AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

test_suite_pk: fix use of sig_len without initialization

Browse Source 
In pk_sign_verify, if mbedtls_pk_sign() failed, sig_len was passed to
mbedtls_pk_verify_restartable() without having been initialized. This
worked only because in the only test case that expects signature to
fail, the verify implementation doesn't look at sig_len before failing
for the expected reason.

The value of sig_len if sign() fails is undefined, so set sig_len to
something sensible.
This commit is contained in:
Gilles Peskine 2019-11-12 11:08:23 +01:00
parent da252bed3c
commit f85e4e67bd
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/suites/test_suite_pk.function
View File

@ -926,6 +926,8 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
hash, sizeof hash, sig, &sig_len,
rnd_std_rand, NULL, rs_ctx ) == sign_ret );
if( sign_ret != 0 )
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
hash, sizeof hash, sig, sig_len ) == verify_ret );
@ -945,6 +947,8 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
if( sign_ret != 0 )
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );