mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-31 01:20:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix parameter validation in SHA-512 module

Browse Source
This commit is contained in:
Hanno Becker 2018-12-18 15:37:22 +00:00
parent 686c9a0e8d
commit ca6f4585c7
2 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
include/mbedtls/sha512.h
View File

@ -116,8 +116,7 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
* and have a hash operation started. * and have a hash operation started.
* \param input The buffer holding the input data. This must * \param input The buffer holding the input data. This must
* be a readable buffer of length \p ilen Bytes. * be a readable buffer of length \p ilen Bytes.
* It must not be \c NULL. * \param ilen The length of the input data in Bytes.
* \param ilen The length of the input data \p input in Bytes.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return A negative error code on failure. * \return A negative error code on failure.
@ -184,8 +183,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
* \param ctx The SHA-512 context. This must be initialized * \param ctx The SHA-512 context. This must be initialized
* and have a hash operation started. * and have a hash operation started.
* \param input The buffer holding the data. This must be a readable * \param input The buffer holding the data. This must be a readable
* buffer of length \p ilen Bytes. It must not be \c NULL. * buffer of length \p ilen Bytes.
* \param ilen The length of the input data \p input in Bytes. * \param ilen The length of the input data in Bytes.
*/ */
MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input, const unsigned char *input,
@ -235,9 +234,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process(
* output = SHA-512(input buffer). * output = SHA-512(input buffer).
* *
* \param input The buffer holding the input data. This must be * \param input The buffer holding the input data. This must be
* a readable buffer of length \p ilen Bytes. It * a readable buffer of length \p ilen Bytes.
* must not be \c NULL. * \param ilen The length of the input data in Bytes.
* \param ilen The length of the input data \p input in Bytes.
* \param output The SHA-384 or SHA-512 checksum result. * \param output The SHA-384 or SHA-512 checksum result.
* This must be a writable buffer of length \c 64 Bytes. * This must be a writable buffer of length \c 64 Bytes.
* \param is384 Determines which function to use. This must be either * \param is384 Determines which function to use. This must be either
@ -270,9 +268,8 @@ int mbedtls_sha512_ret( const unsigned char *input,
* \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0 * \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0
* *
* \param input The buffer holding the data. This must be a * \param input The buffer holding the data. This must be a
* readable buffer of length \p ilen Bytes. It * readable buffer of length \p ilen Bytes.
* must not be \c NULL. * \param ilen The length of the input data in Bytes.
* \param ilen The length of the input data \p input in Bytes.
* \param output The SHA-384 or SHA-512 checksum result. This must * \param output The SHA-384 or SHA-512 checksum result. This must
* be a writable buffer of length \c 64 Bytes. * be a writable buffer of length \c 64 Bytes.
* \param is384 Determines which function to use. This must be eiher * \param is384 Determines which function to use. This must be eiher

12
library/sha512.c
View File

@ -89,8 +89,8 @@
#endif /* PUT_UINT64_BE */ #endif /* PUT_UINT64_BE */
#define MBEDTLS_SHA512_VALIDATE_RET(cond) \ #define MBEDTLS_SHA512_VALIDATE_RET(cond) \
MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, cond ) MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
#define MBEDTLS_SHA512_VALIDATE(cond) MBEDTLS_VALIDATE( cond ) #define MBEDTLS_SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{ {
@ -122,6 +122,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
{ {
MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL ); MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL );
MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
ctx->total[0] = 0; ctx->total[0] = 0;
ctx->total[1] = 0; ctx->total[1] = 0;
@ -308,12 +309,12 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
size_t fill; size_t fill;
unsigned int left; unsigned int left;
MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL );
MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
if( ilen == 0 ) if( ilen == 0 )
return( 0 ); return( 0 );
MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL );
MBEDTLS_SHA512_VALIDATE_RET( input != NULL );
left = (unsigned int) (ctx->total[0] & 0x7F); left = (unsigned int) (ctx->total[0] & 0x7F);
fill = 128 - left; fill = 128 - left;
@ -447,6 +448,7 @@ int mbedtls_sha512_ret( const unsigned char *input,
int ret; int ret;
mbedtls_sha512_context ctx; mbedtls_sha512_context ctx;
MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
MBEDTLS_SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); MBEDTLS_SHA512_VALIDATE_RET( (unsigned char *)output != NULL );