mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-18 14:42:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add parameter validation for mbedtls_aes_crypt_ecb()

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2018-12-12 12:56:55 +01:00
parent 68e3dff3f1
commit 1aca260571
3 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/mbedtls/aes.h
View File

@ -246,10 +246,13 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
* call to this API with the same context. * call to this API with the same context.
* *
* \param ctx The AES context to use for encryption or decryption. * \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
* #MBEDTLS_AES_DECRYPT. * #MBEDTLS_AES_DECRYPT.
* \param input The 16-Byte buffer holding the input data. * \param input The buffer holding the input data.
* \param output The 16-Byte buffer holding the output data. * It must be readable and at least 16 Bytes long.
* \param output The buffer where the output data will be written.
* It must be writeable and at least 16 Bytes long.
* \return \c 0 on success. * \return \c 0 on success.
*/ */

6
library/aes.c
View File

@ -1006,6 +1006,12 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16] ) unsigned char output[16] )
{ {
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT );
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) ); return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );

16
tests/suites/test_suite_aes.function
View File

@ -379,6 +379,8 @@ void aes_invalid_param( )
mbedtls_aes_xts_context xts_ctx; mbedtls_aes_xts_context xts_ctx;
#endif #endif
const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
const unsigned char in[16] = { 0 };
unsigned char out[16];
TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) );
#if defined(MBEDTLS_CIPHER_MODE_XTS) #if defined(MBEDTLS_CIPHER_MODE_XTS)
@ -406,6 +408,20 @@ void aes_invalid_param( )
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) ); mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) );
#endif #endif
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ecb( NULL,
MBEDTLS_AES_ENCRYPT, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ecb( &aes_ctx,
42, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ecb( &aes_ctx,
MBEDTLS_AES_ENCRYPT, NULL, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ecb( &aes_ctx,
MBEDTLS_AES_ENCRYPT, in, NULL ) );
} }
/* END_CASE */ /* END_CASE */