcD    =   WOLFSSL_FATAL_ERROR;
     int     cbcDWK  =   WOLFSSL_FATAL_ERROR;
     byte    dec2[sizeof(vector)];
+    int     i;
 
     /* Init stack variables. */
     XMEMSET(enc, 0, sizeof(enc));
@@ -11989,6 +11990,16 @@ static int test_wc_AesCbcEncryptDecrypt (void)
             cbcE = WOLFSSL_FATAL_ERROR;
         }
     }
+    if (cbcE == 0) {
+        /* Test passing in size of 0  */
+        XMEMSET(enc, 0, sizeof(enc));
+        cbcE = wc_AesCbcEncrypt(&aes, enc, vector, 0);
+        if (cbcE == 0) {
+            /* Check enc was not modified */
+            for (i = 0; i < (int)sizeof(enc); i++)
+                cbcE |= enc[0];
+        }
+    }
     printf(resultFmt, cbcE == 0 ? passed : failed);
     if (cbcE != 0) {
         wc_AesFree(&aes);
@@ -12013,6 +12024,16 @@ static int test_wc_AesCbcEncryptDecrypt (void)
             cbcD = WOLFSSL_FATAL_ERROR;
         }
     }
+    if (cbcD == 0) {
+        /* Test passing in size of 0  */
+        XMEMSET(dec, 0, sizeof(dec));
+        cbcD = wc_AesCbcDecrypt(&aes, dec, enc, 0);
+        if (cbcD == 0) {
+            /* Check dec was not modified */
+            for (i = 0; i < (int)sizeof(dec); i++)
+                cbcD |= dec[0];
+        }
+    }
     printf(resultFmt, cbcD == 0 ? passed : failed);
     if (cbcD != 0) {
         wc_AesFree(&aes);

wolfcrypt/src/aes.c

@@ -3538,6 +3538,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return BAD_FUNC_ARG;
         }
 
+        if (sz == 0) {
+            return 0;
+        }
+
     #ifdef WOLF_CRYPTO_CB
         if (aes->devId != INVALID_DEVID) {
             int ret = wc_CryptoCb_AesCbcEncrypt(aes, out, in, sz);
@@ -3637,6 +3641,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return BAD_FUNC_ARG;
         }
 
+        if (sz == 0) {
+            return 0;
+        }
+
     #ifdef WOLF_CRYPTO_CB
         if (aes->devId != INVALID_DEVID) {
             int ret = wc_CryptoCb_AesCbcDecrypt(aes, out, in, sz);
@@ -7628,7 +7636,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if ((in == NULL) || (out == NULL) || (aes == NULL))
         return BAD_FUNC_ARG;
 
-        return AES_ECB_encrypt(aes, in, out, sz);
+    return AES_ECB_encrypt(aes, in, out, sz);
 }
 
 
@@ -7637,7 +7645,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     if ((in == NULL) || (out == NULL) || (aes == NULL))
         return BAD_FUNC_ARG;
 
-        return AES_ECB_decrypt(aes, in, out, sz);
+    return AES_ECB_decrypt(aes, in, out, sz);
 }
 
 #else
@@ -7649,7 +7657,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     if ((in == NULL) || (out == NULL) || (aes == NULL))
       return BAD_FUNC_ARG;
-    while (blocks>0) {
+    while (blocks > 0) {
       wc_AesEncryptDirect(aes, out, in);
       out += AES_BLOCK_SIZE;
       in  += AES_BLOCK_SIZE;
@@ -7666,7 +7674,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 
     if ((in == NULL) || (out == NULL) || (aes == NULL))
       return BAD_FUNC_ARG;
-    while (blocks>0) {
+    while (blocks > 0) {
       wc_AesDecryptDirect(aes, out, in);
       out += AES_BLOCK_SIZE;
       in  += AES_BLOCK_SIZE;