From: Niels Möller Date: Wed, 28 Sep 2022 09:49:54 +0000 (+0200) Subject: Stricter validation of nettle_cipher and nettle_hash in tests. X-Git-Tag: nettle_3.9_release_20230514~56 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=753d0763ef43dd12aa96db2dc1c297fde3c4dfc9;p=thirdparty%2Fnettle.git Stricter validation of nettle_cipher and nettle_hash in tests. Increase NETTLE_MAX_HASH_BLOCK_SIZE to 144, to accommodate sha3_224. --- diff --git a/ChangeLog b/ChangeLog index 72ac98f2..93da4856 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2022-09-28 Niels Möller + * testsuite/meta-hash-test.c (test_main): Add check of + NETTLE_MAX_HASH_BLOCK_SIZE. + * nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE): Increase to 144, + to accommodate sha3_224. + * testsuite/meta-cipher-test.c (test_main): Check that cipher + metadata doesn't exceed NETTLE_MAX_CIPHER_BLOCK_SIZE or + NETTLE_MAX_CIPHER_KEY_SIZE. + From Daiki Ueno: * siv-gcm.c (siv_gcm_encrypt_message, siv_gcm_decrypt_message): New file, implementation of SIV-GCM. diff --git a/nettle-internal.h b/nettle-internal.h index b7726d68..bf906c88 100644 --- a/nettle-internal.h +++ b/nettle-internal.h @@ -74,8 +74,8 @@ do { assert((size_t)(size) <= (sizeof(name))); } while (0) #endif -/* Arbitrary limits which apply to systems that don't have alloca */ -#define NETTLE_MAX_HASH_BLOCK_SIZE 128 +/* Limits that apply to systems that don't have alloca */ +#define NETTLE_MAX_HASH_BLOCK_SIZE 144 /* For sha3_224*/ #define NETTLE_MAX_HASH_DIGEST_SIZE 64 #define NETTLE_MAX_HASH_CONTEXT_SIZE (sizeof(struct sha3_224_ctx)) #define NETTLE_MAX_SEXP_ASSOC 17 diff --git a/testsuite/meta-cipher-test.c b/testsuite/meta-cipher-test.c index 62488b7f..912fac5a 100644 --- a/testsuite/meta-cipher-test.c +++ b/testsuite/meta-cipher-test.c @@ -1,5 +1,6 @@ #include "testutils.h" #include "nettle-meta.h" +#include "nettle-internal.h" const char* ciphers[] = { "aes128", @@ -35,8 +36,11 @@ test_main(void) ASSERT(NULL != nettle_ciphers[j]); /* make sure we found a matching cipher */ } j = 0; - while (NULL != nettle_ciphers[j]) - j++; + for (j = 0; NULL != nettle_ciphers[j]; j++) + { + ASSERT(nettle_ciphers[j]->block_size <= NETTLE_MAX_CIPHER_BLOCK_SIZE); + ASSERT(nettle_ciphers[j]->key_size <= NETTLE_MAX_CIPHER_KEY_SIZE); + } ASSERT(j == count); /* we are not missing testing any ciphers */ } diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c index 3aed43fc..6a15e7db 100644 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@ -36,6 +36,7 @@ test_main(void) } for (i = 0; NULL != nettle_hashes[i]; i++) { + ASSERT(nettle_hashes[i]->block_size <= NETTLE_MAX_HASH_BLOCK_SIZE); ASSERT(nettle_hashes[i]->digest_size <= NETTLE_MAX_HASH_DIGEST_SIZE); ASSERT(nettle_hashes[i]->context_size <= NETTLE_MAX_HASH_CONTEXT_SIZE); }