Skip to content

esp: check decrypted pad_len.#62

Merged
danielinux merged 5 commits intowolfSSL:masterfrom
philljj:esp_pad_len
Mar 4, 2026
Merged

esp: check decrypted pad_len.#62
danielinux merged 5 commits intowolfSSL:masterfrom
philljj:esp_pad_len

Conversation

@philljj
Copy link
Contributor

@philljj philljj commented Mar 3, 2026
edited
Loading

Description

Check that decrypted pad_len is reasonable. Fixes F/225.

Added null-encryption + hmac auth API wolfIP_esp_sa_new_hmac() (mainly to facilitate testing).

Cleaned up and improved auth key/enc key/icv len checks.

Added esp unit tests:

  • test_sa_hmac_good
  • test_unwrap_pad_too_big

Copilot AI review requested due to automatic review settings March 3, 2026 16:15
@philljj philljj self-assigned this Mar 3, 2026
Copilot AI reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens ESP transport-mode packet parsing by validating the decrypted pad_len field before using it to adjust lengths and strip headers/trailers.

Changes:

  • Clarifies the trailer parsing comment to reference pad_len.
  • Adds a post-decrypt consistency check ensuring pad_len cannot imply more padding than the ESP payload can contain (rejects packet if invalid).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@philljj philljj requested a review from Copilot March 3, 2026 22:34
Copilot AI reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings March 4, 2026 05:58
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@philljj philljj requested a review from danielinux March 4, 2026 06:39
@danielinux danielinux merged commit 827d901 into wolfSSL:master Mar 4, 2026
15 checks passed
@philljj philljj deleted the esp_pad_len branch March 4, 2026 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@danielinux danielinux danielinux approved these changes

Assignees

@danielinux danielinux

@philljj philljj

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@philljj @danielinux