commit 26d365eb54fd3503562d218a019f28a79369ba07
author k-stachowiak <krzysiek.stachowiak@gmail.com> Tue Dec 11 12:22:16 2018 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Dec 19 19:02:39 2018 +0100
tree e5524ff6c0cb190344318fc901a86778e81c9ff3
parent 54b789aa742f68572b7f9916cde8e4fd8e0ff011

Add parameter validation for CCM

library/ccm.c

diff --git a/library/ccm.c b/library/ccm.c
index 90cab8e..4bb3642 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -52,6 +52,11 @@
 
 #if !defined(MBEDTLS_CCM_ALT)
 
+#define CCM_VALIDATE_RET( cond ) \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
+#define CCM_VALIDATE( cond ) \
+    MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #define CCM_ENCRYPT 0
 #define CCM_DECRYPT 1
 
@@ -60,6 +65,7 @@
  */
 void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
 {
+    CCM_VALIDATE( ctx != NULL );
     memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
 }
 
@@ -71,6 +77,9 @@
     int ret;
     const mbedtls_cipher_info_t *cipher_info;
 
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( key != NULL );
+
     cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
     if( cipher_info == NULL )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
@@ -97,6 +106,7 @@
  */
 void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
 {
+    CCM_VALIDATE( ctx != NULL );
     mbedtls_cipher_free( &ctx->cipher_ctx );
     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
 }
@@ -310,6 +320,12 @@
                          const unsigned char *input, unsigned char *output,
                          unsigned char *tag, size_t tag_len )
 {
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( iv != NULL );
+    CCM_VALIDATE_RET( add != NULL );
+    CCM_VALIDATE_RET( input != NULL );
+    CCM_VALIDATE_RET( output != NULL );
+    CCM_VALIDATE_RET( tag != NULL );
     return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
                             add, add_len, input, output, tag, tag_len ) );
 }
@@ -320,6 +336,12 @@
                          const unsigned char *input, unsigned char *output,
                          unsigned char *tag, size_t tag_len )
 {
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( iv != NULL );
+    CCM_VALIDATE_RET( add != NULL );
+    CCM_VALIDATE_RET( input != NULL );
+    CCM_VALIDATE_RET( output != NULL );
+    CCM_VALIDATE_RET( tag != NULL );
     if( tag_len == 0 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
@@ -341,6 +363,13 @@
     unsigned char i;
     int diff;
 
+    CCM_VALIDATE_RET( ctx != NULL );
+    CCM_VALIDATE_RET( iv != NULL );
+    CCM_VALIDATE_RET( add != NULL );
+    CCM_VALIDATE_RET( input != NULL );
+    CCM_VALIDATE_RET( output != NULL );
+    CCM_VALIDATE_RET( tag != NULL );
+
     if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
                                 iv, iv_len, add, add_len,
                                 input, output, check_tag, tag_len ) ) != 0 )