Add tests for mbedtls_cipher_crypt API

1. Add tests for 'mbedtls_cipher_crypt()' API 2. Resolves Mbed-TLS#1091, by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
RonEld · Jun 21, 2018 · cf2305e · cf2305e
1 parent 88e414f
commit cf2305e
Show file tree

Hide file tree

Showing 4 changed files with 689 additions and 3 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Ignore iv in mbedtls_cipher_set_iv() when the cipher mode is MBEDTLS_MODE_ECB
+     Fix for #1091 raised by ezdevelop
+
 = mbed TLS 2.7.4 branch released 2018-06-18
 
 Bugfix

diff --git a/library/cipher.c b/library/cipher.c
@@ -215,10 +215,15 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
                    const unsigned char *iv, size_t iv_len )
 {
     size_t actual_iv_size;
-
-    if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
+    if( NULL == ctx || NULL == ctx->cipher_info ||
+        ( NULL == iv && ( ctx->cipher_info->mode != MBEDTLS_MODE_ECB ) ) )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
+    if ( ctx->cipher_info->mode == MBEDTLS_MODE_ECB  )
+    {
+            ctx->iv_size = 0;
+            return ( 0 );
+    }
     /* avoid buffer overflow in ctx->iv */
     if( iv_len > MBEDTLS_MAX_IV_LENGTH )
         return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );