commit ca6f4585c726766d24c4368de26daa1364b30f39
author Hanno Becker <hanno.becker@arm.com> Tue Dec 18 15:37:22 2018 +0000
committer Hanno Becker <hanno.becker@arm.com> Tue Dec 18 16:36:26 2018 +0000
tree c7d194ea3a343768dcbc3a6163c6c20581d2b93a
parent 686c9a0e8d3132b1d7c36fdd9e6e0829507bd022

Fix parameter validation in SHA-512 module

library/sha512.c

diff --git a/library/sha512.c b/library/sha512.c
index 7a99170..8260f32 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -89,8 +89,8 @@
 #endif /* PUT_UINT64_BE */
 
 #define MBEDTLS_SHA512_VALIDATE_RET(cond)                           \
-    MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, cond )
-#define MBEDTLS_SHA512_VALIDATE(cond)               MBEDTLS_VALIDATE( cond )
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
+#define MBEDTLS_SHA512_VALIDATE(cond)  MBEDTLS_INTERNAL_VALIDATE( cond )
 
 void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
 {
@@ -122,6 +122,7 @@
 int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
 {
     MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL );
+    MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
 
     ctx->total[0] = 0;
     ctx->total[1] = 0;
@@ -308,12 +309,12 @@
     size_t fill;
     unsigned int left;
 
+    MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL );
+    MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
+
     if( ilen == 0 )
         return( 0 );
 
-    MBEDTLS_SHA512_VALIDATE_RET( ctx != NULL );
-    MBEDTLS_SHA512_VALIDATE_RET( input != NULL );
-
     left = (unsigned int) (ctx->total[0] & 0x7F);
     fill = 128 - left;
 
@@ -447,6 +448,7 @@
     int ret;
     mbedtls_sha512_context ctx;
 
+    MBEDTLS_SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
     MBEDTLS_SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
     MBEDTLS_SHA512_VALIDATE_RET( (unsigned char *)output != NULL );