Do not zeroize null pointer
This commit is contained in:
Brian Murray
Simon Butcher
parent
cdd1f6d96c
commit
4e067035b7
1 changed files with 44 additions and 41 deletions
|
|
@ -82,11 +82,14 @@ static int cmac_multiply_by_u( unsigned char *output,
|
|||
|
||||
starting_index = blocksize -1;
|
||||
|
||||
if( blocksize == 16 ){
|
||||
if( blocksize == 16 )
|
||||
{
|
||||
R_n = R_128;
|
||||
} else if( blocksize == 8 ) {
|
||||
} else if( blocksize == 8 )
|
||||
{
|
||||
R_n = R_64;
|
||||
} else {
|
||||
} else
|
||||
{
|
||||
return( MBEDTLS_ERR_CMAC_BAD_INPUT );
|
||||
}
|
||||
|
||||
|
|
@ -122,7 +125,6 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx )
|
|||
unsigned char *L;
|
||||
size_t olen, block_size;
|
||||
|
||||
ret = 0;
|
||||
block_size = ctx->cipher_ctx.cipher_info->block_size;
|
||||
|
||||
L = mbedtls_calloc( block_size, sizeof( unsigned char ) );
|
||||
|
|
@ -143,7 +145,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx )
|
|||
*/
|
||||
if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size ) ) != 0 )
|
||||
goto exit;
|
||||
if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 )
|
||||
if( ( ret = cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
exit:
|
||||
|
|
@ -203,8 +205,10 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx )
|
|||
|
||||
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||
|
||||
mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) );
|
||||
mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) );
|
||||
if( ctx->K1 != NULL )
|
||||
mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) );
|
||||
if( ctx->K2 != NULL )
|
||||
mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) );
|
||||
mbedtls_free( ctx->K1 );
|
||||
mbedtls_free( ctx->K2 );
|
||||
}
|
||||
|
|
@ -261,7 +265,6 @@ do { \
|
|||
int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
|
||||
const unsigned char *input, size_t in_len,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
|
||||
{
|
||||
unsigned char *state;
|
||||
unsigned char *M_last;
|
||||
|
|
@ -389,7 +392,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
|
|||
mbedtls_cmac_init( &zero_ctx );
|
||||
memset( zero_key, 0, 16 );
|
||||
ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES,
|
||||
zero_key, 8 * sizeof zero_key );
|
||||
zero_key, 8 * sizeof( zero_key ) );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
|
|
@ -399,17 +402,16 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
|
|||
}
|
||||
|
||||
ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
|
||||
int_key, 8 * sizeof int_key );
|
||||
int_key, 8 * sizeof( int_key ) );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
mbedtls_zeroize( int_key, sizeof( int_key ) );
|
||||
|
||||
ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 );
|
||||
|
||||
exit:
|
||||
mbedtls_cmac_free( &ctx );
|
||||
return( ret );
|
||||
mbedtls_zeroize( int_key, sizeof( int_key ) );
|
||||
mbedtls_cmac_free( &ctx );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
|
|
@ -680,7 +682,8 @@ int test_cmac_with_cipher( int verbose,
|
|||
unsigned char* tag;
|
||||
|
||||
tag = mbedtls_calloc( block_size, sizeof( unsigned char ) );
|
||||
if( tag == NULL ){
|
||||
if( tag == NULL )
|
||||
{
|
||||
ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED;
|
||||
goto exit;
|
||||
}
|
||||
|
|
@ -735,7 +738,8 @@ int test_cmac_with_cipher( int verbose,
|
|||
}
|
||||
|
||||
#ifdef MBEDTLS_AES_C
|
||||
int test_aes128_cmac_prf( int verbose ) {
|
||||
int test_aes128_cmac_prf( int verbose )
|
||||
{
|
||||
int i;
|
||||
int ret;
|
||||
unsigned char tag[16];
|
||||
|
|
@ -794,14 +798,14 @@ int mbedtls_cmac_self_test( int verbose )
|
|||
|
||||
if( ( ret = test_cmac_with_cipher ( verbose,
|
||||
"AES 256",
|
||||
aes_256_key,
|
||||
256,
|
||||
test_message,
|
||||
aes_message_lengths,
|
||||
(const unsigned char*) aes_256_subkeys,
|
||||
(const unsigned char*) aes_256_expected_result,
|
||||
MBEDTLS_CIPHER_ID_AES,
|
||||
AES_BLOCK_SIZE ) !=0 ) )
|
||||
aes_256_key,
|
||||
256,
|
||||
test_message,
|
||||
aes_message_lengths,
|
||||
(const unsigned char*) aes_256_subkeys,
|
||||
(const unsigned char*) aes_256_expected_result,
|
||||
MBEDTLS_CIPHER_ID_AES,
|
||||
AES_BLOCK_SIZE ) !=0 ) )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
|
@ -810,28 +814,28 @@ int mbedtls_cmac_self_test( int verbose )
|
|||
#ifdef MBEDTLS_DES_C
|
||||
if( ( ret = test_cmac_with_cipher( verbose,
|
||||
"3DES 2 key",
|
||||
des3_2key_key,
|
||||
192,
|
||||
test_message,
|
||||
des3_message_lengths,
|
||||
(const unsigned char*) des3_2key_subkeys,
|
||||
(const unsigned char*) des3_2key_expected_result,
|
||||
MBEDTLS_CIPHER_ID_3DES,
|
||||
DES3_BLOCK_SIZE ) !=0 ) )
|
||||
des3_2key_key,
|
||||
192,
|
||||
test_message,
|
||||
des3_message_lengths,
|
||||
(const unsigned char*) des3_2key_subkeys,
|
||||
(const unsigned char*) des3_2key_expected_result,
|
||||
MBEDTLS_CIPHER_ID_3DES,
|
||||
DES3_BLOCK_SIZE ) !=0 ) )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = test_cmac_with_cipher( verbose,
|
||||
"3DES 3 key",
|
||||
des3_3key_key,
|
||||
192,
|
||||
test_message,
|
||||
des3_message_lengths,
|
||||
(const unsigned char*) des3_3key_subkeys,
|
||||
(const unsigned char*) des3_3key_expected_result,
|
||||
MBEDTLS_CIPHER_ID_3DES,
|
||||
DES3_BLOCK_SIZE ) !=0 ) )
|
||||
des3_3key_key,
|
||||
192,
|
||||
test_message,
|
||||
des3_message_lengths,
|
||||
(const unsigned char*) des3_3key_subkeys,
|
||||
(const unsigned char*) des3_3key_expected_result,
|
||||
MBEDTLS_CIPHER_ID_3DES,
|
||||
DES3_BLOCK_SIZE ) !=0 ) )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
|
@ -840,7 +844,6 @@ int mbedtls_cmac_self_test( int verbose )
|
|||
#ifdef MBEDTLS_AES_C
|
||||
if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) )
|
||||
return( ret );
|
||||
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
if( verbose != 0 )
|
||||
|
|
|
|||
Loading…
Reference in a new issue