mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 02:05:39 +01:00
Merge remote-tracking branch 'public/pr/2270' into development
This commit is contained in:
commit
032c037052
@ -51,6 +51,8 @@ API Changes
|
||||
* Add validation checks for input parameters to functions in the GCM module.
|
||||
* Add validation checks for input parameters to functions in the SHA-1
|
||||
module.
|
||||
* Add validation checks for input parameters to functions in the SHA-256
|
||||
module.
|
||||
|
||||
New deprecations
|
||||
* Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update
|
||||
|
@ -75,7 +75,7 @@
|
||||
* MD5 1 0x002F-0x002F
|
||||
* RIPEMD160 1 0x0031-0x0031
|
||||
* SHA1 1 0x0035-0x0035 0x0073-0x0073
|
||||
* SHA256 1 0x0037-0x0037
|
||||
* SHA256 1 0x0037-0x0037 0x0074-0x0074
|
||||
* SHA512 1 0x0039-0x0039
|
||||
* CHACHA20 3 0x0051-0x0055
|
||||
* POLY1305 3 0x0057-0x005B
|
||||
|
@ -38,6 +38,7 @@
|
||||
|
||||
/* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
|
||||
#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< SHA-256 input data was malformed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
@ -71,22 +72,24 @@ mbedtls_sha256_context;
|
||||
/**
|
||||
* \brief This function initializes a SHA-256 context.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
* \param ctx The SHA-256 context to initialize. This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clears a SHA-256 context.
|
||||
*
|
||||
* \param ctx The SHA-256 context to clear.
|
||||
* \param ctx The SHA-256 context to clear. This may be \c NULL, in which
|
||||
* case this function returns immediately. If it is not \c NULL,
|
||||
* it must point to an initialized SHA-256 context.
|
||||
*/
|
||||
void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function clones the state of a SHA-256 context.
|
||||
*
|
||||
* \param dst The destination context.
|
||||
* \param src The context to clone.
|
||||
* \param dst The destination context. This must be initialized.
|
||||
* \param src The context to clone. This must be initialized.
|
||||
*/
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src );
|
||||
@ -95,11 +98,12 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
* \param ctx The context to use. This must be initialized.
|
||||
* \param is224 This determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
|
||||
|
||||
@ -107,11 +111,14 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
|
||||
* \brief This function feeds an input buffer into an ongoing
|
||||
* SHA-256 checksum calculation.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param ctx The SHA-256 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
@ -121,10 +128,13 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
||||
* \brief This function finishes the SHA-256 operation, and writes
|
||||
* the result to the output buffer.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param ctx The SHA-256 context. This must be initialized
|
||||
* and have a hash operation started.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* This must be a writable buffer of length \c 32 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
@ -134,10 +144,12 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
||||
* the ongoing SHA-256 computation. This function is for
|
||||
* internal use only.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
* \param ctx The SHA-256 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This must
|
||||
* be a readable buffer of length \c 64 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
@ -152,12 +164,11 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||
* \brief This function starts a SHA-224 or SHA-256 checksum
|
||||
* calculation.
|
||||
*
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The context to initialize.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
* \param ctx The context to use. This must be initialized.
|
||||
* \param is224 Determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
||||
int is224 );
|
||||
@ -168,9 +179,11 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context to initialize.
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param ctx The SHA-256 context to use. This must be
|
||||
* initialized and have a hash operation started.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
@ -182,8 +195,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param ctx The SHA-256 context. This must be initialized and
|
||||
* have a hash operation started.
|
||||
* \param output The SHA-224 or SHA-256 checksum result. This must be
|
||||
* a writable buffer of length \c 32 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] );
|
||||
@ -195,8 +210,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0.
|
||||
*
|
||||
* \param ctx The SHA-256 context.
|
||||
* \param data The buffer holding one block of data.
|
||||
* \param ctx The SHA-256 context. This must be initialized.
|
||||
* \param data The buffer holding one block of data. This must be
|
||||
* a readable buffer of size \c 64 Bytes.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] );
|
||||
@ -214,11 +230,13 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
||||
* The SHA-256 result is calculated as
|
||||
* output = SHA-256(input buffer).
|
||||
*
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-224 or SHA-256 checksum result. This must
|
||||
* be a writable buffer of length \c 32 Bytes.
|
||||
* \param is224 Determines which function to use. This must be
|
||||
* either \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*/
|
||||
int mbedtls_sha256_ret( const unsigned char *input,
|
||||
size_t ilen,
|
||||
@ -244,11 +262,13 @@ int mbedtls_sha256_ret( const unsigned char *input,
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0.
|
||||
*
|
||||
* \param input The buffer holding the data.
|
||||
* \param ilen The length of the input data.
|
||||
* \param output The SHA-224 or SHA-256 checksum result.
|
||||
* \param is224 Determines which function to use:
|
||||
* 0: Use SHA-256, or 1: Use SHA-224.
