Make all parameter validation tests optional
diff --git a/library/cipher.c b/library/cipher.c
index d2078f6..c45a1a4 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -181,8 +181,8 @@
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
{
- if( NULL == cipher_info || NULL == ctx )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( cipher_info != NULL );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
@@ -210,12 +210,12 @@
int key_bitlen,
const mbedtls_operation_t operation )
{
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ctx->cipher_info != NULL );
+ CIPHER_VALIDATE_RET( key != NULL );
CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
operation == MBEDTLS_DECRYPT );
- if( NULL == ctx || NULL == ctx->cipher_info )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
(int) ctx->cipher_info->key_bitlen != key_bitlen )
{
@@ -250,10 +250,9 @@
{
size_t actual_iv_size;
- if( NULL == ctx || NULL == ctx->cipher_info )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- else if( NULL == iv && iv_len != 0 )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ctx->cipher_info != NULL );
+ CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
if( NULL == iv && iv_len == 0 )
ctx->iv_size = 0;
@@ -296,8 +295,8 @@
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
{
- if( NULL == ctx || NULL == ctx->cipher_info )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ctx->cipher_info != NULL );
ctx->unprocessed_len = 0;
@@ -308,11 +307,10 @@
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ctx->cipher_info != NULL );
CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- if( NULL == ctx || NULL == ctx->cipher_info )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
#if defined(MBEDTLS_GCM_C)
if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
{
@@ -352,15 +350,12 @@
int ret;
size_t block_size;
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ctx->cipher_info != NULL );
CIPHER_VALIDATE_RET( input != NULL );
CIPHER_VALIDATE_RET( output != NULL );
CIPHER_VALIDATE_RET( olen != NULL );
- if( NULL == ctx || NULL == ctx->cipher_info )
- {
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- }
-
*olen = 0;
block_size = mbedtls_cipher_get_block_size( ctx );
@@ -764,12 +759,11 @@
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen )
{
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ctx->cipher_info != NULL );
CIPHER_VALIDATE_RET( output != NULL );
CIPHER_VALIDATE_RET( olen != NULL );
- if( NULL == ctx || NULL == ctx->cipher_info )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
*olen = 0;
if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
@@ -906,11 +900,10 @@
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ctx->cipher_info != NULL );
CIPHER_VALIDATE_RET( tag != NULL );
- if( NULL == ctx || NULL == ctx->cipher_info )
- return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
if( MBEDTLS_ENCRYPT != ctx->operation )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -940,10 +933,11 @@
unsigned char check_tag[16];
int ret;
+ CIPHER_VALIDATE_RET( ctx != NULL );
+ CIPHER_VALIDATE_RET( ctx->cipher_info != NULL );
CIPHER_VALIDATE_RET( tag != NULL );
- if( NULL == ctx || NULL == ctx->cipher_info ||
- MBEDTLS_DECRYPT != ctx->operation )
+ if( MBEDTLS_DECRYPT != ctx->operation )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 3d559a3..dd997b0 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -25,9 +25,6 @@
void cipher_null_args( )
{
mbedtls_cipher_context_t ctx;
- const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type( *( mbedtls_cipher_list() ) );
- unsigned char buf[1] = { 0 };
- size_t olen;
mbedtls_cipher_init( &ctx );
@@ -41,53 +38,6 @@
TEST_ASSERT( mbedtls_cipher_get_iv_size( &ctx ) == 0 );
TEST_ASSERT( mbedtls_cipher_info_from_string( NULL ) == NULL );
-
- TEST_ASSERT( mbedtls_cipher_setup( &ctx, NULL )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_setup( NULL, info )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_cipher_setkey( NULL, buf, 0, MBEDTLS_ENCRYPT )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_setkey( &ctx, buf, 0, MBEDTLS_ENCRYPT )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_cipher_set_iv( NULL, buf, 0 )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, buf, 0 )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_cipher_reset( NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( mbedtls_cipher_update_ad( NULL, buf, 0 )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_update_ad( &ctx, buf, 0 )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-#endif
-
- TEST_ASSERT( mbedtls_cipher_update( NULL, buf, 0, buf, &olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_update( &ctx, buf, 0, buf, &olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_cipher_finish( NULL, buf, &olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_finish( &ctx, buf, &olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- TEST_ASSERT( mbedtls_cipher_write_tag( NULL, buf, olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_write_tag( &ctx, buf, olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
