mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-10 15:40:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Initialize CCM context before doing anything fallible

Browse Source 
Otherwise mbedtls_ccm_free() in cleanup could corrupt memory if a failure
happens.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-10-07 11:11:32 +02:00
parent 5dea5f355a
commit efe30760e5
1 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
tests/suites/test_suite_ccm.function
View File

@ -79,11 +79,11 @@ void mbedtls_ccm_self_test()
void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
unsigned char key[32];
int ret;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
memset(key, 0x2A, sizeof(key));
TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
@ -101,6 +101,7 @@ exit:
void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
@ -110,7 +111,6 @@ void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
int decrypt_ret;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_CALLOC_OR_SKIP(add, add_len);
memset(key, 0, sizeof(key));
@ -146,6 +146,7 @@ void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len,
int res)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
@ -155,7 +156,6 @@ void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len,
int decrypt_ret;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
memset(key, 0, sizeof(key));
memset(msg, 0, sizeof(msg));
@ -191,6 +191,7 @@ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
data_t *add, data_t *result)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
size_t n1, n1_add;
uint8_t *io_msg_buf = NULL;
uint8_t *tag_buf = NULL;
@ -207,7 +208,6 @@ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
TEST_CALLOC(tag_buf, expected_tag_len);
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
/* Test with input == output */
TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
@ -248,11 +248,11 @@ void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key,
data_t *msg, data_t *iv, data_t *result)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
@ -277,6 +277,7 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
data_t *expected_msg)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
size_t n1, n1_add;
const size_t expected_msg_len = msg->len - expected_tag_len;
@ -290,7 +291,6 @@ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
}
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
/* Test with input == output */
TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
@ -343,6 +343,7 @@ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
{
unsigned char iv[13];
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
size_t iv_len, expected_tag_len;
size_t n1, n1_add;
uint8_t *io_msg_buf = NULL;
@ -379,7 +380,6 @@ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
iv_len = sizeof(iv);
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id,
key->x, key->len * 8), 0);
/* Test with input == output */
@ -430,6 +430,7 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id,
{
unsigned char iv[13];
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
size_t iv_len, expected_tag_len;
size_t n1, n1_add;
@ -460,7 +461,6 @@ void mbedtls_ccm_star_auth_decrypt(int cipher_id,
iv_len = sizeof(iv);
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
/* Test with input == output */
TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len,
@ -507,6 +507,7 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode,
data_t *result, data_t *tag)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
@ -514,7 +515,6 @@ void mbedtls_ccm_skip_ad(int cipher_id, int mode,
TEST_EQUAL(msg->len, result->len);
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
@ -547,10 +547,10 @@ void mbedtls_ccm_skip_update(int cipher_id, int mode,
data_t *tag)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len));
@ -577,9 +577,9 @@ void mbedtls_ccm_overflow_ad(int cipher_id, int mode,
data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@ -600,9 +600,9 @@ void mbedtls_ccm_unexpected_ad(int cipher_id, int mode,
data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@ -622,11 +622,11 @@ void mbedtls_ccm_unexpected_text(int cipher_id, int mode,
data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is not a part of this test
@ -651,10 +651,10 @@ void mbedtls_ccm_incomplete_ad(int cipher_id, int mode,
data_t *key, data_t *iv, data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@ -680,9 +680,9 @@ void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode,
data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@ -706,13 +706,13 @@ void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode,
data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t add_second_buffer[2];
add_second_buffer[0] = add->x[add->len - 1];
add_second_buffer[1] = 0xAB; // some magic value
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@ -735,11 +735,11 @@ void mbedtls_ccm_overflow_update(int cipher_id, int mode,
data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is a not a part of this test
@ -765,11 +765,11 @@ void mbedtls_ccm_incomplete_update(int cipher_id, int mode,
data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is not a part of this test
@ -801,11 +801,11 @@ void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode,
data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is a not a part of this test
@ -834,6 +834,7 @@ void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode,
data_t *add)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
uint8_t msg_second_buffer[2];
@ -842,7 +843,6 @@ void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode,
msg_second_buffer[1] = 0xAB; // some magic value
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is a not a part of this test
@ -869,10 +869,10 @@ void mbedtls_ccm_instant_finish(int cipher_id, int mode,
data_t *key, data_t *iv)
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
BLOCK_CIPHER_PSA_INIT();
mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for add length, msg length and tag length.