Fix off-by-one in iv_off check and add tests
diff --git a/library/aes.c b/library/aes.c
index 1c743f9..0543cd7 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1298,7 +1298,7 @@
n = *iv_off;
- if( n > 16 )
+ if( n > 15 )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
if( mode == MBEDTLS_AES_DECRYPT )
@@ -1394,7 +1394,7 @@
n = *iv_off;
- if( n > 16 )
+ if( n > 15 )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
while( length-- )
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 3762ba4..f74183d 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -569,6 +569,7 @@
#endif
const unsigned char in[16] = { 0 };
unsigned char out[16];
+ size_t size;
/* These calls accept NULL */
TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
@@ -597,6 +598,19 @@
in, in, out )
== MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ size = 16;
+ TEST_ASSERT( mbedtls_aes_crypt_cfb128( &aes_ctx, MBEDTLS_AES_ENCRYPT, 16,
+ &size, out, in, out )
+ == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+ size = 16;
+ TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
+ == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+#endif
}
/* END_CASE */