PK sign/verify: hash=NULL is ok if md_alg=0 and hash_len=0
diff --git a/library/pk.c b/library/pk.c
index 38ab774..66301ee 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -240,7 +240,8 @@
mbedtls_pk_restart_ctx *rs_ctx )
{
PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( hash != NULL );
+ PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
+ hash != NULL );
PK_VALIDATE_RET( sig != NULL );
if( ctx->pk_info == NULL ||
@@ -297,7 +298,8 @@
const unsigned char *sig, size_t sig_len )
{
PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( hash != NULL );
+ PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
+ hash != NULL );
PK_VALIDATE_RET( sig != NULL );
if( ctx->pk_info == NULL )
@@ -361,7 +363,8 @@
mbedtls_pk_restart_ctx *rs_ctx )
{
PK_VALIDATE_RET( ctx != NULL );
- PK_VALIDATE_RET( hash != NULL );
+ PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
+ hash != NULL );
PK_VALIDATE_RET( sig != NULL );
if( ctx->pk_info == NULL ||
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 20b5457..1f5d7d6 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -75,7 +75,9 @@
void valid_parameters( )
{
mbedtls_pk_context pk;
+ unsigned char buf[1];
size_t len;
+ void *options = NULL;
mbedtls_pk_init( &pk );
@@ -94,6 +96,49 @@
TEST_ASSERT( mbedtls_pk_can_do( NULL, MBEDTLS_PK_NONE ) == 0 );
+ TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL,
+ NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_sign_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL,
+ NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_sign( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_verify_restartable( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, sizeof( buf ),
+ NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_verify( &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, sizeof( buf ) ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+ &pk,
+ MBEDTLS_MD_NONE,
+ NULL, 0,
+ buf, sizeof( buf ) ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
TEST_ASSERT( mbedtls_pk_encrypt( &pk,
NULL, 0,
NULL, &len, 0,
@@ -155,6 +200,7 @@
unsigned char *p = buf;
char str[1] = {0};
mbedtls_pk_context pk;
+ mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
void *options = buf;
mbedtls_pk_init( &pk );
@@ -188,6 +234,12 @@
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify_restartable( &pk,
+ valid_md,
+ NULL, 0,
+ buf, sizeof( buf ),
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_restartable( &pk,
MBEDTLS_MD_NONE,
buf, sizeof( buf ),
NULL, sizeof( buf ),
@@ -205,6 +257,11 @@
buf, sizeof( buf ) ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify( &pk,
+ valid_md,
+ NULL, 0,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify( &pk,
MBEDTLS_MD_NONE,
buf, sizeof( buf ),
NULL, sizeof( buf ) ) );
@@ -224,6 +281,12 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
&pk,
+ valid_md,
+ NULL, 0,
+ buf, sizeof( buf ) ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
+ &pk,
MBEDTLS_MD_NONE,
buf, sizeof( buf ),
NULL, sizeof( buf ) ) );
@@ -244,6 +307,13 @@
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_sign_restartable( &pk,
+ valid_md,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL,
+ NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign_restartable( &pk,
MBEDTLS_MD_NONE,
buf, sizeof( buf ),
NULL, &len,
@@ -264,6 +334,12 @@
rnd_std_rand, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_sign( &pk,
+ valid_md,
+ NULL, 0,
+ buf, &len,
+ rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign( &pk,
MBEDTLS_MD_NONE,
buf, sizeof( buf ),
NULL, &len,