|
||||
* \param input The buffer holding the data. This must be a readable
|
||||
* buffer of length \p ilen Bytes.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* \param output The SHA-224 or SHA-256 checksum result. This must be
|
||||
* a writable buffer of length \c 32 Bytes.
|
||||
* \param is224 Determines which function to use. This must be either
|
||||
* \c 0 for SHA-256, or \c 1 for SHA-224.
|
||||
*/
|
||||
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
|
||||
size_t ilen,
|
||||
|
@ -862,6 +862,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 input data was malformed" );
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
|
@ -49,6 +49,10 @@
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#define SHA256_VALIDATE_RET(cond) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
|
||||
#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#if !defined(MBEDTLS_SHA256_ALT)
|
||||
|
||||
/*
|
||||
@ -76,6 +80,8 @@ do { \
|
||||
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
|
||||
{
|
||||
SHA256_VALIDATE( ctx != NULL );
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
|
||||
}
|
||||
|
||||
@ -90,6 +96,9 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src )
|
||||
{
|
||||
SHA256_VALIDATE( dst != NULL );
|
||||
SHA256_VALIDATE( src != NULL );
|
||||
|
||||
*dst = *src;
|
||||
}
|
||||
|
||||
@ -98,6 +107,9 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
*/
|
||||
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
|
||||
{
|
||||
SHA256_VALIDATE_RET( ctx != NULL );
|
||||
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
|
||||
|
||||
ctx->total[0] = 0;
|
||||
ctx->total[1] = 0;
|
||||
|
||||
@ -192,6 +204,9 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||
uint32_t A[8];
|
||||
unsigned int i;
|
||||
|
||||
SHA256_VALIDATE_RET( ctx != NULL );
|
||||
SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
|
||||
|
||||
for( i = 0; i < 8; i++ )
|
||||
A[i] = ctx->state[i];
|
||||
|
||||
@ -263,6 +278,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
||||
size_t fill;
|
||||
uint32_t left;
|
||||
|
||||
SHA256_VALIDATE_RET( ctx != NULL );
|
||||
SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
if( ilen == 0 )
|
||||
return( 0 );
|
||||
|
||||
@ -321,6 +339,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
||||
uint32_t used;
|
||||
uint32_t high, low;
|
||||
|
||||
SHA256_VALIDATE_RET( ctx != NULL );
|
||||
SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
|
||||
|
||||
/*
|
||||
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
|
||||
*/
|
||||
@ -395,6 +416,10 @@ int mbedtls_sha256_ret( const unsigned char *input,
|
||||
int ret;
|
||||
mbedtls_sha256_context ctx;
|
||||
|
||||
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
|
||||
SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
|
||||
|
||||
mbedtls_sha256_init( &ctx );
|
||||
|
||||
if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
|
||||
|
@ -45,6 +45,12 @@ SHA-1 Test Vector NIST CAVS #10
|
||||
depends_on:MBEDTLS_SHA1_C
|
||||
mbedtls_sha1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af"
|
||||
|
||||
SHA-256 Valid parameters
|
||||
sha256_valid_param:
|
||||
|
||||
SHA-256 Invalid parameters
|
||||
sha256_invalid_param:
|
||||
|
||||
SHA-224 Test Vector NIST CAVS #1
|
||||
depends_on:MBEDTLS_SHA256_C
|
||||
sha224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"
|
||||
|
@ -65,6 +65,62 @@ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string )
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
|
||||
void sha256_valid_param( )
|
||||
{
|
||||
TEST_VALID_PARAM( mbedtls_sha256_free( NULL ) );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
||||
void sha256_invalid_param( )
|
||||
{
|
||||
mbedtls_sha256_context ctx;
|
||||
unsigned char buf[64] = { 0 };
|
||||
size_t const buflen = sizeof( buf );
|
||||
int valid_type = 0;
|
||||
int invalid_type = 42;
|
||||
|
||||
TEST_INVALID_PARAM( mbedtls_sha256_init( NULL ) );
|
||||
|
||||
TEST_INVALID_PARAM( mbedtls_sha256_clone( NULL, &ctx ) );
|
||||
TEST_INVALID_PARAM( mbedtls_sha256_clone( &ctx, NULL ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_sha256_starts_ret( NULL, valid_type ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_sha256_starts_ret( &ctx, invalid_type ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_sha256_update_ret( NULL, buf, buflen ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_sha256_update_ret( &ctx, NULL, buflen ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_sha256_finish_ret( NULL, buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_sha256_finish_ret( &ctx, NULL ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_internal_sha256_process( NULL, buf ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_internal_sha256_process( &ctx, NULL ) );
|
||||
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_sha256_ret( NULL, buflen,
|
||||
buf, valid_type ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_sha256_ret( buf, buflen,
|
||||
NULL, valid_type ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
|
||||
mbedtls_sha256_ret( buf, buflen,
|
||||
buf, invalid_type ) );
|
||||
|
||||
exit:
|
||||
return;
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
|
||||
void sha224( data_t * src_str, data_t * hex_hash_string )
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user