Home Explore Help
Register Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

wolfcrypt/src/port/af_alg/afalg_aes.c: in wc_AesCbc{En,De}crypt(), handle WOLFSSL_AES_CBC_LENGTH_CHECKS as in wolfcrypt/aes.c; in wc_AesGcm{En,De}crypt(), truncate ivSz to WC_SYSTEM_AESGCM_IV if necessary.

Daniel Pouzzner 1 year ago
parent
8f2ae77513
commit
78cc2c5c3e
1 changed files with 24 additions and 4 deletions
Split View Show Diff Stats
  1. 24 4
      wolfcrypt/src/port/af_alg/afalg_aes.c

+ 24 - 4
wolfcrypt/src/port/af_alg/afalg_aes.c
View File 

@@ -156,8 +156,14 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
 
             return BAD_FUNC_ARG;
 
         }
 
 
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
 
+        if (sz % AES_BLOCK_SIZE) {
 
+            return BAD_LENGTH_E;
 
+        }
 
+#endif
 
+
 
         if (aes->rdFd == WC_SOCK_NOTSET) {
 
-                if ((ret = wc_AesSetup(aes, WC_TYPE_SYMKEY, WC_NAME_AESCBC,
 
+            if ((ret = wc_AesSetup(aes, WC_TYPE_SYMKEY, WC_NAME_AESCBC,
 
                                 AES_IV_SIZE, 0)) != 0) {
 
                 WOLFSSL_MSG("Error with first time setup of AF_ALG socket");
 
                 return ret;
 
@@ -205,11 +211,18 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
 
         struct iovec    iov;
 
         int ret;
 
 
-        if (aes == NULL || out == NULL || in == NULL
 
-                                       || sz % AES_BLOCK_SIZE != 0) {
 
+        if (aes == NULL || out == NULL || in == NULL) {
 
             return BAD_FUNC_ARG;
 
         }
 
 
+        if (sz % AES_BLOCK_SIZE) {
 
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
 
+            return BAD_LENGTH_E;
 
+#else
 
+            return BAD_FUNC_ARG;
 
+#endif
 
+        }
 
+
 
         if (aes->rdFd == WC_SOCK_NOTSET) {
 
             if ((ret = wc_AesSetup(aes, WC_TYPE_SYMKEY, WC_NAME_AESCBC,
 
                                 AES_IV_SIZE, 0)) != 0) {
 
@@ -534,6 +547,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
         return BAD_FUNC_ARG;
 
     }
 
 
+    if (ivSz > WC_SYSTEM_AESGCM_IV)
 
+        ivSz = WC_SYSTEM_AESGCM_IV;
 
+
 
     if (ivSz != WC_SYSTEM_AESGCM_IV) {
 
         WOLFSSL_MSG("IV size not supported on system");
 
         return BAD_FUNC_ARG;
 
@@ -636,8 +652,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
         initalCounter[AES_BLOCK_SIZE - 1] = 1;
 
         GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
 
         ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
 
-        if (ret < 0)
 
+        if (ret < 0) {
 
             return ret;
 
+        }
 
         xorbuf(authTag, scratch, authTagSz);
 
     }
 
 #else
 
@@ -724,6 +741,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 
         return BAD_FUNC_ARG;
 
     }
 
 
+    if (ivSz > WC_SYSTEM_AESGCM_IV)
 
+        ivSz = WC_SYSTEM_AESGCM_IV;
 
+
 
     if (ivSz != WC_SYSTEM_AESGCM_IV) {
 
         WOLFSSL_MSG("IV size not supported on system");
 
         return BAD_FUNC_ARG;