Fix off-by-one in iv_off check and add tests

2025-11-03 20:22:59 -05:00 · 2018-12-18 12:09:02 +01:00 · 2018-12-18 12:09:02 +01:00 · e55e103bfe
commit e55e103bfe
parent 5b89c09273
2 changed files with 16 additions and 2 deletions
--- a/library/aes.c
+++ b/library/aes.c
@ -1298,7 +1298,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,

    n = *iv_off;

-    if( n > 16 )
+    if( n > 15 )
        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );

    if( mode == MBEDTLS_AES_DECRYPT )
@ -1394,7 +1394,7 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,

    n = *iv_off;

-    if( n > 16 )
+    if( n > 15 )
        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );

    while( length-- )
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@ -569,6 +569,7 @@ void aes_misc_params( )
 #endif
    const unsigned char in[16] = { 0 };
    unsigned char out[16];
+    size_t size;

    /* These calls accept NULL */
    TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
@ -597,6 +598,19 @@ void aes_misc_params( )
                                        in, in, out )
                 == MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
 #endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    size = 16;
+    TEST_ASSERT( mbedtls_aes_crypt_cfb128( &aes_ctx, MBEDTLS_AES_ENCRYPT, 16,
+                                           &size, out, in, out )
+                 == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+    size = 16;
+    TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
+                 == MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+#endif
 }
 /* END_CASE */