Add parameter validation to SHA-256 module

This commit is contained in:
Andres Amaya Garcia 2018-12-09 20:41:20 +00:00 committed by Hanno Becker
parent af0c6cb9e0
commit 79e593f617
4 changed files with 27 additions and 1 deletions

View File

@ -41,6 +41,8 @@ API Changes
mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret()
mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret()
* Extend ECDH interface to enable alternative implementations.
* Add validation checks for input parameters to functions in the SHA-256
module.
New deprecations
* Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update

View File

@ -75,7 +75,7 @@
* MD5 1 0x002F-0x002F
* RIPEMD160 1 0x0031-0x0031
* SHA1 1 0x0035-0x0035
* SHA256 1 0x0037-0x0037
* SHA256 1 0x0037-0x0037 0x0074-0x0074
* SHA512 1 0x0039-0x0039
* CHACHA20 3 0x0051-0x0055
* POLY1305 3 0x0057-0x005B

View File

@ -38,6 +38,7 @@
/* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */
#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 /**< Invalid input data. */
#ifdef __cplusplus
extern "C" {

View File

@ -74,8 +74,14 @@ do { \
} while( 0 )
#endif
#define MBEDTLS_SHA256_VALIDATE_RET(cond) \
MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, cond )
#define MBEDTLS_SHA256_VALIDATE(cond) MBEDTLS_VALIDATE( cond )
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{
MBEDTLS_SHA256_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
}
@ -90,6 +96,9 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src )
{
MBEDTLS_SHA256_VALIDATE( dst != NULL );
MBEDTLS_SHA256_VALIDATE( src != NULL );
*dst = *src;
}
@ -98,6 +107,8 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
*/
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
{
MBEDTLS_SHA256_VALIDATE( ctx != NULL );
ctx->total[0] = 0;
ctx->total[1] = 0;
@ -192,6 +203,9 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
uint32_t A[8];
unsigned int i;
MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL );
MBEDTLS_SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
for( i = 0; i < 8; i++ )
A[i] = ctx->state[i];
@ -266,6 +280,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
if( ilen == 0 )
return( 0 );
MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL );
MBEDTLS_SHA256_VALIDATE_RET( input != NULL );
left = ctx->total[0] & 0x3F;
fill = 64 - left;
@ -321,6 +338,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
uint32_t used;
uint32_t high, low;
MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL );
MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@ -395,6 +415,9 @@ int mbedtls_sha256_ret( const unsigned char *input,
int ret;
mbedtls_sha256_context ctx;
MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
mbedtls_sha256_init( &ctx );
if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )