Commit 6a3c0d2d authored by Brian Murray's avatar Brian Murray Committed by Simon Butcher

Do not zeroize null pointer

parent 4b64ab66
......@@ -82,11 +82,14 @@ static int cmac_multiply_by_u( unsigned char *output,
starting_index = blocksize -1;
if( blocksize == 16 ){
if( blocksize == 16 )
{
R_n = R_128;
} else if( blocksize == 8 ) {
} else if( blocksize == 8 )
{
R_n = R_64;
} else {
} else
{
return( MBEDTLS_ERR_CMAC_BAD_INPUT );
}
......@@ -122,7 +125,6 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx )
unsigned char *L;
size_t olen, block_size;
ret = 0;
block_size = ctx->cipher_ctx.cipher_info->block_size;
L = mbedtls_calloc( block_size, sizeof( unsigned char ) );
......@@ -143,7 +145,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx )
*/
if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size ) ) != 0 )
goto exit;
if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 )
if( ( ret = cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 )
goto exit;
exit:
......@@ -203,8 +205,10 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx )
mbedtls_cipher_free( &ctx->cipher_ctx );
mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) );
mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) );
if( ctx->K1 != NULL )
mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) );
if( ctx->K2 != NULL )
mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) );
mbedtls_free( ctx->K1 );
mbedtls_free( ctx->K2 );
}
......@@ -261,7 +265,6 @@ do { \
int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
const unsigned char *input, size_t in_len,
unsigned char *tag, size_t tag_len )
{
unsigned char *state;
unsigned char *M_last;
......@@ -389,7 +392,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
mbedtls_cmac_init( &zero_ctx );
memset( zero_key, 0, 16 );
ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES,
zero_key, 8 * sizeof zero_key );
zero_key, 8 * sizeof( zero_key ) );
if( ret != 0 )
goto exit;
......@@ -399,17 +402,16 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
}
ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
int_key, 8 * sizeof int_key );
int_key, 8 * sizeof( int_key ) );
if( ret != 0 )
goto exit;
mbedtls_zeroize( int_key, sizeof( int_key ) );
ret = mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 );
exit:
mbedtls_cmac_free( &ctx );
return( ret );
mbedtls_zeroize( int_key, sizeof( int_key ) );
mbedtls_cmac_free( &ctx );
return( ret );
}
#endif /* MBEDTLS_AES_C */
......@@ -680,7 +682,8 @@ int test_cmac_with_cipher( int verbose,
unsigned char* tag;
tag = mbedtls_calloc( block_size, sizeof( unsigned char ) );
if( tag == NULL ){
if( tag == NULL )
{
ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED;
goto exit;
}
......@@ -735,7 +738,8 @@ int test_cmac_with_cipher( int verbose,
}
#ifdef MBEDTLS_AES_C
int test_aes128_cmac_prf( int verbose ) {
int test_aes128_cmac_prf( int verbose )
{
int i;
int ret;
unsigned char tag[16];
......@@ -794,14 +798,14 @@ int mbedtls_cmac_self_test( int verbose )
if( ( ret = test_cmac_with_cipher ( verbose,
"AES 256",
aes_256_key,
256,
test_message,
aes_message_lengths,
(const unsigned char*) aes_256_subkeys,
(const unsigned char*) aes_256_expected_result,
MBEDTLS_CIPHER_ID_AES,
AES_BLOCK_SIZE ) !=0 ) )
aes_256_key,
256,
test_message,
aes_message_lengths,
(const unsigned char*) aes_256_subkeys,
(const unsigned char*) aes_256_expected_result,
MBEDTLS_CIPHER_ID_AES,
AES_BLOCK_SIZE ) !=0 ) )
{
return( ret );
}
......@@ -810,28 +814,28 @@ int mbedtls_cmac_self_test( int verbose )
#ifdef MBEDTLS_DES_C
if( ( ret = test_cmac_with_cipher( verbose,
"3DES 2 key",
des3_2key_key,
192,
test_message,
des3_message_lengths,
(const unsigned char*) des3_2key_subkeys,
(const unsigned char*) des3_2key_expected_result,
MBEDTLS_CIPHER_ID_3DES,
DES3_BLOCK_SIZE ) !=0 ) )
des3_2key_key,
192,
test_message,
des3_message_lengths,
(const unsigned char*) des3_2key_subkeys,
(const unsigned char*) des3_2key_expected_result,
MBEDTLS_CIPHER_ID_3DES,
DES3_BLOCK_SIZE ) !=0 ) )
{
return( ret );
}
if( ( ret = test_cmac_with_cipher( verbose,
"3DES 3 key",
des3_3key_key,
192,
test_message,
des3_message_lengths,
(const unsigned char*) des3_3key_subkeys,
(const unsigned char*) des3_3key_expected_result,
MBEDTLS_CIPHER_ID_3DES,
DES3_BLOCK_SIZE ) !=0 ) )
des3_3key_key,
192,
test_message,
des3_message_lengths,
(const unsigned char*) des3_3key_subkeys,
(const unsigned char*) des3_3key_expected_result,
MBEDTLS_CIPHER_ID_3DES,
DES3_BLOCK_SIZE ) !=0 ) )
{
return( ret );
}
......@@ -840,7 +844,6 @@ int mbedtls_cmac_self_test( int verbose )
#ifdef MBEDTLS_AES_C
if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) )
return( ret );
#endif /* MBEDTLS_AES_C */
if( verbose != 0 )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment