RSA encryption: accept input=NULL if ilen=0
In mbedtls_rsa_rsaes_oaep_encrypt and
mbedtls_rsa_rsaes_pkcs1_v15_encrypt, if the input length is 0 (which
is unusual and mostly useless, but permitted) then it is fine for the
input pointer to be NULL. Don't return an error in this case.
When `input` is NULL, `memcpy( p, input, ilen )` has undefined
behavior even if `ilen` is zero. So skip the `memcpy` call in this
case. Likewise, in `mbedtls_rsa_rsaes_oaep_decrypt` and
`mbedtls_rsa_rsaes_pkcs1_v15_decrypt`, skip the `memcpy` call if
`*olen` is zero.
diff --git a/library/rsa.c b/library/rsa.c
index ad19639..499d145 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1122,7 +1122,8 @@
p += hlen;
p += olen - 2 * hlen - 2 - ilen;
*p++ = 1;
- memcpy( p, input, ilen );
+ if( ilen != 0 )
+ memcpy( p, input, ilen );
mbedtls_md_init( &md_ctx );
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
@@ -1169,7 +1170,9 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
// We don't check p_rng because it won't be dereferenced here
- if( f_rng == NULL || input == NULL || output == NULL )
+ if( f_rng == NULL || output == NULL )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ if( ilen != 0 && input == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
@@ -1209,7 +1212,8 @@
}
*p++ = 0;
- memcpy( p, input, ilen );
+ if( ilen != 0 )
+ memcpy( p, input, ilen );
return( ( mode == MBEDTLS_RSA_PUBLIC )
? mbedtls_rsa_public( ctx, output, output )
@@ -1373,7 +1377,8 @@
}
*olen = ilen - (p - buf);
- memcpy( output, p, *olen );
+ if( *olen != 0 )
+ memcpy( output, p, *olen );
ret = 0;
cleanup:
@@ -1471,7 +1476,8 @@
}
*olen = ilen - (p - buf);
- memcpy( output, p, *olen );
+ if( *olen != 0 )
+ memcpy( output, p, *olen );
ret = 0;
cleanup: