yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-24 22:51:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

PK sign/verify: hash=NULL is ok if md_alg=0 and hash_len=0

Browse source
This commit is contained in:
Gilles Peskine 2018-12-19 17:10:02 +01:00
parent 998fbfbe68
commit ee3cfec3cc
2 changed files with 82 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
library/pk.c
View file

@ -240,7 +240,8 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
mbedtls_pk_restart_ctx *rs_ctx ) mbedtls_pk_restart_ctx *rs_ctx )
{ {
PK_VALIDATE_RET( ctx != NULL ); PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( hash != NULL ); PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
hash != NULL );
PK_VALIDATE_RET( sig != NULL ); PK_VALIDATE_RET( sig != NULL );
if( ctx->pk_info == NULL || if( ctx->pk_info == NULL ||
@ -297,7 +298,8 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
const unsigned char *sig, size_t sig_len ) const unsigned char *sig, size_t sig_len )
{ {
PK_VALIDATE_RET( ctx != NULL ); PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( hash != NULL ); PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
hash != NULL );
PK_VALIDATE_RET( sig != NULL ); PK_VALIDATE_RET( sig != NULL );
if( ctx->pk_info == NULL ) if( ctx->pk_info == NULL )
@ -361,7 +363,8 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
mbedtls_pk_restart_ctx *rs_ctx ) mbedtls_pk_restart_ctx *rs_ctx )
{ {
PK_VALIDATE_RET( ctx != NULL ); PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( hash != NULL ); PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
hash != NULL );
PK_VALIDATE_RET( sig != NULL ); PK_VALIDATE_RET( sig != NULL );
if( ctx->pk_info == NULL || if( ctx->pk_info == NULL ||

76
tests/suites/test_suite_pk.function
View file

@ -75,7 +75,9 @@ size_t mbedtls_rsa_key_len_func( void *ctx )
void valid_parameters( ) void valid_parameters( )
{ {
mbedtls_pk_context pk; mbedtls_pk_context pk;
unsigned char buf[1];
size_t len; size_t len;
void *options = NULL;
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
@ -94,6 +96,49 @@ void valid_parameters( )
TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 ); TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 );
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
MBEDTLS_MD_NONE,
NULL, 0,
buf, &len,
rnd_std_rand, NULL,
NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
MBEDTLS_MD_NONE,
NULL, 0,
buf, &len,
rnd_std_rand, NULL,
NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_sign( &pk,
MBEDTLS_MD_NONE,
NULL, 0,
buf, &len,
rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk,
MBEDTLS_MD_NONE,
NULL, 0,
buf, sizeof( buf ),
NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_verify( &pk,
MBEDTLS_MD_NONE,
NULL, 0,
buf, sizeof( buf ) ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
&pk,
MBEDTLS_MD_NONE,
NULL, 0,
buf, sizeof( buf ) ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_encrypt( &pk, TEST_ASSERT( mbedtls_pk_encrypt( &pk,
NULL, 0, NULL, 0,
NULL, &len, 0, NULL, &len, 0,
@ -155,6 +200,7 @@ void invalid_parameters( )
unsigned char *p = buf; unsigned char *p = buf;
char str[1] = {0}; char str[1] = {0};
mbedtls_pk_context pk; mbedtls_pk_context pk;
mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
void *options = buf; void *options = buf;
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
@ -186,6 +232,12 @@ void invalid_parameters( )
NULL, sizeof( buf ), NULL, sizeof( buf ),
buf, sizeof( buf ), buf, sizeof( buf ),
NULL ) ); NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify_restartable( &pk,
valid_md,
NULL, 0,
buf, sizeof( buf ),
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify_restartable( &pk, mbedtls_pk_verify_restartable( &pk,
MBEDTLS_MD_NONE, MBEDTLS_MD_NONE,
@ -203,6 +255,11 @@ void invalid_parameters( )
MBEDTLS_MD_NONE, MBEDTLS_MD_NONE,
NULL, sizeof( buf ), NULL, sizeof( buf ),
buf, sizeof( buf ) ) ); buf, sizeof( buf ) ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify( &pk,
valid_md,
NULL, 0,
buf, sizeof( buf ) ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify( &pk, mbedtls_pk_verify( &pk,
MBEDTLS_MD_NONE, MBEDTLS_MD_NONE,
@ -221,6 +278,12 @@ void invalid_parameters( )
MBEDTLS_MD_NONE, MBEDTLS_MD_NONE,
NULL, sizeof( buf ), NULL, sizeof( buf ),
buf, sizeof( buf ) ) ); buf, sizeof( buf ) ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
&pk,
valid_md,
NULL, 0,
buf, sizeof( buf ) ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
&pk, &pk,
@ -242,6 +305,13 @@ void invalid_parameters( )
buf, &len, buf, &len,
rnd_std_rand, NULL, rnd_std_rand, NULL,
NULL ) ); NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_sign_restartable( &pk,
valid_md,
NULL, 0,
buf, &len,
rnd_std_rand, NULL,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_sign_restartable( &pk, mbedtls_pk_sign_restartable( &pk,
MBEDTLS_MD_NONE, MBEDTLS_MD_NONE,
@ -262,6 +332,12 @@ void invalid_parameters( )
NULL, sizeof( buf ), NULL, sizeof( buf ),
buf, &len, buf, &len,
rnd_std_rand, NULL ) ); rnd_std_rand, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_sign( &pk,
valid_md,
NULL, 0,
buf, &len,
rnd_std_rand, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_sign( &pk, mbedtls_pk_sign( &pk,
MBEDTLS_MD_NONE, MBEDTLS_MD_NONE,