Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Aligns wc_AesGcmDecryptFinal() authentication tag size validation with other GCM APIs by enforcing WOLFSSL_MIN_AUTH_TAG_SZ (default 12) instead of only rejecting zero-length tags.
Changes:
- Tighten
authTagSzvalidation inwc_AesGcmDecryptFinal()to reject tags smaller thanWOLFSSL_MIN_AUTH_TAG_SZ.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Please re-run the failed test |
|
Please retry the failed test |
|
Jenkins retest this please |
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
PR looks good but I'd like a test case.
|
Please retry the failed tests. |
|
Jenkins retest this please |
1 similar comment
|
Jenkins retest this please |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Description
wc_AesGcmDecryptFinal() checks authTagSz == 0 to reject zero-length tags, but does not enforce authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ (default 12). Every other GCM API surface enforces this minimum: wc_AesGcmEncrypt (line 10056), wc_AesGcmDecrypt (line 10786), and wc_AesGcmEncryptFinal (line 12477) all check authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ.
Changes
This PR fixes the validation of authTagSz as like other GCM APIs.
Testing
./configure --enable-all