commit 6a3c0d2d678ee2ee43ed1b834129495c4bd4efbb
author Brian Murray <Brian@Clover.com> Fri May 20 18:25:43 2016 -0700
committer Simon Butcher <simon.butcher@arm.com> Wed Oct 05 14:19:17 2016 +0100
tree 9017ca4edb32a9264b4b87699ff8eae65df397cc
parent 4b64ab6664595332845fac7a54c6eaf417471d95

Do not zeroize null pointer

library/cmac.c

diff --git a/library/cmac.c b/library/cmac.c
index d32d1c7..1a6f313 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -82,11 +82,14 @@
 
     starting_index = blocksize -1;
 
-    if( blocksize == 16 ){
+    if( blocksize == 16 )
+    {
         R_n = R_128;
-    } else if( blocksize == 8 ) {
+    } else if( blocksize == 8 )
+    {
         R_n = R_64;
-    } else {
+    } else
+    {
         return( MBEDTLS_ERR_CMAC_BAD_INPUT );
     }
 
@@ -122,7 +125,6 @@
     unsigned char *L;
     size_t olen, block_size;
 
-    ret = 0;
     block_size = ctx->cipher_ctx.cipher_info->block_size;
 
     L = mbedtls_calloc( block_size, sizeof( unsigned char ) );
@@ -143,7 +145,7 @@
      */
     if( ( ret = cmac_multiply_by_u( ctx->K1, L , block_size ) ) != 0 )
         goto exit;
-    if( ( cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 )
+    if( ( ret = cmac_multiply_by_u( ctx->K2, ctx->K1 , block_size ) ) != 0 )
         goto exit;
 
     exit:
@@ -203,8 +205,10 @@
 
     mbedtls_cipher_free( &ctx->cipher_ctx );
 
-    mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) );
-    mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) );
+    if(  ctx->K1 != NULL )
+         mbedtls_zeroize( ctx->K1, block_size * sizeof( unsigned char ) );
+    if(  ctx->K2 != NULL )
+         mbedtls_zeroize( ctx->K2, block_size * sizeof( unsigned char ) );
     mbedtls_free( ctx->K1 );
     mbedtls_free( ctx->K2 );
 }
@@ -261,7 +265,6 @@
 int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
                            const unsigned char *input, size_t in_len,
                            unsigned char *tag, size_t tag_len )
-
 {
     unsigned char *state;
     unsigned char *M_last;
@@ -389,7 +392,7 @@
         mbedtls_cmac_init( &zero_ctx );
         memset( zero_key, 0, 16 );
         ret = mbedtls_cmac_setkey( &zero_ctx, MBEDTLS_CIPHER_ID_AES,
-                                   zero_key, 8 * sizeof zero_key );
+                                   zero_key, 8 * sizeof( zero_key ) );
         if( ret != 0 )
             goto exit;
 
@@ -399,17 +402,16 @@
     }
 
     ret = mbedtls_cmac_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
-                               int_key, 8 * sizeof int_key );
+                               int_key, 8 * sizeof( int_key ) );
     if( ret != 0 )
         goto exit;
 
-    mbedtls_zeroize( int_key, sizeof( int_key ) );
-
     ret =  mbedtls_cmac_generate( &ctx, input, in_len, tag, 16 );
 
     exit:
-	     mbedtls_cmac_free( &ctx );
-	     return( ret );
+        mbedtls_zeroize( int_key, sizeof( int_key ) );
+        mbedtls_cmac_free( &ctx );
+	    return( ret );
 }
 #endif /* MBEDTLS_AES_C */
 
@@ -680,7 +682,8 @@
     unsigned char* tag;
 
     tag = mbedtls_calloc( block_size, sizeof( unsigned char ) );
-    if( tag == NULL ){
+    if( tag == NULL )
+    {
         ret = MBEDTLS_ERR_CMAC_ALLOC_FAILED;
         goto exit;
     }
@@ -735,7 +738,8 @@
 }
 
 #ifdef MBEDTLS_AES_C
-int test_aes128_cmac_prf( int verbose ) {
+int test_aes128_cmac_prf( int verbose )
+{
     int i;
     int ret;
     unsigned char tag[16];
@@ -794,14 +798,14 @@
 
     if( ( ret = test_cmac_with_cipher ( verbose,
                                         "AES 256",
-                                         aes_256_key,
-                                         256,
-                                         test_message,
-                                         aes_message_lengths,
-                                         (const unsigned char*) aes_256_subkeys,
-                                         (const unsigned char*) aes_256_expected_result,
-                                         MBEDTLS_CIPHER_ID_AES,
-                                         AES_BLOCK_SIZE ) !=0 ) )
+                                        aes_256_key,
+                                        256,
+                                        test_message,
+                                        aes_message_lengths,
+                                        (const unsigned char*) aes_256_subkeys,
+                                        (const unsigned char*) aes_256_expected_result,
+                                        MBEDTLS_CIPHER_ID_AES,
+                                        AES_BLOCK_SIZE ) !=0 ) )
     {
         return( ret );
     }
@@ -810,28 +814,28 @@
 #ifdef MBEDTLS_DES_C
     if( ( ret = test_cmac_with_cipher( verbose,
                                        "3DES 2 key",
-                                        des3_2key_key,
-                                        192,
-                                        test_message,
-                                        des3_message_lengths,
-                                        (const unsigned char*) des3_2key_subkeys,
-                                        (const unsigned char*) des3_2key_expected_result,
-                                        MBEDTLS_CIPHER_ID_3DES,
-                                        DES3_BLOCK_SIZE ) !=0 ) )
+                                       des3_2key_key,
+                                       192,
+                                       test_message,
+                                       des3_message_lengths,
+                                       (const unsigned char*) des3_2key_subkeys,
+                                       (const unsigned char*) des3_2key_expected_result,
+                                       MBEDTLS_CIPHER_ID_3DES,
+                                       DES3_BLOCK_SIZE ) !=0 ) )
     {
         return( ret );
     }
 
     if( ( ret = test_cmac_with_cipher( verbose,
                                        "3DES 3 key",
-                                        des3_3key_key,
-                                        192,
-                                        test_message,
-                                        des3_message_lengths,
-                                        (const unsigned char*) des3_3key_subkeys,
-                                        (const unsigned char*) des3_3key_expected_result,
-                                        MBEDTLS_CIPHER_ID_3DES,
-                                        DES3_BLOCK_SIZE ) !=0 ) )
+                                       des3_3key_key,
+                                       192,
+                                       test_message,
+                                       des3_message_lengths,
+                                       (const unsigned char*) des3_3key_subkeys,
+                                       (const unsigned char*) des3_3key_expected_result,
+                                       MBEDTLS_CIPHER_ID_3DES,
+                                       DES3_BLOCK_SIZE ) !=0 ) )
     {
         return( ret );
     }
@@ -840,7 +844,6 @@
 #ifdef MBEDTLS_AES_C
     if( ( ret = test_aes128_cmac_prf( verbose ) != 0 ) )
         return( ret );
-
 #endif /* MBEDTLS_AES_C */
 
     if( verbose != 0 )