Merge pull request #5306 from gilles-peskine-arm/test-missing-ret-check-202112-2.x

Backport 2.x: Missing error checks + test bug on unlikely failure
2024-11-26 03:55:39 +01:00 · 2021-12-10 17:41:49 +01:00 · 2021-12-10 17:41:49 +01:00 · 18a59b7d4c
commit 18a59b7d4c
parent 362d6efbde 3fc0d30447
2 changed files with 62 additions and 13 deletions
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@ -367,7 +367,11 @@ int main( int argc, char *argv[] )
            goto exit;
        }

-        mbedtls_md_hmac_starts( &md_ctx, digest, 32 );
+        if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
+        {
+            mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
+            goto exit;
+        }

        /*
         * Encrypt and write the ciphertext.
@ -389,7 +393,11 @@ int main( int argc, char *argv[] )
                goto exit;
            }

-            mbedtls_md_hmac_update( &md_ctx, output, olen );
+            if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
+            {
+                mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
+                goto exit;
+            }

            if( fwrite( output, 1, olen, fout ) != olen )
            {
@ -403,7 +411,11 @@ int main( int argc, char *argv[] )
            mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
            goto exit;
        }
-        mbedtls_md_hmac_update( &md_ctx, output, olen );
+        if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
+        {
+            mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
+            goto exit;
+        }

        if( fwrite( output, 1, olen, fout ) != olen )
        {
@ -414,7 +426,11 @@ int main( int argc, char *argv[] )
        /*
         * Finally write the HMAC.
         */
-        mbedtls_md_hmac_finish( &md_ctx, digest );
+        if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
+        {
+            mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
+            goto exit;
+        }

        if( fwrite( digest, 1, mbedtls_md_get_size( md_info ), fout ) != mbedtls_md_get_size( md_info ) )
        {
@ -483,10 +499,26 @@ int main( int argc, char *argv[] )

        for( i = 0; i < 8192; i++ )
        {
-            mbedtls_md_starts( &md_ctx );
-            mbedtls_md_update( &md_ctx, digest, 32 );
-            mbedtls_md_update( &md_ctx, key, keylen );
-            mbedtls_md_finish( &md_ctx, digest );
+            if( mbedtls_md_starts( &md_ctx ) != 0 )
+            {
+                mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
+                goto exit;
+            }
+            if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
+            {
+                mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
+                goto exit;
+            }
+            if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
+            {
+                mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
+                goto exit;
+            }
+            if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
+            {
+                mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
+                goto exit;
+            }
        }

        if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
@ -508,7 +540,11 @@ int main( int argc, char *argv[] )
            goto exit;
        }

-        mbedtls_md_hmac_starts( &md_ctx, digest, 32 );
+        if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
+        {
+            mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
+            goto exit;
+        }

        /*
         * Decrypt and write the plaintext.
@ -525,7 +561,11 @@ int main( int argc, char *argv[] )
                goto exit;
            }

-            mbedtls_md_hmac_update( &md_ctx, buffer, ilen );
+            if( mbedtls_md_hmac_update( &md_ctx, buffer, ilen ) != 0 )
+            {
+                mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
+                goto exit;
+            }
            if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output,
                                       &olen ) != 0 )
            {
@ -543,7 +583,11 @@ int main( int argc, char *argv[] )
        /*
         * Verify the message authentication code.
         */
-        mbedtls_md_hmac_finish( &md_ctx, digest );
+        if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
+        {
+            mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
+            goto exit;
+        }

        if( fread( buffer, 1, mbedtls_md_get_size( md_info ), fin ) != mbedtls_md_get_size( md_info ) )
        {
@ -566,7 +610,11 @@ int main( int argc, char *argv[] )
        /*
         * Write the final block of data
         */
-        mbedtls_cipher_finish( &cipher_ctx, output, &olen );
+        if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
+        {
+            mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
+            goto exit;
+        }

        if( fwrite( output, 1, olen, fout ) != olen )
        {
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@ -102,9 +102,10 @@ void cipher_invalid_param_unconditional( )
    (void)valid_mode; /* In some configurations this is unused */

    mbedtls_cipher_init( &valid_ctx );
-    TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, valid_info ) == 0 );
    mbedtls_cipher_init( &invalid_ctx );

+    TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, valid_info ) == 0 );
+
    /* mbedtls_cipher_setup() */
    TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) ==
                 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );