Merge pull request #4593 from gilles-peskine-arm/remove-duplicated-ASSERT_ALLOC-2.x

Backport 2.x: Fix null pointer arithmetic in NIST_KW
This commit is contained in:
Gilles Peskine 2021-06-01 16:40:26 +02:00 committed by GitHub
commit 2c5be61e99
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 40 deletions

View file

@ -189,8 +189,6 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
uint64_t t = 0; uint64_t t = 0;
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2]; unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2]; unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
unsigned char *A = output;
*out_len = 0; *out_len = 0;
/* /*
@ -266,6 +264,9 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
} }
else else
{ {
unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
unsigned char *A = output;
/* /*
* Do the wrapping function W, as defined in RFC 3394 section 2.2.1 * Do the wrapping function W, as defined in RFC 3394 section 2.2.1
*/ */
@ -329,7 +330,7 @@ static int unwrap( mbedtls_nist_kw_context *ctx,
uint64_t t = 0; uint64_t t = 0;
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2]; unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2]; unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char *R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH; unsigned char *R = NULL;
*out_len = 0; *out_len = 0;
if( semiblocks < MIN_SEMIBLOCKS_COUNT ) if( semiblocks < MIN_SEMIBLOCKS_COUNT )
@ -339,6 +340,7 @@ static int unwrap( mbedtls_nist_kw_context *ctx,
memcpy( A, input, KW_SEMIBLOCK_LENGTH ); memcpy( A, input, KW_SEMIBLOCK_LENGTH );
memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH ); memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
/* Calculate intermediate values */ /* Calculate intermediate values */
for( t = s; t >= 1; t-- ) for( t = s; t >= 1; t-- )

View file

@ -282,38 +282,6 @@
#define TEST_VALID_PARAM( TEST ) \ #define TEST_VALID_PARAM( TEST ) \
TEST_ASSERT( ( TEST, 1 ) ); TEST_ASSERT( ( TEST, 1 ) );
/** Allocate memory dynamically and fail the test case if this fails.
*
* You must set \p pointer to \c NULL before calling this macro and
* put `mbedtls_free( pointer )` in the test's cleanup code.
*
* If \p length is zero, the resulting \p pointer will be \c NULL.
* This is usually what we want in tests since API functions are
* supposed to accept null pointers when a buffer size is zero.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
* \param pointer An lvalue where the address of the allocated buffer
* will be stored.
* This expression may be evaluated multiple times.
* \param length Number of elements to allocate.
* This expression may be evaluated multiple times.
*
*/
#define ASSERT_ALLOC( pointer, length ) \
do \
{ \
TEST_ASSERT( ( pointer ) == NULL ); \
if( ( length ) != 0 ) \
{ \
( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
( length ) ); \
TEST_ASSERT( ( pointer ) != NULL ); \
} \
} \
while( 0 )
#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ #define TEST_HELPER_ASSERT(a) if( !( a ) ) \
{ \ { \
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \

View file

@ -989,7 +989,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
Parse EC Key #1 (SEC1 DER) Parse EC Key #1 (SEC1 DER)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
Parse EC Key #2 (SEC1 PEM) Parse EC Key #2 (SEC1 PEM)
@ -1005,15 +1005,15 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
Parse EC Key #4a (PKCS8 DER, no public key) Parse EC Key #4a (PKCS8 DER, no public key)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
Parse EC Key #4b (PKCS8 DER, no public key, with parameters) Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
Parse EC Key #4c (PKCS8 DER, with parameters) Parse EC Key #4c (PKCS8 DER, with parameters)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
Parse EC Key #5 (PKCS8 PEM) Parse EC Key #5 (PKCS8 PEM)
@ -1069,7 +1069,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain) Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Key ASN1 (No data) Key ASN1 (No data)