From 043aa9e2a2013b1a9472420f75b616b98f494777 Mon Sep 17 00:00:00 2001
From: Andre Goddard Rosa <agoddardrosa@roku.com>
Date: Thu, 2 May 2024 09:51:49 -0500
Subject: [PATCH] Add check ensuring output is set to the least-harmful value
 in error cases

With the robustness fix:
`PASSED (125 suites, 26639 tests run)`

Without the robustness fix:
`FAILED (125 suites, 26639 tests run)`

Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
---
 tests/suites/test_suite_cipher.function | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index aca415095..8e49d2d3b 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -549,6 +549,10 @@ void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val,
     /* encode length number of bytes from inbuf */
     TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen));
     TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen));
+    if (0 != ret) {
+        /* Check output parameter is set to the least-harmful value on error */
+        TEST_ASSERT(0 == outlen);
+    }
 
     /* done */
 exit:
@@ -826,6 +830,10 @@ void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key,
     total_len += outlen;
     TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen,
                                                        &outlen));
+    if (0 != finish_result) {
+        /* Check output parameter is set to the least-harmful value on error */
+        TEST_ASSERT(0 == outlen);
+    }
     total_len += outlen;
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM ||