AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix parameter validation in SHA-512 module

Browse Source
This commit is contained in:
Hanno Becker 2018-12-18 15:37:22 +00:00
parent 686c9a0e8d
commit ca6f4585c7
2 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
include/mbedtls/sha512.h
View File

@ -116,8 +116,7 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
* and have a hash operation started.
* \param input The buffer holding the input data. This must
* be a readable buffer of length \p ilen Bytes.
* It must not be \c NULL.
* \param ilen The length of the input data \p input in Bytes.
* \param ilen The length of the input data in Bytes.
*
* \return \c 0 on success.
* \return A negative error code on failure.
@ -184,8 +183,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
* \param ctx The SHA-512 context. This must be initialized
* and have a hash operation started.
* \param input The buffer holding the data. This must be a readable
* buffer of length \p ilen Bytes. It must not be \c NULL.
* \param ilen The length of the input data \p input in Bytes.
* buffer of length \p ilen Bytes.
* \param ilen The length of the input data in Bytes.
*/
MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input,
@ -235,9 +234,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process(
* output = SHA-512(input buffer).
*
* \param input The buffer holding the input data. This must be
* a readable buffer of length \p ilen Bytes. It
* must not be \c NULL.
* \param ilen The length of the input data \p input in Bytes.
* a readable buffer of length \p ilen Bytes.
* \param ilen The length of the input data in Bytes.
* \param output The SHA-384 or SHA-512 checksum result.
* This must be a writable buffer of length \c 64 Bytes.
* \param is384 Determines which function to use. This must be either
@ -270,9 +268,8 @@ int mbedtls_sha512_ret( const unsigned char *input,
* \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0
*
* \param input The buffer holding the data. This must be a
* readable buffer of length \p ilen Bytes. It
* must not be \c NULL.
* \param ilen The length of the input data \p input in Bytes.
* readable buffer of length \p ilen Bytes.
* \param ilen The length of the input data in Bytes.
* \param output The SHA-384 or SHA-512 checksum result. This must
* be a writable buffer of length \c 64 Bytes.
* \param is384 Determines which function to use. This must be eiher

12
library/sha512.c
View File

@ -89,8 +89,8 @@
#endif /* PUT_UINT64_BE */
#define MBEDTLS_SHA512_VALIDATE_RET(cond) \
MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, cond )
#define MBEDTLS_SHA512_VALIDATE(cond) MBEDTLS_VALIDATE( cond )
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
#define MBEDTLS_SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{
@ -122,6 +122,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
{
MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL );
MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
ctx->total[0] = 0;
ctx->total[1] = 0;
@ -308,12 +309,12 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
size_t fill;
unsigned int left;
MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL );
MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
if( ilen == 0 )
return( 0 );
MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL );
MBEDTLS_SHA512_VALIDATE_RET( input != NULL );
left = (unsigned int) (ctx->total[0] & 0x7F);
fill = 128 - left;
@ -447,6 +448,7 @@ int mbedtls_sha512_ret( const unsigned char *input,
int ret;
mbedtls_sha512_context ctx;
MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
MBEDTLS_SHA512_VALIDATE_RET( (unsigned char *)output != NULL );