Merge pull request #5297 from paul-elliott-arm/test_suite_cipher_returns
Add checked return to cipher setup in Cipher tests
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 3e599b9..21ce882 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -67,9 +67,17 @@
#endif /* !MBEDTLS_CMAC_ALT */
/**
- * \brief This function sets the CMAC key, and prepares to authenticate
+ * \brief This function starts a new CMAC computation
+ * by setting the CMAC key, and preparing to authenticate
* the input data.
- * Must be called with an initialized cipher context.
+ * It must be called with an initialized cipher context.
+ *
+ * Once this function has completed, data can be supplied
+ * to the CMAC computation by calling
+ * mbedtls_cipher_cmac_update().
+ *
+ * To start a CMAC computation using the same key as a previous
+ * CMAC computation, use mbedtls_cipher_cmac_finish().
*
* \note When the CMAC implementation is supplied by an alternate
* implementation (through #MBEDTLS_CMAC_ALT), some ciphers
@@ -95,9 +103,15 @@
* \brief This function feeds an input buffer into an ongoing CMAC
* computation.
*
- * It is called between mbedtls_cipher_cmac_starts() or
- * mbedtls_cipher_cmac_reset(), and mbedtls_cipher_cmac_finish().
- * Can be called repeatedly.
+ * The CMAC computation must have previously been started
+ * by calling mbedtls_cipher_cmac_starts() or
+ * mbedtls_cipher_cmac_reset().
+ *
+ * Call this function as many times as needed to input the
+ * data to be authenticated.
+ * Once all of the required data has been input,
+ * call mbedtls_cipher_cmac_finish() to obtain the result
+ * of the CMAC operation.
*
* \param ctx The cipher context used for the CMAC operation.
* \param input The buffer holding the input data.
@@ -111,12 +125,13 @@
const unsigned char *input, size_t ilen );
/**
- * \brief This function finishes the CMAC operation, and writes
- * the result to the output buffer.
+ * \brief This function finishes an ongoing CMAC operation, and
+ * writes the result to the output buffer.
*
- * It is called after mbedtls_cipher_cmac_update().
- * It can be followed by mbedtls_cipher_cmac_reset() and
- * mbedtls_cipher_cmac_update(), or mbedtls_cipher_free().
+ * It should be followed either by
+ * mbedtls_cipher_cmac_reset(), which starts another CMAC
+ * operation with the same key, or mbedtls_cipher_free(),
+ * which clears the cipher context.
*
* \param ctx The cipher context used for the CMAC operation.
* \param output The output buffer for the CMAC checksum result.
@@ -129,12 +144,14 @@
unsigned char *output );
/**
- * \brief This function prepares the authentication of another
- * message with the same key as the previous CMAC
- * operation.
+ * \brief This function starts a new CMAC operation with the same
+ * key as the previous one.
*
- * It is called after mbedtls_cipher_cmac_finish()
- * and before mbedtls_cipher_cmac_update().
+ * It should be called after finishing the previous CMAC
+ * operation with mbedtls_cipher_cmac_finish().
+ * After calling this function,
+ * call mbedtls_cipher_cmac_update() to supply the new
+ * CMAC operation with data.
*
* \param ctx The cipher context used for the CMAC operation.
*
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 5ed2ece..9ff5351 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -277,10 +277,27 @@
p = argv[2];
- mbedtls_md_starts( &md_ctx );
- mbedtls_md_update( &md_ctx, buffer, 8 );
- mbedtls_md_update( &md_ctx, (unsigned char *) p, strlen( p ) );
- mbedtls_md_finish( &md_ctx, digest );
+ if( mbedtls_md_starts( &md_ctx ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
+ goto exit;
+ }
+ if( mbedtls_md_update( &md_ctx, buffer, 8 ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
+ goto exit;
+ }
+ if( mbedtls_md_update( &md_ctx, ( unsigned char * ) p, strlen( p ) )
+ != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
+ goto exit;
+ }
+ if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
+ {
+ mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
+ goto exit;
+ }
memcpy( IV, digest, 16 );
@@ -302,10 +319,30 @@
for( i = 0; i < 8192; i++ )
{
- mbedtls_md_starts( &md_ctx );
- mbedtls_md_update( &md_ctx, digest, 32 );
- mbedtls_md_update( &md_ctx, key, keylen );
- mbedtls_md_finish( &md_ctx, digest );
+ if( mbedtls_md_starts( &md_ctx ) != 0 )
+ {
+ mbedtls_fprintf( stderr,
+ "mbedtls_md_starts() returned error\n" );
+ goto exit;
+ }
+ if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
+ {
+ mbedtls_fprintf( stderr,
+ "mbedtls_md_update() returned error\n" );
+ goto exit;
+ }
+ if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
+ {
+ mbedtls_fprintf( stderr,
+ "mbedtls_md_update() returned error\n" );
+ goto exit;
+ }
+ if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
+ {
+ mbedtls_fprintf( stderr,
+ "mbedtls_md_finish() returned error\n" );
+ goto exit;
+ }
}
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index 5ad9120..62c3cc5 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -20,6 +20,7 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "mbedtls/build_info.h"
+#include "mbedtls/debug.h"
#include <stdio.h>
#include <stdlib.h>
@@ -161,6 +162,7 @@
}
}
+MBEDTLS_PRINTF_ATTRIBUTE( 1, 2 )
void printf_err( const char *str, ... )
{
va_list args;
@@ -219,7 +221,13 @@
error_exit();
}
- if( ( b64_file = fopen( argv[i], "r" ) ) == NULL )
+ if( NULL != b64_file )
+ {
+ printf_err( "Cannot specify more than one file with -f\n" );
+ error_exit( );
+ }
+
+ if( ( b64_file = fopen( argv[i], "r" )) == NULL )
{
printf_err( "Cannot find file \"%s\"\n", argv[i] );
error_exit();
@@ -461,7 +469,8 @@
}
else if( len > *max_len )
{
- printf_err( "The code found is too large by %u bytes.\n", len - *max_len );
+ printf_err( "The code found is too large by %" MBEDTLS_PRINTF_SIZET " bytes.\n",
+ len - *max_len );
len = pad = 0;
}
else if( len % 4 != 0 )
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index c1bc17c..e035a48 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4332,7 +4332,7 @@
corrupt_config == 1 };
mbedtls_ssl_session_init( &session );
- ssl_populate_session_tls12( &session, 0, NULL );
+ TEST_ASSERT( ssl_populate_session_tls12( &session, 0, NULL ) == 0 );
/* Infer length of serialized session. */
TEST_ASSERT( mbedtls_ssl_session_save( &session,
@@ -4904,7 +4904,7 @@
mbedtls_ssl_context ssl;
mbedtls_ssl_init( &ssl );
- mbedtls_ssl_setup( &ssl, &conf );
+ TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
TEST_ASSERT( ssl.handshake != NULL && ssl.handshake->group_list != NULL );
TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list == NULL );
@@ -4937,7 +4937,7 @@
mbedtls_ssl_context ssl;
mbedtls_ssl_init( &ssl );
- mbedtls_ssl_setup( &ssl, &conf );
+ TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
TEST_ASSERT( ssl.conf != NULL && ssl.conf->group_list != NULL );