Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
Require matching hashlen in RSA functions: implementation
diff --git a/ChangeLog.d/require-matching-hashlen-rsa.txt b/ChangeLog.d/require-matching-hashlen-rsa.txt
new file mode 100644
index 0000000..096b577
--- /dev/null
+++ b/ChangeLog.d/require-matching-hashlen-rsa.txt
@@ -0,0 +1,5 @@
+API changes
+ * Signature functions in the RSA and PK modules now require the hash
+ length parameter to be the size of the hash input. For RSA signatures
+ other than raw PKCS#1 v1.5, this must match the output size of the
+ specified hash algorithm.
diff --git a/docs/3.0-migration-guide.d/require-matching-hashlen-rsa.md b/docs/3.0-migration-guide.d/require-matching-hashlen-rsa.md
new file mode 100644
index 0000000..d59a8d3
--- /dev/null
+++ b/docs/3.0-migration-guide.d/require-matching-hashlen-rsa.md
@@ -0,0 +1,24 @@
+Signature functions now require the hash length to match the expected value
+---------------------------------------------------------------------------
+
+This affects users of the PK API as well as users of the low-level API in the RSA module. Users of the PSA API or of the ECDSA module are unaffected.
+
+All the functions in the RSA module that accept a `hashlen` parameter used to
+ignore it unless the `md_alg` parameter was `MBEDTLS_MD_NONE`, indicating raw
+data was signed. The `hashlen` parameter is now always the size that is read
+from the `hash` input buffer. This length must be equal to the output size of
+the hash algorithm used when signing a hash. (The requirements when signing
+raw data are unchanged.) This affects the following functions:
+
+* `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_pkcs1_verify`
+* `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_verify`
+* `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_verify`
+* `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify_ext`
+
+The signature functions in the PK module no longer accept 0 as the `hash_len` parameter. The `hash_len` parameter is now always the size that is read from the `hash` input buffer. This affects the following functions:
+
+* `mbedtls_pk_sign`, `mbedtls_pk_verify`
+* `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable`
+* `mbedtls_pk_verify_ext`
+
+The migration path is to pass the correct value to those functions.
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index dec5111..ec7fe6e 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -399,9 +399,17 @@
* \brief Verify signature (including padding if relevant).
*
* \param ctx The PK context to use. It must have been set up.
- * \param md_alg Hash algorithm used (see notes)
+ * \param md_alg Hash algorithm used.
+ * This can be #MBEDTLS_MD_NONE if the signature algorithm
+ * does not rely on a hash algorithm (non-deterministic
+ * ECDSA, RSA PKCS#1 v1.5).
+ * For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then
+ * \p hash is the DigestInfo structure used by RFC 8017
+ * §9.2 steps 3–6. If \p md_alg is a valid hash
+ * algorithm then \p hash is the digest itself, and this
+ * function calculates the DigestInfo encoding internally.
* \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
+ * \param hash_len Hash length
* \param sig Signature to verify
* \param sig_len Signature length
*
@@ -413,11 +421,6 @@
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
* to verify RSASSA_PSS signatures.
- *
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
- * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
*/
int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
@@ -490,7 +493,7 @@
* with a private key.
* \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes)
+ * \param hash_len Hash length
* \param sig Place to write the signature.
* It must have enough room for the signature.
* #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
@@ -507,9 +510,6 @@
* There is no interface in the PK module to make RSASSA-PSS
* signatures yet.
*
- * \note If hash_len is 0, then the length associated with md_alg
- * is used instead, or an error returned if it is invalid.
- *
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
*/
@@ -530,7 +530,7 @@
* with a private key.
* \param md_alg Hash algorithm used (see notes for mbedtls_pk_sign())
* \param hash Hash of the message to sign
- * \param hash_len Hash length or 0 (see notes for mbedtls_pk_sign())
+ * \param hash_len Hash length
* \param sig Place to write the signature.
* It must have enough room for the signature.
* #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index c953a89..9a070e7 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -796,13 +796,11 @@
* if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. A buffer length of
@@ -830,13 +828,11 @@
* if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. A buffer length of
@@ -878,13 +874,11 @@
* if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param saltlen The length of the salt that should be used.
* If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
* the largest possible salt length up to the hash length,
@@ -935,13 +929,11 @@
* if \p f_rng doesn't need a context argument.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. A buffer length of
@@ -972,13 +964,11 @@
* \param ctx The initialized RSA public key context to use.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer holding the signature. This must be a readable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
@@ -999,13 +989,11 @@
* \param ctx The initialized RSA public key context to use.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer holding the signature. This must be a readable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
@@ -1036,13 +1024,11 @@
* \param ctx The initialized RSA public key context to use.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param sig The buffer holding the signature. This must be a readable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
@@ -1069,13 +1055,11 @@
* \param ctx The initialized RSA public key context to use.
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen The length of the message digest.
- * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * \param hashlen The length of the message digest or raw data in Bytes.
+ * If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+ * output length of the corresponding hash algorithm.
* \param hash The buffer holding the message digest or raw data.
- * If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- * buffer of length \p hashlen Bytes. If \p md_alg is not
- * #MBEDTLS_MD_NONE, it must be a readable buffer of length
- * the size of the hash corresponding to \p md_alg.
+ * This must be a readable buffer of at least \p hashlen Bytes.
* \param mgf1_hash_id The message digest algorithm used for the
* verification operation and the mask generation
* function (MGF1). For more details on the encoding
diff --git a/library/rsa.c b/library/rsa.c
index d4e63b6..ed1632a 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1790,7 +1790,8 @@
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- hashlen = mbedtls_md_get_size( md_info );
+ if( hashlen != mbedtls_md_get_size( md_info ) )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
@@ -1925,14 +1926,13 @@
* Parameters:
* - md_alg: Identifies the hash algorithm used to generate the given hash;
* MBEDTLS_MD_NONE if raw data is signed.
- * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE.
+ * - hashlen: Length of hash. Must match md_alg if that's not NONE.
* - hash: Buffer containing the hashed message or the raw data.
* - dst_len: Length of the encoded message.
* - dst: Buffer to hold the encoded message.
*
* Assumptions:
- * - hash has size hashlen if md_alg == MBEDTLS_MD_NONE.
- * - hash has size corresponding to md_alg if md_alg != MBEDTLS_MD_NONE.
+ * - hash has size hashlen.
* - dst points to a buffer of size at least dst_len.
*
*/
@@ -1957,7 +1957,8 @@
if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- hashlen = mbedtls_md_get_size( md_info );
+ if( hashlen != mbedtls_md_get_size( md_info ) )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
/* Double-check that 8 + hashlen + oid_size can be used as a
* 1-byte ASN.1 length encoding and that there's no overflow. */
@@ -2022,6 +2023,8 @@
* TAG-NULL + LEN [ NULL ] ]
* TAG-OCTET + LEN [ HASH ] ]
*/
+ if( 0x08 + oid_size + hashlen >= 0x80 )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
*p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
*p++ = (unsigned char)( 0x08 + oid_size + hashlen );
*p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
@@ -2203,7 +2206,8 @@
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- hashlen = mbedtls_md_get_size( md_info );
+ if( hashlen != mbedtls_md_get_size( md_info ) )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
md_info = mbedtls_md_info_from_type( mgf1_hash_id );
@@ -2674,7 +2678,7 @@
}
if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
- MBEDTLS_MD_SHA1, 0,
+ MBEDTLS_MD_SHA1, 20,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
@@ -2687,7 +2691,7 @@
if( verbose != 0 )
mbedtls_printf( "passed\n PKCS#1 sig. verify: " );
- if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 0,
+ if( mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA1, 20,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index dbdee2d..28bfb89 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -221,7 +221,7 @@
}
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
- 0, hash, p ) ) != 0 )
+ 32, hash, p ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 0d5be4e..79c313c 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -229,7 +229,7 @@
buf[n + 1] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) );
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
- 0, hash, buf + n + 2 ) ) != 0 )
+ 32, hash, buf + n + 2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index d9ba3bb..ebc88e4 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -147,7 +147,7 @@
}
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
- 20, hash, buf ) ) != 0 )
+ 32, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );
goto exit;
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index fff568a..5a68246 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -141,7 +141,7 @@
