lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-03 20:33:16 +03:00
Code Activity

Add parameter validation for AES-CTR

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2018-12-13 11:08:36 +01:00
parent 8e41eb7187
commit 2bc535be86
3 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/mbedtls/aes.h
View File

@@ -561,15 +561,21 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
* securely discarded as soon as it's no longer needed. * securely discarded as soon as it's no longer needed.
* *
* \param ctx The AES context to use for encryption or decryption. * \param ctx The AES context to use for encryption or decryption.
* It must be initialized and bound to a key.
* \param length The length of the input data. * \param length The length of the input data.
* \param nc_off The offset in the current \p stream_block, for * \param nc_off The offset in the current \p stream_block, for
* resuming within the current cipher stream. The * resuming within the current cipher stream. The
* offset pointer should be 0 at the start of a stream. * offset pointer should be 0 at the start of a stream.
* It must point to a valid \c size_t.
* \param nonce_counter The 128-bit nonce and counter. * \param nonce_counter The 128-bit nonce and counter.
* It must be a readable-writeable buffer of 16 Bytes.
* \param stream_block The saved stream block for resuming. This is * \param stream_block The saved stream block for resuming. This is
* overwritten by the function. * overwritten by the function.
* It must be a readable-writeable buffer of 16 Bytes.
* \param input The buffer holding the input data. * \param input The buffer holding the input data.
* It must be readable and of size \p length.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* It must be writeable and of size \p length.
* *
* \return \c 0 on success. * \return \c 0 on success.
*/ */

11
library/aes.c
View File

@@ -1425,7 +1425,16 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
unsigned char *output ) unsigned char *output )
{ {
int c, i; int c, i;
size_t n = *nc_off; size_t n;
AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( nc_off != NULL );
AES_VALIDATE_RET( nonce_counter != NULL );
AES_VALIDATE_RET( stream_block != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
n = *nc_off;
if ( n > 0x0F ) if ( n > 0x0F )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );

21
tests/suites/test_suite_aes.function
View File

@@ -534,6 +534,27 @@ void aes_check_params( )
mbedtls_aes_crypt_ofb( &aes_ctx, 16, mbedtls_aes_crypt_ofb( &aes_ctx, 16,
&size, out, in, NULL ) ); &size, out, in, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_OFB */ #endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( NULL, 16, &size, out,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL,
out, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
NULL, in, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
out, NULL, out ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
out, in, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
} }
/* END_CASE */ /* END_CASE */