Add check ensuring output is set to the least-harmful value in error cases

With the robustness fix: `PASSED (125 suites, 26639 tests run)` Without the robustness fix: `FAILED (125 suites, 26639 tests run)` Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com> Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
2025-02-21 06:40:50 +00:00 · 2024-05-02 09:51:49 -05:00 · 2024-05-02 09:51:49 -05:00 · 043aa9e2a2
commit 043aa9e2a2
parent d0a1691b99
1 changed files with 8 additions and 0 deletions
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@ -549,6 +549,10 @@ void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val,
    /* encode length number of bytes from inbuf */
    TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen));
    TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen));
+    if (0 != ret) {
+        /* Check output parameter is set to the least-harmful value on error */
+        TEST_ASSERT(0 == outlen);
+    }

    /* done */
 exit:
@ -826,6 +830,10 @@ void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key,
    total_len += outlen;
    TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen,
                                                       &outlen));
+    if (0 != finish_result) {
+        /* Check output parameter is set to the least-harmful value on error */
+        TEST_ASSERT(0 == outlen);
+    }
    total_len += outlen;
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
    int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM ||