TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / efe30760e5dad5c73f976cfefda5a11c5ab86a9a^! / . / tests / suites / test_suite_ccm.function
commitefe30760e5dad5c73f976cfefda5a11c5ab86a9a[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon Oct 07 11:11:32 2024 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Mon Oct 28 10:09:18 2024 +0100
tree45956b50b29986c78a75e6cb4c0ca0af0730e34b
parent5dea5f355a4707f03dafa558c161ae7a4fa6eb4e [diff] [blame]
Initialize CCM context before doing anything fallible

Otherwise mbedtls_ccm_free() in cleanup could corrupt memory if a failure
happens.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index dbb313b..8c39d27 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function

@@ -79,11 +79,11 @@
 void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     unsigned char key[32];
     int ret;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
 
     memset(key, 0x2A, sizeof(key));
     TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
@@ -101,6 +101,7 @@
 void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     unsigned char key[16];
     unsigned char msg[10];
     unsigned char iv[14];
@@ -110,7 +111,6 @@
     int decrypt_ret;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
 
     TEST_CALLOC_OR_SKIP(add, add_len);
     memset(key, 0, sizeof(key));
@@ -146,6 +146,7 @@
                       int res)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     unsigned char key[16];
     unsigned char msg[10];
     unsigned char iv[14];
@@ -155,7 +156,6 @@
     int decrypt_ret;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
 
     memset(key, 0, sizeof(key));
     memset(msg, 0, sizeof(msg));
@@ -191,6 +191,7 @@
                                  data_t *add, data_t *result)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     size_t n1, n1_add;
     uint8_t *io_msg_buf = NULL;
     uint8_t *tag_buf = NULL;
@@ -207,7 +208,6 @@
     TEST_CALLOC(tag_buf, expected_tag_len);
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     /* Test with input == output */
     TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
@@ -248,11 +248,11 @@
                              data_t *msg, data_t *iv, data_t *result)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
     size_t olen;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
@@ -277,6 +277,7 @@
                               data_t *expected_msg)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     size_t n1, n1_add;
 
     const size_t expected_msg_len = msg->len - expected_tag_len;
@@ -290,7 +291,6 @@
     }
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     /* Test with input == output */
     TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
@@ -343,6 +343,7 @@
 {
     unsigned char iv[13];
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     size_t iv_len, expected_tag_len;
     size_t n1, n1_add;
     uint8_t *io_msg_buf = NULL;
@@ -379,7 +380,6 @@
     iv_len = sizeof(iv);
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id,
                                   key->x, key->len * 8), 0);
     /* Test with input == output */
@@ -430,6 +430,7 @@
 {
     unsigned char iv[13];
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     size_t iv_len, expected_tag_len;
     size_t n1, n1_add;
 
@@ -460,7 +461,6 @@
     iv_len = sizeof(iv);
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
     /* Test with input == output */
     TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len,
@@ -507,6 +507,7 @@
                          data_t *result, data_t *tag)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
     size_t olen;
 
@@ -514,7 +515,6 @@
     TEST_EQUAL(msg->len, result->len);
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
@@ -547,10 +547,10 @@
                              data_t *tag)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len));
@@ -577,9 +577,9 @@
                              data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded values for msg length and tag length. They are not a part of this test
@@ -600,9 +600,9 @@
                                data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded values for msg length and tag length. They are not a part of this test
@@ -622,11 +622,11 @@
                                  data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
     size_t olen;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded value for tag length. It is not a part of this test
@@ -651,10 +651,10 @@
                                data_t *key, data_t *iv, data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded values for msg length and tag length. They are not a part of this test
@@ -680,9 +680,9 @@
                                       data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded values for msg length and tag length. They are not a part of this test
@@ -706,13 +706,13 @@
                                             data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t add_second_buffer[2];
 
     add_second_buffer[0] = add->x[add->len - 1];
     add_second_buffer[1] = 0xAB; // some magic value
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded values for msg length and tag length. They are not a part of this test
@@ -735,11 +735,11 @@
                                  data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
     size_t olen;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded value for tag length. It is a not a part of this test
@@ -765,11 +765,11 @@
                                    data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
     size_t olen;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded value for tag length. It is not a part of this test
@@ -801,11 +801,11 @@
                                           data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
     size_t olen;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded value for tag length. It is a not a part of this test
@@ -834,6 +834,7 @@
                                             data_t *add)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
     size_t olen;
     uint8_t msg_second_buffer[2];
@@ -842,7 +843,6 @@
     msg_second_buffer[1] = 0xAB; // some magic value
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded value for tag length. It is a not a part of this test
@@ -869,10 +869,10 @@
                                 data_t *key, data_t *iv)
 {
     mbedtls_ccm_context ctx;
+    mbedtls_ccm_init(&ctx);
     uint8_t *output = NULL;
 
     BLOCK_CIPHER_PSA_INIT();
-    mbedtls_ccm_init(&ctx);
     TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
     TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
     // use hardcoded values for add length, msg length and tag length.