Forbid passing NULL input buffers to RSA encryption routines
This commit is contained in:
parent
b86e684ed4
commit
2f660d047d
2 changed files with 6 additions and 9 deletions
|
@ -601,8 +601,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
||||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||||
* \param ilen The length of the plaintext in Bytes.
|
* \param ilen The length of the plaintext in Bytes.
|
||||||
* \param input The input data to encrypt. This must be a readable
|
* \param input The input data to encrypt. This must be a readable
|
||||||
* buffer of size \p ilen Bytes. It may be \c NULL if
|
* buffer of size \p ilen Bytes. This must not be \c NULL.
|
||||||
* `ilen == 0`.
|
|
||||||
* \param output The output buffer. This must be a writable buffer
|
* \param output The output buffer. This must be a writable buffer
|
||||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
* for an 2048-bit RSA modulus.
|
* for an 2048-bit RSA modulus.
|
||||||
|
@ -642,8 +641,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
|
||||||
* \param ilen The length of the plaintext in Bytes.
|
* \param ilen The length of the plaintext in Bytes.
|
||||||
* \param input The input data to encrypt. This must be a readable
|
* \param input The input data to encrypt. This must be a readable
|
||||||
* buffer of size \p ilen Bytes. It may be \c NULL if
|
* buffer of size \p ilen Bytes. This must not be \c NULL.
|
||||||
* `ilen == 0`.
|
|
||||||
* \param output The output buffer. This must be a writable buffer
|
* \param output The output buffer. This must be a writable buffer
|
||||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
* for an 2048-bit RSA modulus.
|
* for an 2048-bit RSA modulus.
|
||||||
|
@ -687,8 +685,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
||||||
* \param label_len The length of the label in Bytes.
|
* \param label_len The length of the label in Bytes.
|
||||||
* \param ilen The length of the plaintext buffer \p input in Bytes.
|
* \param ilen The length of the plaintext buffer \p input in Bytes.
|
||||||
* \param input The input data to encrypt. This must be a readable
|
* \param input The input data to encrypt. This must be a readable
|
||||||
* buffer of size \p ilen Bytes. It may be \c NULL if
|
* buffer of size \p ilen Bytes. This must not be \c NULL.
|
||||||
* `ilen == 0`.
|
|
||||||
* \param output The output buffer. This must be a writable buffer
|
* \param output The output buffer. This must be a writable buffer
|
||||||
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
* of length \c ctx->len Bytes. For example, \c 256 Bytes
|
||||||
* for an 2048-bit RSA modulus.
|
* for an 2048-bit RSA modulus.
|
||||||
|
|
|
@ -1135,7 +1135,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
||||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
mode == MBEDTLS_RSA_PUBLIC );
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
RSA_VALIDATE_RET( output != NULL );
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||||
|
@ -1218,7 +1218,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
||||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
mode == MBEDTLS_RSA_PUBLIC );
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
RSA_VALIDATE_RET( output != NULL );
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||||
|
@ -1285,7 +1285,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
||||||
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
|
||||||
mode == MBEDTLS_RSA_PUBLIC );
|
mode == MBEDTLS_RSA_PUBLIC );
|
||||||
RSA_VALIDATE_RET( output != NULL );
|
RSA_VALIDATE_RET( output != NULL );
|
||||||
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
RSA_VALIDATE_RET( input != NULL );
|
||||||
|
|
||||||
switch( ctx->padding )
|
switch( ctx->padding )
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue