RFC3394WrapEngine: check input length in unwrap

peterdettman · peterdettman · commit fa156fad4820 · 2022-12-05T15:40:01.000+07:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java
@@ -143,6 +143,10 @@ public byte[] unwrap(
         {
             throw new IllegalStateException("not set for unwrapping");
         }
+        if (inLen < iv.length)
+        {
+            throw new InvalidCipherTextException("unwrap data too short");
+        }
 
         int     n = inLen / 8;
 
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/AESWrapTest.java b/core/src/test/java/org/bouncycastle/crypto/test/AESWrapTest.java
@@ -216,15 +216,27 @@ public void performTest()
         }
 
         //
-        // short test
+        // short tests
         //
         try
         {
             wrapper.init(false, key);
 
+            wrapper.unwrap(buf, 0, 0);
+
+            fail("failed unwrap short test 1.");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            // expected
+        }
+        try
+        {
+            wrapper.init(false, key);
+
             wrapper.unwrap(buf, 0, buf.length / 2);
 
-            fail("failed unwrap short test.");
+            fail("failed unwrap short test 2.");
         }
         catch (InvalidCipherTextException e)
         {
@@ -237,7 +249,7 @@ public void performTest()
 
             wrapper.wrap(buf, 0, 15);
 
-            fail("ailed wrap length test.");
+            fail("failed wrap length test.");
         }
         catch (DataLengthException e)
         {

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,10 @@ public byte[] unwrap(`
`143`	`143`	`{`
`144`	`144`	`throw new IllegalStateException("not set for unwrapping");`
`145`	`145`	`}`
	`146`	`+ if (inLen < iv.length)`
	`147`	`+ {`
	`148`	`+ throw new InvalidCipherTextException("unwrap data too short");`
	`149`	`+ }`
`146`	`150`
`147`	`151`	`int n = inLen / 8;`
`148`	`152`
Original file line number	Diff line number	Diff line change
`@@ -216,15 +216,27 @@ public void performTest()`
`216`	`216`	`}`
`217`	`217`
`218`	`218`	`//`
`219`		`- // short test`
	`219`	`+ // short tests`
`220`	`220`	`//`
`221`	`221`	`try`
`222`	`222`	`{`
`223`	`223`	`wrapper.init(false, key);`
`224`	`224`
	`225`	`+ wrapper.unwrap(buf, 0, 0);`
	`226`	`+`
	`227`	`+ fail("failed unwrap short test 1.");`
	`228`	`+ }`
	`229`	`+ catch (InvalidCipherTextException e)`
	`230`	`+ {`
	`231`	`+ // expected`
	`232`	`+ }`
	`233`	`+ try`
	`234`	`+ {`
	`235`	`+ wrapper.init(false, key);`
	`236`	`+`
`225`	`237`	`wrapper.unwrap(buf, 0, buf.length / 2);`
`226`	`238`
`227`		`- fail("failed unwrap short test.");`
	`239`	`+ fail("failed unwrap short test 2.");`
`228`	`240`	`}`
`229`	`241`	`catch (InvalidCipherTextException e)`
`230`	`242`	`{`
`@@ -237,7 +249,7 @@ public void performTest()`
`237`	`249`
`238`	`250`	`wrapper.wrap(buf, 0, 15);`
`239`	`251`
`240`		`- fail("ailed wrap length test.");`
	`252`	`+ fail("failed wrap length test.");`
`241`	`253`	`}`
`242`	`254`	`catch (DataLengthException e)`
`243`	`255`	`{`