Add negative tests for empty buffer decoding for certain ciphers
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 1ea1408..70f4bc1 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1,6 +1,10 @@
/* BEGIN_HEADER */
#include "mbedtls/cipher.h"
+#if defined(MBEDTLS_AES_C)
+#include "mbedtls/aes.h"
+#endif
+
#if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h"
#endif
@@ -710,7 +714,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void dec_empty_buf( int cipher )
+void dec_empty_buf( int cipher,
+ int expected_update_ret,
+ int expected_finish_ret )
{
unsigned char key[32];
unsigned char iv[16];
@@ -723,8 +729,6 @@
size_t outlen = 0;
- int expected_ret;
-
memset( key, 0, 32 );
memset( iv , 0, 16 );
@@ -753,25 +757,24 @@
#endif
/* decode 0-byte string */
- TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
+ TEST_ASSERT( expected_update_ret ==
+ mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
TEST_ASSERT( 0 == outlen );
- if ( cipher_info->mode == MBEDTLS_MODE_CBC ||
- cipher_info->mode == MBEDTLS_MODE_ECB )
- {
- /* CBC and ECB ciphers need a full block of input. */
- expected_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
- }
- else
+ if ( expected_finish_ret == 0 &&
+ ( cipher_info->mode == MBEDTLS_MODE_CBC ||
+ cipher_info->mode == MBEDTLS_MODE_ECB ) )
{
/* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
* return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
- * decrypting an empty buffer. */
- expected_ret = 0;
+ * decrypting an empty buffer.
+ * On the other hand, CBC and ECB ciphers need a full block of input.
+ */
+ expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
}
- TEST_ASSERT( expected_ret == mbedtls_cipher_finish(
- &ctx_dec, decbuf + outlen, &outlen ) );
+ TEST_ASSERT( expected_finish_ret == mbedtls_cipher_finish(
+ &ctx_dec, decbuf + outlen, &outlen ) );
TEST_ASSERT( 0 == outlen );
exit: