diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2022-09-28 11:49:54 +0200 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2022-09-28 11:49:54 +0200 |
| commit | 753d0763ef43dd12aa96db2dc1c297fde3c4dfc9 (patch) | |
| tree | 712673e3556e9613ec788c1ac9ec846ff603f79e | |
| parent | a1ca3b0161a654b493a59a96d804927a3777908e (diff) | |
| download | nettle-753d0763ef43dd12aa96db2dc1c297fde3c4dfc9.tar.gz | |
Stricter validation of nettle_cipher and nettle_hash in tests.
Increase NETTLE_MAX_HASH_BLOCK_SIZE to 144, to accommodate sha3_224.
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | nettle-internal.h | 4 | ||||
| -rw-r--r-- | testsuite/meta-cipher-test.c | 8 | ||||
| -rw-r--r-- | testsuite/meta-hash-test.c | 1 |
4 files changed, 17 insertions, 4 deletions
@@ -1,5 +1,13 @@ 2022-09-28 Niels Möller <nisse@lysator.liu.se> + * testsuite/meta-hash-test.c (test_main): Add check of + NETTLE_MAX_HASH_BLOCK_SIZE. + * nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE): Increase to 144, + to accommodate sha3_224. + * testsuite/meta-cipher-test.c (test_main): Check that cipher + metadata doesn't exceed NETTLE_MAX_CIPHER_BLOCK_SIZE or + NETTLE_MAX_CIPHER_KEY_SIZE. + From Daiki Ueno: * siv-gcm.c (siv_gcm_encrypt_message, siv_gcm_decrypt_message): New file, implementation of SIV-GCM. diff --git a/nettle-internal.h b/nettle-internal.h index b7726d68..bf906c88 100644 --- a/nettle-internal.h +++ b/nettle-internal.h @@ -74,8 +74,8 @@ do { assert((size_t)(size) <= (sizeof(name))); } while (0) #endif -/* Arbitrary limits which apply to systems that don't have alloca */ -#define NETTLE_MAX_HASH_BLOCK_SIZE 128 +/* Limits that apply to systems that don't have alloca */ +#define NETTLE_MAX_HASH_BLOCK_SIZE 144 /* For sha3_224*/ #define NETTLE_MAX_HASH_DIGEST_SIZE 64 #define NETTLE_MAX_HASH_CONTEXT_SIZE (sizeof(struct sha3_224_ctx)) #define NETTLE_MAX_SEXP_ASSOC 17 diff --git a/testsuite/meta-cipher-test.c b/testsuite/meta-cipher-test.c index 62488b7f..912fac5a 100644 --- a/testsuite/meta-cipher-test.c +++ b/testsuite/meta-cipher-test.c @@ -1,5 +1,6 @@ #include "testutils.h" #include "nettle-meta.h" +#include "nettle-internal.h" const char* ciphers[] = { "aes128", @@ -35,8 +36,11 @@ test_main(void) ASSERT(NULL != nettle_ciphers[j]); /* make sure we found a matching cipher */ } j = 0; - while (NULL != nettle_ciphers[j]) - j++; + for (j = 0; NULL != nettle_ciphers[j]; j++) + { + ASSERT(nettle_ciphers[j]->block_size <= NETTLE_MAX_CIPHER_BLOCK_SIZE); + ASSERT(nettle_ciphers[j]->key_size <= NETTLE_MAX_CIPHER_KEY_SIZE); + } ASSERT(j == count); /* we are not missing testing any ciphers */ } diff --git a/testsuite/meta-hash-test.c b/testsuite/meta-hash-test.c index 3aed43fc..6a15e7db 100644 --- a/testsuite/meta-hash-test.c +++ b/testsuite/meta-hash-test.c @@ -36,6 +36,7 @@ test_main(void) } for (i = 0; NULL != nettle_hashes[i]; i++) { + ASSERT(nettle_hashes[i]->block_size <= NETTLE_MAX_HASH_BLOCK_SIZE); ASSERT(nettle_hashes[i]->digest_size <= NETTLE_MAX_HASH_DIGEST_SIZE); ASSERT(nettle_hashes[i]->context_size <= NETTLE_MAX_HASH_CONTEXT_SIZE); } |