mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-10-18 13:11:18 +00:00
pk_{sign,verify}() now accept hash_len = 0
This commit is contained in:
Manuel Pégourié-Gonnard
parent
a20c58c6f1
commit
bfe32efb9b
|
|
@ -270,14 +270,19 @@ int pk_can_do( pk_context *ctx, pk_type_t type );
|
|||
* \brief Verify signature
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param md_alg Hash algorithm used
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
* \param sig Signature to verify
|
||||
* \param sig_len Signature length
|
||||
*
|
||||
* \return 0 on success (signature is valid),
|
||||
* or a specific error code.
|
||||
*
|
||||
* \note If hash_len is 0, then the length associated with md_alg
|
||||
* is used instead, or an error returned if it is invalid.
|
||||
*
|
||||
* \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
|
||||
*/
|
||||
int pk_verify( pk_context *ctx, md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
|
|
@ -287,15 +292,20 @@ int pk_verify( pk_context *ctx, md_type_t md_alg,
|
|||
* \brief Make signature
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param md_alg Hash algorithm used
|
||||
* \param md_alg Hash algorithm used (see notes)
|
||||
* \param hash Hash of the message to sign
|
||||
* \param hash_len Hash length
|
||||
* \param hash_len Hash length or 0 (see notes)
|
||||
* \param sig Place to write the signature
|
||||
* \param sig_len Number of bytes written
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*
|
||||
* \note If hash_len is 0, then the length associated with md_alg
|
||||
* is used instead, or an error returned if it is invalid.
|
||||
*
|
||||
* \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
|
||||
*/
|
||||
int pk_sign( pk_context *ctx, md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
|
|
|
|||
23
library/pk.c
23
library/pk.c
|
|
@ -149,6 +149,23 @@ int pk_can_do( pk_context *ctx, pk_type_t type )
|
|||
return( ctx->pk_info->can_do( type ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Helper for pk_sign and pk_verify
|
||||
*/
|
||||
static inline int pk_hashlen_helper( md_type_t md_alg, size_t *hash_len )
|
||||
{
|
||||
const md_info_t *md_info;
|
||||
|
||||
if( *hash_len != 0 )
|
||||
return( 0 );
|
||||
|
||||
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
|
||||
return( -1 );
|
||||
|
||||
*hash_len = md_info->size;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify a signature
|
||||
*/
|
||||
|
|
@ -156,7 +173,8 @@ int pk_verify( pk_context *ctx, md_type_t md_alg,
|
|||
const unsigned char *hash, size_t hash_len,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
if( ctx == NULL || ctx->pk_info == NULL ||
|
||||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
||||
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ctx->pk_info->verify_func == NULL )
|
||||
|
|
@ -174,7 +192,8 @@ int pk_sign( pk_context *ctx, md_type_t md_alg,
|
|||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
if( ctx == NULL || ctx->pk_info == NULL ||
|
||||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
|
||||
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ctx->pk_info->sign_func == NULL )
|
||||
|
|
|
|||
|
|
@ -1164,8 +1164,6 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
|
|||
size_t *hash_len,
|
||||
pk_type_t *pk_alg )
|
||||
{
|
||||
const md_info_t *md_info;
|
||||
|
||||
((void) ssl);
|
||||
*md_alg = POLARSSL_MD_NONE;
|
||||
*pk_alg = POLARSSL_PK_NONE;
|
||||
|
|
@ -1180,6 +1178,9 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
|
|||
if( (*p) + 2 > end )
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
|
||||
/* Info from md_alg will be used instead */
|
||||
*hash_len = 0;
|
||||
|
||||
/*
|
||||
* Get hash algorithm
|
||||
*/
|
||||
|
|
@ -1190,18 +1191,6 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
|
|||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
/*
|
||||
* Get hash_len from hash alg
|
||||
*/
|
||||
if( ( md_info = md_info_from_type( *md_alg ) ) == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 2, ( "Server used unsupported "
|
||||
"HashAlgorithm %d", *(p)[0] ) );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
*hash_len = md_info->size;
|
||||
|
||||
/*
|
||||
* Get signature algorithm
|
||||
*/
|
||||
|
|
@ -1956,7 +1945,6 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
|||
}
|
||||
else
|
||||
{
|
||||
const md_info_t *md_info;
|
||||
/*
|
||||
* digitally-signed struct {
|
||||
* opaque handshake_messages[handshake_messages_length];
|
||||
|
|
@ -1985,13 +1973,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
|||
}
|
||||
ssl->out_msg[5] = ssl_sig_from_pk( ssl->pk_key );
|
||||
|
||||
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
hashlen = md_info->size;
|
||||
/* Info from md_alg will be used instead */
|
||||
hashlen = 0;
|
||||
|
||||
offset = 2;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1989,7 +1989,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
|||
else
|
||||
{
|
||||
md_context_t ctx;
|
||||
const md_info_t *md_info;
|
||||
|
||||
/* Info from md_alg will be used instead */
|
||||
hashlen = 0;
|
||||
|
||||
/*
|
||||
* digitally-signed struct {
|
||||
|
|
@ -1998,17 +2000,14 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
|||
* ServerDHParams params;
|
||||
* };
|
||||
*/
|
||||
md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg );
|
||||
|
||||
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
|
||||
if( ( md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ) )
|
||||
== POLARSSL_MD_NONE )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
hashlen = md_info->size;
|
||||
|
||||
if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 )
|
||||
if( ( ret = md_init_ctx( &ctx, md_info_from_type(md_alg) ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
|
||||
return( ret );
|
||||
|
|
@ -2502,7 +2501,6 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
|||
size_t hashlen;
|
||||
pk_type_t pk_alg;
|
||||
md_type_t md_alg;
|
||||
const md_info_t *md_info;
|
||||
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
|
||||
|
|
@ -2575,15 +2573,8 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
|||
|
||||
md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg );
|
||||
|
||||
/*
|
||||
* Get hashlen from MD
|
||||
*/
|
||||
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "requested hash not available " ) );
|
||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
hashlen = md_info->size;
|
||||
/* Info from md_alg will be used instead */
|
||||
hashlen = 0;
|
||||
|
||||
/*
|
||||
* Signature
|
||||
|
|
|
|||
Loading…
Reference in a new issue