Add parameter validation for AES-CTR

2018-12-13 11:08:36 +01:00 · 2018-12-13 11:08:36 +01:00 · 2bc535be86
commit 2bc535be86
parent 8e41eb7187
3 changed files with 37 additions and 1 deletions
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@ -561,15 +561,21 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
 *             securely discarded as soon as it's no longer needed.
 *
 * \param ctx              The AES context to use for encryption or decryption.
+ *                         It must be initialized and bound to a key.
 * \param length           The length of the input data.
 * \param nc_off           The offset in the current \p stream_block, for
 *                         resuming within the current cipher stream. The
 *                         offset pointer should be 0 at the start of a stream.
+ *                         It must point to a valid \c size_t.
 * \param nonce_counter    The 128-bit nonce and counter.
+ *                         It must be a readable-writeable buffer of 16 Bytes.
 * \param stream_block     The saved stream block for resuming. This is
 *                         overwritten by the function.
+ *                         It must be a readable-writeable buffer of 16 Bytes.
 * \param input            The buffer holding the input data.
+ *                         It must be readable and of size \p length.
 * \param output           The buffer holding the output data.
+ *                         It must be writeable and of size \p length.
 *
 * \return                 \c 0 on success.
 */
--- a/library/aes.c
+++ b/library/aes.c
@ -1425,7 +1425,16 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
                       unsigned char *output )
 {
    int c, i;
-    size_t n = *nc_off;
+    size_t n;
+
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( nc_off != NULL );
+    AES_VALIDATE_RET( nonce_counter != NULL );
+    AES_VALIDATE_RET( stream_block != NULL );
+    AES_VALIDATE_RET( input != NULL );
+    AES_VALIDATE_RET( output != NULL );
+
+    n = *nc_off;

    if ( n > 0x0F )
        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@ -534,6 +534,27 @@ void aes_check_params( )
                            mbedtls_aes_crypt_ofb( &aes_ctx, 16,
                                                   &size, out, in, NULL ) );
 #endif /* MBEDTLS_CIPHER_MODE_OFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( NULL, 16, &size, out,
+                                                   out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out,
+                                                   out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL,
+                                                   out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
+                                                   NULL, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
+                                                   out, NULL, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
+                                                   out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
 }
 /* END_CASE */