mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 08:14:22 +01:00
Merge pull request #4718 from nick-child-ibm/hash_len_devel
Backport 2.x: pk.c: Ensure min hash_len in pk_hashlen_helper
This commit is contained in:
commit
bdba86f4d5
5
ChangeLog.d/ensure_hash_len_is_valid.txt
Normal file
5
ChangeLog.d/ensure_hash_len_is_valid.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Bugfix
|
||||||
|
* mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
|
||||||
|
restartable variants now always honor the specified hash length if
|
||||||
|
nonzero. Before, for RSA, hash_len was ignored in favor of the length of
|
||||||
|
the specified hash algorithm.
|
@ -235,12 +235,15 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len
|
|||||||
{
|
{
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
|
|
||||||
if( *hash_len != 0 )
|
if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
|
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
|
||||||
return( -1 );
|
return( -1 );
|
||||||
|
|
||||||
|
if ( *hash_len != 0 && *hash_len != mbedtls_md_get_size( md_info ) )
|
||||||
|
return ( -1 );
|
||||||
|
|
||||||
*hash_len = mbedtls_md_get_size( md_info );
|
*hash_len = mbedtls_md_get_size( md_info );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -883,8 +883,9 @@ exit:
|
|||||||
void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret )
|
void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret )
|
||||||
{
|
{
|
||||||
mbedtls_pk_context pk;
|
mbedtls_pk_context pk;
|
||||||
size_t sig_len;
|
size_t sig_len, hash_len;
|
||||||
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
mbedtls_md_type_t md = MBEDTLS_MD_SHA256;
|
||||||
|
unsigned char *hash = NULL;
|
||||||
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
|
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
|
||||||
void *rs_ctx = NULL;
|
void *rs_ctx = NULL;
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
@ -898,40 +899,43 @@ void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret )
|
|||||||
mbedtls_ecp_set_max_ops( 42000 );
|
mbedtls_ecp_set_max_ops( 42000 );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
hash_len = mbedtls_md_get_size( mbedtls_md_info_from_type( md ) );
|
||||||
|
ASSERT_ALLOC( hash, hash_len );
|
||||||
|
|
||||||
mbedtls_pk_init( &pk );
|
mbedtls_pk_init( &pk );
|
||||||
USE_PSA_INIT( );
|
USE_PSA_INIT( );
|
||||||
|
|
||||||
memset( hash, 0x2a, sizeof hash );
|
memset( hash, 0x2a, hash_len );
|
||||||
memset( sig, 0, sizeof sig );
|
memset( sig, 0, sizeof sig );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
|
||||||
TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
|
TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
|
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, md,
|
||||||
hash, sizeof hash, sig, &sig_len,
|
hash, hash_len, sig, &sig_len,
|
||||||
mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret );
|
mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret );
|
||||||
if( sign_ret == 0 )
|
if( sign_ret == 0 )
|
||||||
TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
|
TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
|
||||||
else
|
else
|
||||||
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
|
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
TEST_ASSERT( mbedtls_pk_verify( &pk, md,
|
||||||
hash, sizeof hash, sig, sig_len ) == verify_ret );
|
hash, hash_len, sig, sig_len ) == verify_ret );
|
||||||
|
|
||||||
if( verify_ret == 0 )
|
if( verify_ret == 0 )
|
||||||
{
|
{
|
||||||
hash[0]++;
|
hash[0]++;
|
||||||
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
TEST_ASSERT( mbedtls_pk_verify( &pk, md,
|
||||||
hash, sizeof hash, sig, sig_len ) != 0 );
|
hash, hash_len, sig, sig_len ) != 0 );
|
||||||
hash[0]--;
|
hash[0]--;
|
||||||
|
|
||||||
sig[0]++;
|
sig[0]++;
|
||||||
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
TEST_ASSERT( mbedtls_pk_verify( &pk, md,
|
||||||
hash, sizeof hash, sig, sig_len ) != 0 );
|
hash, hash_len, sig, sig_len ) != 0 );
|
||||||
sig[0]--;
|
sig[0]--;
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
|
TEST_ASSERT( mbedtls_pk_sign( &pk, md, hash, hash_len,
|
||||||
sig, &sig_len,
|
sig, &sig_len,
|
||||||
mbedtls_test_rnd_std_rand,
|
mbedtls_test_rnd_std_rand,
|
||||||
NULL ) == sign_ret );
|
NULL ) == sign_ret );
|
||||||
@ -940,19 +944,19 @@ void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret )
|
|||||||
else
|
else
|
||||||
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
|
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md,
|
||||||
hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );
|
hash, hash_len, sig, sig_len, rs_ctx ) == verify_ret );
|
||||||
|
|
||||||
if( verify_ret == 0 )
|
if( verify_ret == 0 )
|
||||||
{
|
{
|
||||||
hash[0]++;
|
hash[0]++;
|
||||||
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md,
|
||||||
hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
|
hash, hash_len, sig, sig_len, rs_ctx ) != 0 );
|
||||||
hash[0]--;
|
hash[0]--;
|
||||||
|
|
||||||
sig[0]++;
|
sig[0]++;
|
||||||
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
|
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md,
|
||||||
hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
|
hash, hash_len, sig, sig_len, rs_ctx ) != 0 );
|
||||||
sig[0]--;
|
sig[0]--;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -961,6 +965,7 @@ exit:
|
|||||||
mbedtls_pk_restart_free( rs_ctx );
|
mbedtls_pk_restart_free( rs_ctx );
|
||||||
#endif
|
#endif
|
||||||
mbedtls_pk_free( &pk );
|
mbedtls_pk_free( &pk );
|
||||||
|
mbedtls_free( hash );
|
||||||
USE_PSA_DONE( );
|
USE_PSA_DONE( );
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
Loading…
Reference in New Issue
Block a user