Force-zero wc_AesSivDecrypt*() output buffer on authentication failure#10668
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates AES-SIV decryption to wipe (ForceZero) the caller-provided plaintext output buffer when authentication fails, preventing accidental plaintext disclosure after an AES_SIV_AUTH_E return.
Changes:
- In
AesSivCipher()(AES-SIV decrypt path), zeroizeouton authentication/verification failure. - Ensure SIV comparison is only performed when S2V computation succeeded (
ret == 0). - Add a negative test intended to assert output buffer zeroization on auth failure.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
wolfcrypt/src/aes.c |
Zeroizes AES-SIV decrypt output buffer on verification failure; avoids overwriting earlier errors by guarding SIV compare with ret == 0. |
wolfcrypt/test/test.c |
Adds a negative test for AES-SIV auth failure intended to verify output buffer is wiped. |
Comments suppressed due to low confidence (1)
wolfcrypt/test/test.c:74812
- The new negative test intends to verify that plaintext output is force-zeroed on authentication failure, but it uses
testVectors[0], whoseplaintextSzis 0 (empty plaintext). As a result, the loop never checks any output bytes and the test will pass even if the decrypt function does not wipe the output buffer. Use a vector with non-zeroplaintextSz(e.g., index 2 in this table) so the zeroization assertion is meaningful.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
retest this please (build removed) |
|
retest this please (org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException: Unable to create live FilePath for wolf-linux-cloud-node-sgx898; wolf-linux-cloud-node-sgx898 was marked offline: Connection was broken) |
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: COMMENT
Findings: 2 total — 2 posted, 0 skipped
2 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [Low] Output buffer not zeroed when AES-CTR step fails during decrypt —
wolfcrypt/src/aes.c:17073-17105 - [Info] Negative test hardcodes magic vector index [5] —
wolfcrypt/test/test.c:74796-74823
Review generated by Skoll
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: COMMENT
Findings: 3 total — 3 posted, 0 skipped
3 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [Low] Allman brace style inconsistent with file's K&R convention —
wolfcrypt/test/test.c:74797-74805 - [Low] New test lines exceed 80-column width —
wolfcrypt/test/test.c:74787,74808-74824 - [Low] Naming/type inconsistent with sibling SIV test helpers —
wolfcrypt/test/test.c:74787-74794
Review generated by Skoll
|
retest this please (org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException: Unable to create live FilePath for wolf-linux-cloud-node-pbjn3e; wolf-linux-cloud-node-pbjn3e was marked offline: Connection was broken) |
|
retest this please (ERROR: script returned exit code 255) |
|
Jenkins retest this please: "Build 'wolfSSL/PRB-fips-repo-and-harness-test-v3-part2' failed with result: FAILURE" |
|
Jenkins retest this please: "Build 'wolfSSL/PRB-fips-repo-and-harness-test-v3-part2' failed with result: ABORTED" |
Description
Force-zero wc_AesSivDecrypt*() output buffer on authentication failure
Fixes F-5394
Testing
How did you test?
Checklist