aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-08-07 15:41:54 -0400
committerJack Lloyd <[email protected]>2018-08-07 15:41:54 -0400
commita57b21d0b949ddcd88583c79bc689b90f34c563f (patch)
tree166c09f0baf257c9a2ceffebd0045f25c52b5e41 /src/tests
parent7c7da02d9f044c09b4b91fed7f5a1e407658cb9b (diff)
Avoid crash in ChaCha20+Salsa if set_iv called without a key set
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/test_stream.cpp38
1 files changed, 20 insertions, 18 deletions
diff --git a/src/tests/test_stream.cpp b/src/tests/test_stream.cpp
index 1f26a5cfd..63ea9a9bf 100644
--- a/src/tests/test_stream.cpp
+++ b/src/tests/test_stream.cpp
@@ -82,6 +82,19 @@ class Stream_Cipher_Tests final : public Text_Based_Test
result.test_success("Trying to seek failed because not implemented");
}
+ if(!cipher->valid_iv_length(nonce.size()))
+ {
+ throw Test_Error("Invalid nonce for " + algo);
+ }
+
+ bool accepted_nonce_early = false;
+ try
+ {
+ cipher->set_iv(nonce.data(), nonce.size());
+ accepted_nonce_early = true;
+ }
+ catch(Botan::Invalid_State&) {}
+
cipher->set_key(key);
/*
@@ -93,27 +106,16 @@ class Stream_Cipher_Tests final : public Text_Based_Test
result.test_throws("Throws if invalid nonce size given",
[&]() { cipher->set_iv(nullptr, large_nonce_size); });
- if(nonce.size())
+ /*
+ If the set_nonce call earlier succeded, then we require that it also
+ worked (ie saved the nonce for later use) even though the key was
+ not set. So, don't set the nonce now, to ensure the previous call
+ had an effect.
+ */
+ if(accepted_nonce_early == false)
{
- if(!cipher->valid_iv_length(nonce.size()))
- {
- throw Test_Error("Invalid nonce for " + algo);
- }
cipher->set_iv(nonce.data(), nonce.size());
}
- else
- {
- /*
- * If no nonce was set then implicitly the cipher is using a
- * null/empty nonce. Call set_iv with such a nonce to make sure
- * set_iv accepts it.
- */
- if(!cipher->valid_iv_length(0))
- {
- throw Test_Error("Stream cipher " + algo + " requires nonce but none provided");
- }
- cipher->set_iv(nullptr, 0);
- }
if(seek != 0)
{