From 1d10c41689109e9aadc0d5e5b458cc943fd702a0 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 5 Dec 2022 15:43:04 +0700 Subject: Rfc3394WrapEngine: check input length in Unwrap --- crypto/src/crypto/engines/RFC3394WrapEngine.cs | 4 ++++ crypto/test/src/crypto/test/AESWrapTest.cs | 22 +++++++++++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/crypto/src/crypto/engines/RFC3394WrapEngine.cs b/crypto/src/crypto/engines/RFC3394WrapEngine.cs index e68e45365..ff3a4e0a0 100644 --- a/crypto/src/crypto/engines/RFC3394WrapEngine.cs +++ b/crypto/src/crypto/engines/RFC3394WrapEngine.cs @@ -128,6 +128,10 @@ namespace Org.BouncyCastle.Crypto.Engines { throw new InvalidOperationException("not set for unwrapping"); } + if (inLen < iv.Length) + { + throw new InvalidCipherTextException("unwrap data too short"); + } int n = inLen / 8; diff --git a/crypto/test/src/crypto/test/AESWrapTest.cs b/crypto/test/src/crypto/test/AESWrapTest.cs index beaa3d3cd..7d9bcd497 100644 --- a/crypto/test/src/crypto/test/AESWrapTest.cs +++ b/crypto/test/src/crypto/test/AESWrapTest.cs @@ -163,23 +163,35 @@ namespace Org.BouncyCastle.Crypto.Tests } // - // short test + // short tests // try { wrapper.Init(false, key); - wrapper.Unwrap(buf, 0, buf.Length / 2); + wrapper.Unwrap(buf, 0, 0); - return new SimpleTestResult(false, Name + ": failed unwrap short test."); + return new SimpleTestResult(false, Name + ": failed unwrap short test 1."); } catch (InvalidCipherTextException) { // expected } + try + { + wrapper.Init(false, key); - try - { + wrapper.Unwrap(buf, 0, buf.Length / 2); + + return new SimpleTestResult(false, Name + ": failed unwrap short test 2."); + } + catch (InvalidCipherTextException) + { + // expected + } + + try + { wrapper.Init(true, key); wrapper.Wrap(buf, 0, 15); -- cgit 1.4.1