diff --git a/library/pk.c b/library/pk.c index 38ab7747c..66301ee2d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -240,7 +240,8 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, mbedtls_pk_restart_ctx *rs_ctx ) { PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( hash != NULL ); + PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || + hash != NULL ); PK_VALIDATE_RET( sig != NULL ); if( ctx->pk_info == NULL || @@ -297,7 +298,8 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, const unsigned char *sig, size_t sig_len ) { PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( hash != NULL ); + PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || + hash != NULL ); PK_VALIDATE_RET( sig != NULL ); if( ctx->pk_info == NULL ) @@ -361,7 +363,8 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, mbedtls_pk_restart_ctx *rs_ctx ) { PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( hash != NULL ); + PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || + hash != NULL ); PK_VALIDATE_RET( sig != NULL ); if( ctx->pk_info == NULL || diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 20b5457a0..1f5d7d61a 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -75,7 +75,9 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) void valid_parameters( ) { mbedtls_pk_context pk; + unsigned char buf[1]; size_t len; + void *options = NULL; mbedtls_pk_init( &pk ); @@ -94,6 +96,49 @@ void valid_parameters( ) TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 ); + TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, &len, + rnd_std_rand, NULL, + NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, &len, + rnd_std_rand, NULL, + NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_sign( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, &len, + rnd_std_rand, NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, sizeof( buf ), + NULL ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_verify( &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, sizeof( buf ) ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, + &pk, + MBEDTLS_MD_NONE, + NULL, 0, + buf, sizeof( buf ) ) == + MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_encrypt( &pk, NULL, 0, NULL, &len, 0, @@ -155,6 +200,7 @@ void invalid_parameters( ) unsigned char *p = buf; char str[1] = {0}; mbedtls_pk_context pk; + mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; void *options = buf; mbedtls_pk_init( &pk ); @@ -186,6 +232,12 @@ void invalid_parameters( ) NULL, sizeof( buf ), buf, sizeof( buf ), NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_restartable( &pk, + valid_md, + NULL, 0, + buf, sizeof( buf ), + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_NONE, @@ -203,6 +255,11 @@ void invalid_parameters( ) MBEDTLS_MD_NONE, NULL, sizeof( buf ), buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify( &pk, + valid_md, + NULL, 0, + buf, sizeof( buf ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, @@ -221,6 +278,12 @@ void invalid_parameters( ) MBEDTLS_MD_NONE, NULL, sizeof( buf ), buf, sizeof( buf ) ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, + &pk, + valid_md, + NULL, 0, + buf, sizeof( buf ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, &pk, @@ -242,6 +305,13 @@ void invalid_parameters( ) buf, &len, rnd_std_rand, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign_restartable( &pk, + valid_md, + NULL, 0, + buf, &len, + rnd_std_rand, NULL, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, @@ -262,6 +332,12 @@ void invalid_parameters( ) NULL, sizeof( buf ), buf, &len, rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign( &pk, + valid_md, + NULL, 0, + buf, &len, + rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE,