commit 8e41eb718727b7bdfcd8fb96afa412d98a9267ea
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Dec 13 11:00:56 2018 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Dec 18 12:22:40 2018 +0100
tree 5afb4e7aec158872c59a96b1d3da8ed9aaf7e770
parent 1677cca54b51f0c82c6ec24825443ae0fc592a1f

Add parameter validation for AES-OFB

include/mbedtls/aes.h

diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 4cc4d14..93522e6 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -480,11 +480,16 @@
  *              will compromise security.
  *
  * \param ctx      The AES context to use for encryption or decryption.
+ *                 It must be initialized and bound to a key.
  * \param length   The length of the input data.
  * \param iv_off   The offset in IV (updated after use).
+ *                 It must point to a valid \c size_t.
  * \param iv       The initialization vector (updated after use).
+ *                 It must be a readable and writeable buffer of 16 Bytes.
  * \param input    The buffer holding the input data.
+ *                 It must be readable and of size \p length.
  * \param output   The buffer holding the output data.
+ *                 It must be writeable and of size \p length.
  *
  * \return         \c 0 on success.
  */

library/aes.c

diff --git a/library/aes.c b/library/aes.c
index b705290..52fc74c 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1382,7 +1382,15 @@
                            unsigned char *output )
 {
     int ret = 0;
-    size_t n = *iv_off;
+    size_t n;
+
+    AES_VALIDATE_RET( ctx != NULL );
+    AES_VALIDATE_RET( iv_off != NULL );
+    AES_VALIDATE_RET( iv != NULL );
+    AES_VALIDATE_RET( input != NULL );
+    AES_VALIDATE_RET( output != NULL );
+
+    n = *iv_off;
 
     while( length-- )
     {

tests/suites/test_suite_aes.function

diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index f581cbe..d585ffb 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -516,6 +516,24 @@
                                                     MBEDTLS_AES_ENCRYPT, 16,
                                                     out, in, NULL ) );
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( NULL, 16,
+                                                   &size, out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+                                                   NULL, out, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+                                                   &size, NULL, in, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+                                                   &size, out, NULL, out ) );
+    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+                            mbedtls_aes_crypt_ofb( &aes_ctx, 16,
+                                                   &size, out, in, NULL ) );
+#endif /* MBEDTLS_CIPHER_MODE_OFB */
 }
 /* END_CASE */