Corrected undefined behaviour in kex tests

Calling those functions again on the same status not only does not make
any sense, it can grow the transcript beyond its maximum size of 128
bytes, which triggers a buffer overflow.  We needed to save the context
so we could re-run the relevant function where we left of.

It's the second time the TIS interpreter finds a bug that the other
sanitisers didn't.

diff --git a/tests/test.c b/tests/test.c
index d312e0442cd6b9a09f941b402d4493abff1deff2..67ed7c56e108460ca2bc0d05dc5b53ed294628e3 100644 (file)
--- a/tests/test.c
+++ b/tests/test.c
@@ -957,6 +957,8 @@ static int p_monokex_xk1()
     crypto_kex_xk1_1(&client2, msg12);
     crypto_kex_xk1_2(&server1, msg21, msg11);
     crypto_kex_xk1_2(&server2, msg22, msg12);
+    crypto_kex_ctx client_save = client1;
+    crypto_kex_ctx server_save = server1;
     // make sure everything is accepted as it should be
     status |= crypto_kex_xk1_3(&client1, client_key1, msg31, msg21);
     status |= crypto_kex_xk1_3(&client2, client_key2, msg32, msg22);
@@ -970,9 +972,9 @@ static int p_monokex_xk1()
     status |= memcmp(remote_pk1 , remote_pk2 , 32);
     // make sure wrong messages are rejected as they should be.
     msg21[1]++;
-    status |= !crypto_kex_xk1_3(&client1, client_key1, msg31, msg21);
+    status |= !crypto_kex_xk1_3(&client_save, client_key1, msg31, msg21);
     msg32[1]++;
-    status |= !crypto_kex_xk1_4(&server2, server_key2, remote_pk2, msg32);
+    status |= !crypto_kex_xk1_4(&server_save, server_key2, remote_pk2, msg32);
 
     printf("%s: monokex_xk1\n", status != 0 ? "FAILED" : "OK");
     return status;
@@ -1001,6 +1003,7 @@ static int p_monokex_x()
     u8 remote_pk1 [32];    u8 remote_pk2 [32];
     crypto_kex_x_1(&client1, client_key1, msg11);
     crypto_kex_x_1(&client2, client_key2, msg12);
+    crypto_kex_ctx server_save = server1;
     // make sure everything is accepted as it should be
     status |= crypto_kex_x_2(&server1, server_key1, remote_pk1, msg11);
     status |= crypto_kex_x_2(&server2, server_key2, remote_pk2, msg12);
@@ -1010,7 +1013,7 @@ static int p_monokex_x()
     status |= memcmp(remote_pk1 , remote_pk2 , 32);
     // make sure wrong messages are rejected as they should be.
     msg11[1]++;
-    status |= !crypto_kex_x_2(&server1, server_key1, remote_pk1, msg11);
+    status |= !crypto_kex_x_2(&server_save, server_key1, remote_pk1, msg11);
 
     printf("%s: monokex_x\n", status != 0 ? "FAILED" : "OK");
     return status;