- TEST_ASSERT( mbedtls_cipher_check_tag( NULL, buf, olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_cipher_check_tag( &ctx, buf, olen )
- == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-#endif
}
/* END_CASE */
@@ -97,11 +47,15 @@
mbedtls_cipher_context_t invalid_ctx;
mbedtls_cipher_context_t valid_ctx;
+ mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
mbedtls_operation_t invalid_operation = 100;
mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int valid_size = sizeof(valid_buffer);
int valid_bitlen = valid_size * 8;
+ const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
+ *( mbedtls_cipher_list() ) );
+
size_t size_t_var;
/* mbedtls_cipher_init() */
@@ -110,24 +64,108 @@
TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) );
+ /* mbedtls_cipher_setup() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_setup( NULL, valid_info ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_setup( &valid_ctx, NULL ) );
+
/* mbedtls_cipher_setkey() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_setkey( NULL,
+ valid_buffer,
+ valid_bitlen,
+ valid_operation ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_setkey( &invalid_ctx,
+ valid_buffer,
+ valid_bitlen,
+ valid_operation ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_setkey( &valid_ctx,
+ NULL,
+ valid_bitlen,
+ valid_operation ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
mbedtls_cipher_setkey( &valid_ctx,
valid_buffer,
valid_bitlen,
invalid_operation ) );
+ /* mbedtls_cipher_set_iv() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_set_iv( NULL,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_set_iv( &invalid_ctx,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_set_iv( &valid_ctx,
+ NULL,
+ valid_size ) );
+
+ /* mbedtls_cipher_reset() */
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_reset( NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_reset( &invalid_ctx ) );
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
+ /* mbedtls_cipher_update_ad() */
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update_ad( NULL,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update_ad( &invalid_ctx,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update_ad( &valid_ctx,
+ NULL,
+ valid_size ) );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/* mbedtls_cipher_set_padding_mode() */
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
mbedtls_cipher_set_padding_mode( NULL, valid_mode ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
mbedtls_cipher_set_padding_mode( &invalid_ctx,
valid_mode ) );
+#endif
/* mbedtls_cipher_update() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update( NULL,
+ valid_buffer,
+ valid_size,
+ valid_buffer,
+ &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_update( &invalid_ctx,
+ valid_buffer,
+ valid_size,
+ valid_buffer,
+ &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
mbedtls_cipher_update( &valid_ctx,
NULL, valid_size,
valid_buffer,
@@ -148,6 +186,16 @@
/* mbedtls_cipher_finish() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_finish( NULL,
+ valid_buffer,
+ &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_finish( &invalid_ctx,
+ valid_buffer,
+ &size_t_var ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
mbedtls_cipher_finish( &valid_ctx,
NULL,
&size_t_var ) );
@@ -157,9 +205,20 @@
valid_buffer,
NULL ) );
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
/* mbedtls_cipher_write_tag() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_write_tag( NULL,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_write_tag( &invalid_ctx,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
mbedtls_cipher_write_tag( &valid_ctx,
NULL,
valid_size ) );
@@ -167,9 +226,20 @@
/* mbedtls_cipher_check_tag() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_check_tag( NULL,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
+ mbedtls_cipher_check_tag( &invalid_ctx,
+ valid_buffer,
+ valid_size ) );
+ TEST_INVALID_PARAM_RET(
+ MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
mbedtls_cipher_check_tag( &valid_ctx,
NULL,
valid_size ) );
+#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
/* mbedtls_cipher_crypt() */
TEST_INVALID_PARAM_RET(
@@ -209,6 +279,7 @@
valid_buffer, valid_size,
valid_buffer, NULL ) );
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
/* mbedtls_cipher_auth_encrypt() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
@@ -340,6 +411,7 @@
valid_buffer, valid_size,
valid_buffer, &size_t_var,
NULL, valid_size ) );
+#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */
/* mbedtls_cipher_free() */
TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) );