From 6b150ad8fa696688eeedf85fd4150da379fd77c6 Mon Sep 17 00:00:00 2001 From: Tuvshinzaya Erdenekhuu Date: Fri, 5 Aug 2022 15:59:19 +0100 Subject: [PATCH 1/8] Remove NULL pointer validation in sha1.c Signed-off-by: Tuvshinzaya Erdenekhuu --- library/sha1.c | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/library/sha1.c b/library/sha1.c index 6fc937123..56532b124 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -41,17 +41,10 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#define SHA1_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA ) - -#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) - #if !defined(MBEDTLS_SHA1_ALT) void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) { - SHA1_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); } @@ -66,9 +59,6 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) void mbedtls_sha1_clone( mbedtls_sha1_context *dst, const mbedtls_sha1_context *src ) { - SHA1_VALIDATE( dst != NULL ); - SHA1_VALIDATE( src != NULL ); - *dst = *src; } @@ -77,8 +67,6 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, */ int mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) { - SHA1_VALIDATE_RET( ctx != NULL ); - ctx->total[0] = 0; ctx->total[1] = 0; @@ -100,9 +88,6 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, uint32_t temp, W[16], A, B, C, D, E; } local; - SHA1_VALIDATE_RET( ctx != NULL ); - SHA1_VALIDATE_RET( (const unsigned char *)data != NULL ); - local.W[ 0] = MBEDTLS_GET_UINT32_BE( data, 0 ); local.W[ 1] = MBEDTLS_GET_UINT32_BE( data, 4 ); local.W[ 2] = MBEDTLS_GET_UINT32_BE( data, 8 ); @@ -277,9 +262,6 @@ int mbedtls_sha1_update( mbedtls_sha1_context *ctx, size_t fill; uint32_t left; - SHA1_VALIDATE_RET( ctx != NULL ); - SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); - if( ilen == 0 ) return( 0 ); @@ -329,9 +311,6 @@ int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, uint32_t used; uint32_t high, low; - SHA1_VALIDATE_RET( ctx != NULL ); - SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); - /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length */ @@ -392,9 +371,6 @@ int mbedtls_sha1( const unsigned char *input, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha1_context ctx; - SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); - mbedtls_sha1_init( &ctx ); if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 ) From df2f560316d60795ab7a477c02b121a31fe585f8 Mon Sep 17 00:00:00 2001 From: Tuvshinzaya Erdenekhuu Date: Fri, 5 Aug 2022 15:59:19 +0100 Subject: [PATCH 2/8] Remove NULL pointer validation in sha256.c Signed-off-by: Tuvshinzaya Erdenekhuu --- library/sha256.c | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index ac15ef8d1..24be8eac2 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -159,8 +159,6 @@ static int mbedtls_a64_crypto_sha256_determine_support( void ) void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { - SHA256_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); } @@ -175,9 +173,6 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ) { - SHA256_VALIDATE( dst != NULL ); - SHA256_VALIDATE( src != NULL ); - *dst = *src; } @@ -186,8 +181,6 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, */ int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) { - SHA256_VALIDATE_RET( ctx != NULL ); - #if defined(MBEDTLS_SHA224_C) SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); #else @@ -427,9 +420,6 @@ int mbedtls_internal_sha256_process_c( mbedtls_sha256_context *ctx, unsigned int i; - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); - for( i = 0; i < 8; i++ ) local.A[i] = ctx->state[i]; @@ -579,9 +569,6 @@ int mbedtls_sha256_update( mbedtls_sha256_context *ctx, size_t fill; uint32_t left; - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); - if( ilen == 0 ) return( 0 ); @@ -633,9 +620,6 @@ int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, uint32_t used; uint32_t high, low; - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); - /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length */ @@ -710,9 +694,6 @@ int mbedtls_sha256( const unsigned char *input, SHA256_VALIDATE_RET( is224 == 0 ); #endif - SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); - mbedtls_sha256_init( &ctx ); if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 ) From 696dfb6b1eda07a9f032bc6f8664b001899be5ec Mon Sep 17 00:00:00 2001 From: Tuvshinzaya Erdenekhuu Date: Fri, 5 Aug 2022 15:59:19 +0100 Subject: [PATCH 3/8] Re-introduce ENUM validation in sha256.c Signed-off-by: Tuvshinzaya Erdenekhuu --- library/sha256.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 24be8eac2..4819ba3ad 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -149,10 +149,6 @@ static int mbedtls_a64_crypto_sha256_determine_support( void ) #endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */ -#define SHA256_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) -#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) - #if !defined(MBEDTLS_SHA256_ALT) #define SHA256_BLOCK_SIZE 64 @@ -182,9 +178,11 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) { #if defined(MBEDTLS_SHA224_C) - SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); + if( is224 != 0 && is224 != 1 ) + return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; #else - SHA256_VALIDATE_RET( is224 == 0 ); + if( is224 != 0 ) + return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; #endif ctx->total[0] = 0; @@ -689,9 +687,11 @@ int mbedtls_sha256( const unsigned char *input, mbedtls_sha256_context ctx; #if defined(MBEDTLS_SHA224_C) - SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); + if( is224 != 0 && is224 != 1 ) + return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; #else - SHA256_VALIDATE_RET( is224 == 0 ); + if( is224 != 0 ) + return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; #endif mbedtls_sha256_init( &ctx ); From 1db192bc5a1cc2b4c6f25c94684eedee3b4c9c0f Mon Sep 17 00:00:00 2001 From: Tuvshinzaya Erdenekhuu Date: Fri, 29 Jul 2022 15:44:38 +0100 Subject: [PATCH 4/8] Enable invalid param test in sha256 Signed-off-by: Tuvshinzaya Erdenekhuu --- tests/suites/test_suite_shax.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 95d45baa4..58d025418 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -18,7 +18,7 @@ void mbedtls_sha1( data_t * src_str, data_t * hash ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:NOT_DEFINED */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ void sha256_invalid_param( ) { mbedtls_sha256_context ctx; From 3446c2603a1138111f6a4b55ec0b8daea7a398b9 Mon Sep 17 00:00:00 2001 From: Tuvshinzaya Erdenekhuu Date: Fri, 5 Aug 2022 15:59:19 +0100 Subject: [PATCH 5/8] Remove NULL pointer validation in sha512.c Signed-off-by: Tuvshinzaya Erdenekhuu --- library/sha512.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/library/sha512.c b/library/sha512.c index be03ec331..c575bbd10 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -183,8 +183,6 @@ static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i ) void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) { - SHA512_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); } @@ -199,9 +197,6 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) void mbedtls_sha512_clone( mbedtls_sha512_context *dst, const mbedtls_sha512_context *src ) { - SHA512_VALIDATE( dst != NULL ); - SHA512_VALIDATE( src != NULL ); - *dst = *src; } @@ -210,7 +205,6 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, */ int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) { - SHA512_VALIDATE_RET( ctx != NULL ); #if defined(MBEDTLS_SHA384_C) SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); #else @@ -569,9 +563,6 @@ int mbedtls_internal_sha512_process_c( mbedtls_sha512_context *ctx, uint64_t A[8]; } local; - SHA512_VALIDATE_RET( ctx != NULL ); - SHA512_VALIDATE_RET( (const unsigned char *)data != NULL ); - #define SHR(x,n) ((x) >> (n)) #define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n)))) @@ -735,9 +726,6 @@ int mbedtls_sha512_update( mbedtls_sha512_context *ctx, size_t fill; unsigned int left; - SHA512_VALIDATE_RET( ctx != NULL ); - SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); - if( ilen == 0 ) return( 0 ); @@ -788,9 +776,6 @@ int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned used; uint64_t high, low; - SHA512_VALIDATE_RET( ctx != NULL ); - SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); - /* * Add padding: 0x80 then 0x00 until 16 bytes remain for the length */ @@ -866,8 +851,6 @@ int mbedtls_sha512( const unsigned char *input, #else SHA512_VALIDATE_RET( is384 == 0 ); #endif - SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); mbedtls_sha512_init( &ctx ); From 5893ab02b6628b571bb257f1d6183660b3e9c876 Mon Sep 17 00:00:00 2001 From: Tuvshinzaya Erdenekhuu Date: Fri, 5 Aug 2022 15:59:19 +0100 Subject: [PATCH 6/8] Re-introduce ENUM validation in sha512.c Signed-off-by: Tuvshinzaya Erdenekhuu --- library/sha512.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/sha512.c b/library/sha512.c index c575bbd10..f96580db5 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -164,10 +164,6 @@ static int mbedtls_a64_crypto_sha512_determine_support( void ) #endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */ -#define SHA512_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ) -#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) - #if !defined(MBEDTLS_SHA512_ALT) #define SHA512_BLOCK_SIZE 128 @@ -206,9 +202,11 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) { #if defined(MBEDTLS_SHA384_C) - SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); + if( is384 != 0 && is384 != 1 ) + return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; #else - SHA512_VALIDATE_RET( is384 == 0 ); + if( is384 != 0 ) + return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; #endif ctx->total[0] = 0; @@ -847,9 +845,11 @@ int mbedtls_sha512( const unsigned char *input, mbedtls_sha512_context ctx; #if defined(MBEDTLS_SHA384_C) - SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); + if( is384 != 0 && is384 != 1 ) + return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; #else - SHA512_VALIDATE_RET( is384 == 0 ); + if( is384 != 0 ) + return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA; #endif mbedtls_sha512_init( &ctx ); From ca6fde2e1f3e60187d81d3130ed8c2e0d916f7df Mon Sep 17 00:00:00 2001 From: Tuvshinzaya Erdenekhuu Date: Fri, 29 Jul 2022 15:43:04 +0100 Subject: [PATCH 7/8] Enable invalid param test in sha512 Signed-off-by: Tuvshinzaya Erdenekhuu --- tests/suites/test_suite_shax.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 58d025418..6072712a6 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -67,7 +67,7 @@ void mbedtls_sha256( data_t * src_str, data_t * hash ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:NOT_DEFINED */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */ void sha512_invalid_param( ) { mbedtls_sha512_context ctx; From 61f1372b8c779852245d9f910dba1d0675f8e227 Mon Sep 17 00:00:00 2001 From: Tuvshinzaya Erdenekhuu Date: Fri, 29 Jul 2022 16:15:03 +0100 Subject: [PATCH 8/8] Remove unused variables from shax.function Signed-off-by: Tuvshinzaya Erdenekhuu --- tests/suites/test_suite_shax.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 6072712a6..aebfd84a8 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -24,7 +24,6 @@ void sha256_invalid_param( ) mbedtls_sha256_context ctx; unsigned char buf[64] = { 0 }; size_t const buflen = sizeof( buf ); - int valid_type = 0; int invalid_type = 42; TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, @@ -73,7 +72,6 @@ void sha512_invalid_param( ) mbedtls_sha512_context ctx; unsigned char buf[64] = { 0 }; size_t const buflen = sizeof( buf ); - int valid_type = 0; int invalid_type = 42; TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,