Merge pull request wolfSSL#214 from miyazakh/f-644_readofMAXLEN

dgarske · web-flow · commit a17667097d25 · 2026-04-10T09:59:49.000-07:00
F-644: fix read of exactly MAX_LEN bytes treated as error
diff --git a/src/crypto/clu_decrypt.c b/src/crypto/clu_decrypt.c
@@ -156,12 +156,17 @@ int wolfCLU_decrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,
             }
             else {
                 ret = (int)XFREAD(input, 1, MAX_LEN, inFile);
-                if ((ret > 0 && ret != MAX_LEN) || feof(inFile)) {
+                if (ret > 0) {
                     tempMax = ret;
                     ret = 0; /* success */
                 }
                 else {
-                    wolfCLU_LogError("Input file does not exist.");
+                    if (feof(inFile)) {
+                        wolfCLU_LogError("Unexpected end of file.");
+                    }
+                    else {
+                        wolfCLU_LogError("File read error.");
+                    }
                     ret = FREAD_ERROR;
                 }
             }
diff --git a/tests/encrypt/enc-test.sh b/tests/encrypt/enc-test.sh
@@ -185,5 +185,29 @@ fi
 rm -f test-dec.der
 rm -f test-enc.der
 
+# camellia: decrypt file whose size is a multiple of MAX_LEN (2 x 1024 bytes)
+# to ensure the exact-boundary read case is covered (non-EVP path)
+if grep -q "HAVE_CAMELLIA" wolfssl/wolfssl/options.h 2>/dev/null; then
+    dd if=/dev/urandom bs=2048 count=1 of=test_maxlen_camellia.bin 2>/dev/null
+    ./wolfssl encrypt camellia-cbc-128 -pwd testpwd \
+        -in test_maxlen_camellia.bin -out test_maxlen_camellia.enc
+    if [ $? != 0 ]; then
+        echo "failed to encrypt in MAX_LEN boundary test"
+        exit 99
+    fi
+    ./wolfssl decrypt camellia-cbc-128 \
+        -in test_maxlen_camellia.enc -out test_maxlen_camellia.dec -pwd testpwd
+    if [ $? != 0 ]; then
+        echo "failed to decrypt in MAX_LEN boundary test"
+        exit 99
+    fi
+    diff test_maxlen_camellia.bin test_maxlen_camellia.dec &> /dev/null
+    if [ $? != 0 ]; then
+        echo "MAX_LEN boundary: decrypted file does not match original"
+        exit 99
+    fi
+    rm -f test_maxlen_camellia.bin test_maxlen_camellia.enc test_maxlen_camellia.dec
+fi
+
 echo "Done"
 exit 0

Original file line number	Diff line number	Diff line change
`@@ -156,12 +156,17 @@ int wolfCLU_decrypt(int alg, char* mode, byte* pwdKey, byte* key, int size,`
`156`	`156`	`}`
`157`	`157`	`else {`
`158`	`158`	`ret = (int)XFREAD(input, 1, MAX_LEN, inFile);`
`159`		`- if ((ret > 0 && ret != MAX_LEN) \|\| feof(inFile)) {`
	`159`	`+ if (ret > 0) {`
`160`	`160`	`tempMax = ret;`
`161`	`161`	`ret = 0; /* success */`
`162`	`162`	`}`
`163`	`163`	`else {`
`164`		`- wolfCLU_LogError("Input file does not exist.");`
	`164`	`+ if (feof(inFile)) {`
	`165`	`+ wolfCLU_LogError("Unexpected end of file.");`
	`166`	`+ }`
	`167`	`+ else {`
	`168`	`+ wolfCLU_LogError("File read error.");`
	`169`	`+ }`
`165`	`170`	`ret = FREAD_ERROR;`
`166`	`171`	`}`
`167`	`172`	`}`