Forbid passing NULL input buffers to RSA encryption routines

This commit is contained in:
Hanno Becker 2018-12-18 17:04:59 +00:00
parent b86e684ed4
commit 2f660d047d
2 changed files with 6 additions and 9 deletions

View file

@ -601,8 +601,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param ilen The length of the plaintext in Bytes. * \param ilen The length of the plaintext in Bytes.
* \param input The input data to encrypt. This must be a readable * \param input The input data to encrypt. This must be a readable
* buffer of size \p ilen Bytes. It may be \c NULL if * buffer of size \p ilen Bytes. This must not be \c NULL.
* `ilen == 0`.
* \param output The output buffer. This must be a writable buffer * \param output The output buffer. This must be a writable buffer
* of length \c ctx->len Bytes. For example, \c 256 Bytes * of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. * for an 2048-bit RSA modulus.
@ -642,8 +641,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param ilen The length of the plaintext in Bytes. * \param ilen The length of the plaintext in Bytes.
* \param input The input data to encrypt. This must be a readable * \param input The input data to encrypt. This must be a readable
* buffer of size \p ilen Bytes. It may be \c NULL if * buffer of size \p ilen Bytes. This must not be \c NULL.
* `ilen == 0`.
* \param output The output buffer. This must be a writable buffer * \param output The output buffer. This must be a writable buffer
* of length \c ctx->len Bytes. For example, \c 256 Bytes * of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. * for an 2048-bit RSA modulus.
@ -687,8 +685,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
* \param label_len The length of the label in Bytes. * \param label_len The length of the label in Bytes.
* \param ilen The length of the plaintext buffer \p input in Bytes. * \param ilen The length of the plaintext buffer \p input in Bytes.
* \param input The input data to encrypt. This must be a readable * \param input The input data to encrypt. This must be a readable
* buffer of size \p ilen Bytes. It may be \c NULL if * buffer of size \p ilen Bytes. This must not be \c NULL.
* `ilen == 0`.
* \param output The output buffer. This must be a writable buffer * \param output The output buffer. This must be a writable buffer
* of length \c ctx->len Bytes. For example, \c 256 Bytes * of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. * for an 2048-bit RSA modulus.

View file

@ -1135,7 +1135,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC ); mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL ); RSA_VALIDATE_RET( input != NULL );
RSA_VALIDATE_RET( label_len == 0 || label != NULL ); RSA_VALIDATE_RET( label_len == 0 || label != NULL );
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
@ -1218,7 +1218,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC ); mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL ); RSA_VALIDATE_RET( input != NULL );
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@ -1285,7 +1285,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC ); mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL ); RSA_VALIDATE_RET( input != NULL );
switch( ctx->padding ) switch( ctx->padding )
{ {