Remove NULL pointer validation in rsa.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
This commit is contained in:
parent
1c5609df09
commit
6a473b2f17
1 changed files with 14 additions and 97 deletions
111
library/rsa.c
111
library/rsa.c
|
@ -77,19 +77,12 @@
|
|||
|
||||
#if !defined(MBEDTLS_RSA_ALT)
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define RSA_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
|
||||
#define RSA_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
|
||||
const mbedtls_mpi *N,
|
||||
const mbedtls_mpi *P, const mbedtls_mpi *Q,
|
||||
const mbedtls_mpi *D, const mbedtls_mpi *E )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
|
||||
( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
|
||||
|
@ -114,7 +107,6 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
|
|||
unsigned char const *E, size_t E_len )
|
||||
{
|
||||
int ret = 0;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( N != NULL )
|
||||
{
|
||||
|
@ -244,8 +236,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
|
|||
#endif
|
||||
int n_missing, pq_missing, d_missing, is_pub, is_priv;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
|
||||
have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
|
||||
have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
|
||||
|
@ -348,7 +338,6 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
|
|||
{
|
||||
int ret = 0;
|
||||
int is_priv;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
/* Check if key is private or public */
|
||||
is_priv =
|
||||
|
@ -393,7 +382,6 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
int is_priv;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
/* Check if key is private or public */
|
||||
is_priv =
|
||||
|
@ -437,7 +425,6 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
int is_priv;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
/* Check if key is private or public */
|
||||
is_priv =
|
||||
|
@ -474,8 +461,6 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
|
|||
*/
|
||||
void mbedtls_rsa_init( mbedtls_rsa_context *ctx )
|
||||
{
|
||||
RSA_VALIDATE( ctx != NULL );
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
|
||||
|
||||
ctx->padding = MBEDTLS_RSA_PKCS_V15;
|
||||
|
@ -552,8 +537,6 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_mpi H, G, L;
|
||||
int prime_quality = 0;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( f_rng != NULL );
|
||||
|
||||
/*
|
||||
* If the modulus is 1024 bit long or shorter, then the security strength of
|
||||
|
@ -666,8 +649,6 @@ cleanup:
|
|||
*/
|
||||
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
|
||||
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
||||
|
||||
|
@ -691,8 +672,6 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
|
|||
*/
|
||||
int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
|
||||
if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
|
||||
rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
|
||||
{
|
||||
|
@ -722,9 +701,6 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
|
|||
int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
|
||||
const mbedtls_rsa_context *prv )
|
||||
{
|
||||
RSA_VALIDATE_RET( pub != NULL );
|
||||
RSA_VALIDATE_RET( prv != NULL );
|
||||
|
||||
if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
|
||||
mbedtls_rsa_check_privkey( prv ) != 0 )
|
||||
{
|
||||
|
@ -750,9 +726,6 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t olen;
|
||||
mbedtls_mpi T;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
|
||||
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -920,10 +893,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||
* checked result; should be the same in the end. */
|
||||
mbedtls_mpi I, C;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
|
||||
if( f_rng == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -1311,11 +1280,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||
unsigned char *p = output;
|
||||
unsigned int hlen;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||
|
||||
if( f_rng == NULL )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
|
@ -1377,10 +1341,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char *p = output;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
olen = ctx->len;
|
||||
|
||||
/* first comparison checks for overflow */
|
||||
|
@ -1429,10 +1389,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
|||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( output != NULL );
|
||||
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
switch( ctx->padding )
|
||||
{
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
|
@ -1472,12 +1428,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||
unsigned char lhash[HASH_MAX_SIZE];
|
||||
unsigned int hlen;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( olen != NULL );
|
||||
|
||||
/*
|
||||
* Parameters sanity checks
|
||||
*/
|
||||
|
@ -1598,11 +1548,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||
size_t ilen;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( olen != NULL );
|
||||
|
||||
ilen = ctx->len;
|
||||
|
||||
if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
|
@ -1637,11 +1582,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
|||
unsigned char *output,
|
||||
size_t output_max_len)
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
|
||||
RSA_VALIDATE_RET( input != NULL );
|
||||
RSA_VALIDATE_RET( olen != NULL );
|
||||
|
||||
switch( ctx->padding )
|
||||
{
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
|
@ -1679,11 +1619,8 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t msb;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
|
||||
if( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -1955,11 +1892,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char *sig_try = NULL, *verif = NULL;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
|
||||
if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
@ -2023,11 +1957,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
|||
const unsigned char *hash,
|
||||
unsigned char *sig )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
|
||||
switch( ctx->padding )
|
||||
{
|
||||
|
@ -2069,11 +2000,8 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
|||
size_t observed_salt_len, msb;
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = {0};
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
|
||||
siglen = ctx->len;
|
||||
|
||||
|
@ -2168,11 +2096,8 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
|
|||
const unsigned char *sig )
|
||||
{
|
||||
mbedtls_md_type_t mgf1_hash_id;
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
|
||||
mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
|
||||
? (mbedtls_md_type_t) ctx->hash_id
|
||||
|
@ -2201,11 +2126,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||
size_t sig_len;
|
||||
unsigned char *encoded = NULL, *encoded_expected = NULL;
|
||||
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
|
||||
sig_len = ctx->len;
|
||||
|
||||
|
@ -2270,11 +2192,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||
const unsigned char *hash,
|
||||
const unsigned char *sig )
|
||||
{
|
||||
RSA_VALIDATE_RET( ctx != NULL );
|
||||
RSA_VALIDATE_RET( sig != NULL );
|
||||
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
|
||||
hashlen == 0 ) ||
|
||||
hash != NULL );
|
||||
if( ( md_alg != MBEDTLS_MD_NONE || hashlen != 0 ) && hash == NULL )
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
|
||||
switch( ctx->padding )
|
||||
{
|
||||
|
@ -2301,8 +2220,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
RSA_VALIDATE_RET( dst != NULL );
|
||||
RSA_VALIDATE_RET( src != NULL );
|
||||
|
||||
dst->len = src->len;
|
||||
|
||||
|
|
Loading…
Reference in a new issue