Skip to content

F-644: fix read of exactly MAX_LEN bytes treated as error #214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 3 commits into from
Apr 10, 2026
Merged

F-644: fix read of exactly MAX_LEN bytes treated as error #214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ed74143
fix read of exctly MAX_LEN bytes treated as error
miyazakh Mar 27, 2026
86be75d
addressed copilot comments
miyazakh Mar 27, 2026
7f91683
Addressed Copilot review comments
miyazakh Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions src/crypto/clu_decrypt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,12 +156,17 @@ int wolfCLU_decrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
}
else {
ret = (int)XFREAD(input, 1, MAX_LEN, inFile);
if ((ret > 0 && ret != MAX_LEN) || feof(inFile)) {
if (ret > 0) {
tempMax = ret;
ret = 0; /* success */
}
else {
wolfCLU_LogError("Input file does not exist.");
if (feof(inFile)) {
wolfCLU_LogError("Unexpected end of file.");
}
else {
wolfCLU_LogError("File read error.");
}
ret = FREAD_ERROR;
}
}
Expand Down
24 changes: 24 additions & 0 deletions tests/encrypt/enc-test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,5 +185,29 @@ fi
rm -f test-dec.der
rm -f test-enc.der

# camellia: decrypt file whose size is a multiple of MAX_LEN (2 x 1024 bytes)
# to ensure the exact-boundary read case is covered (non-EVP path)
if grep -q "HAVE_CAMELLIA" wolfssl/wolfssl/options.h 2>/dev/null; then
dd if=/dev/urandom bs=2048 count=1 of=test_maxlen_camellia.bin 2>/dev/null
./wolfssl encrypt camellia-cbc-128 -pwd testpwd \
-in test_maxlen_camellia.bin -out test_maxlen_camellia.enc
if [ $? != 0 ]; then
echo "failed to encrypt in MAX_LEN boundary test"
exit 99
fi
./wolfssl decrypt camellia-cbc-128 \
-in test_maxlen_camellia.enc -out test_maxlen_camellia.dec -pwd testpwd
if [ $? != 0 ]; then
echo "failed to decrypt in MAX_LEN boundary test"
exit 99
fi
diff test_maxlen_camellia.bin test_maxlen_camellia.dec &> /dev/null
if [ $? != 0 ]; then
echo "MAX_LEN boundary: decrypted file does not match original"
exit 99
fi
rm -f test_maxlen_camellia.bin test_maxlen_camellia.enc test_maxlen_camellia.dec
fi

echo "Done"
exit 0
Loading