From cabc098a0f9d662f7f47ec20c1e0d34702e56e44 Mon Sep 17 00:00:00 2001
From: itayzafrir <itay.zafrir@arm.com>
Date: Mon, 26 Feb 2018 12:02:10 +0200
Subject: [PATCH 1/2] Test suite test_suite_pk test pk_rsa_overflow passes
 valid parameters for hash and sig.

Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
---
 ChangeLog                           |  2 ++
 tests/suites/test_suite_pk.function | 14 +++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index cf6331f34..9d9e4812e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@ Bugfix
    * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates
      with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
      In the context of SSL, this resulted in handshake failure. #1351
+   * In test_suite_pk pass valid parameters when testing for hash length 
+     overflow. #1179
 
 = mbed TLS 2.1.10 branch released 2018-02-03
 
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index fbe522d69..f291c2aab 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -421,11 +421,15 @@ exit:
 void pk_rsa_overflow( )
 {
     mbedtls_pk_context pk;
-    size_t hash_len = SIZE_MAX;
+    size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
+    unsigned char hash[50], sig[100];
 
     if( SIZE_MAX <= UINT_MAX )
         return;
 
+    memset( hash, 0x2a, sizeof hash );
+    memset( sig, 0, sizeof sig );
+
     mbedtls_pk_init( &pk );
 
     TEST_ASSERT( mbedtls_pk_setup( &pk,
@@ -433,14 +437,14 @@ void pk_rsa_overflow( )
 
 #if defined(MBEDTLS_PKCS1_V21)
     TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
-                    MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0 ) ==
+                    MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) ==
                  MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 #endif /* MBEDTLS_PKCS1_V21 */
 
-    TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, NULL, hash_len,
-                    NULL, 0 ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len,
+                    sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
-    TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0,
+    TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len,
                     rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
 exit:

From 15967a85017593a61cd3e198eeb1e58767711f94 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sun, 11 Mar 2018 00:15:56 +0100
Subject: [PATCH 2/2] Fix grammar in ChangeLog entry

---
 ChangeLog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 9d9e4812e..9c21273a8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,7 +10,7 @@ Bugfix
    * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates
      with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
      In the context of SSL, this resulted in handshake failure. #1351
-   * In test_suite_pk pass valid parameters when testing for hash length 
+   * In test_suite_pk, pass valid parameters when testing for hash length
      overflow. #1179
 
 = mbed TLS 2.1.10 branch released 2018-02-03