}
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
- 20, hash, buf ) ) != 0 )
+ 32, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
goto exit;
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 0d4ff08..6e93bc6 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -452,9 +452,10 @@
if( digest != MBEDTLS_MD_NONE )
{
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
- message_str->x, message_str->len, hash_result ) == 0 );
- hash_len = 0;
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len,
+ hash_result ) == 0 );
+ hash_len = mbedtls_md_get_size( md_info );
}
else
{
@@ -619,7 +620,8 @@
{
mbedtls_pk_context pk;
size_t sig_len;
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ unsigned char hash[32]; // Hard-coded for SHA256
+ size_t hash_len = sizeof( hash );
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
void *rs_ctx = NULL;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -643,7 +645,7 @@
TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, &sig_len,
+ hash, hash_len, sig, &sig_len,
mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret );
if( sign_ret == 0 )
TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
@@ -651,22 +653,22 @@
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) == verify_ret );
+ hash, hash_len, sig, sig_len ) == verify_ret );
if( verify_ret == 0 )
{
hash[0]++;
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) != 0 );
+ hash, hash_len, sig, sig_len ) != 0 );
hash[0]--;
sig[0]++;
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) != 0 );
+ hash, hash_len, sig, sig_len ) != 0 );
sig[0]--;
}
- TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
+ TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, hash_len,
sig, &sig_len,
mbedtls_test_rnd_std_rand,
NULL ) == sign_ret );
@@ -676,7 +678,7 @@
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );
+ hash, hash_len, sig, sig_len, rs_ctx ) == verify_ret );
if( verify_ret == 0 )
{
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 2089c62..6f859d5 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -269,6 +269,7 @@
data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
unsigned char output[128];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
@@ -298,13 +299,13 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, digest, 0, hash_result,
- output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
+ &ctx, &mbedtls_test_rnd_buffer_rand, &info,
+ digest, mbedtls_md_get_size( md_info ), hash_result,
+ output ) == result );
if( result == 0 )
{
@@ -326,6 +327,7 @@
data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
((void) salt);
@@ -343,10 +345,10 @@
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index ec5591f..27b0990 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -123,6 +123,7 @@
int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
unsigned char output[512];
mbedtls_rsa_context ctx;
mbedtls_test_rnd_buf_info info;
@@ -152,14 +153,15 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY)
{
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, digest, 0,hash_result,
- output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
+ &ctx, &mbedtls_test_rnd_buffer_rand, &info,
+ digest, mbedtls_md_get_size( md_info ), hash_result,
+ output ) == result );
if( result == 0 )
{
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
@@ -169,9 +171,10 @@
info.length = rnd_buf->len;
}
- TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, digest, 0, hash_result,
- fixed_salt_length, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext(
+ &ctx, &mbedtls_test_rnd_buffer_rand, &info,
+ digest, mbedtls_md_get_size( md_info ), hash_result,
+ fixed_salt_length, output ) == result );
if( result == 0 )
{
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
@@ -190,6 +193,7 @@
char * salt, data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
mbedtls_rsa_context ctx;
mbedtls_mpi N, E;
((void) salt);
@@ -208,10 +212,10 @@
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -248,9 +252,12 @@
if( msg_digest_id != MBEDTLS_MD_NONE )
{
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ),
- message_str->x, message_str->len, hash_result ) == 0 );
- hash_len = 0;
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_type( msg_digest_id );
+ TEST_ASSERT( mbedtls_md( md_info,
+ message_str->x, message_str->len,
+ hash_result ) == 0 );
+ hash_len = mbedtls_md_get_size( md_info );
}
else
{
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index db30fc4..f5f4aac 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -84,6 +84,7 @@
data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
unsigned char output[256];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
@@ -109,13 +110,13 @@
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, digest, 0, hash_result,
- output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign(
+ &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info,
+ digest, mbedtls_md_get_size( md_info ), hash_result,
+ output ) == result );
if( result == 0 )
{
@@ -137,8 +138,8 @@
data_t * result_str, int result )
{
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest );
mbedtls_rsa_context ctx;
-
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
@@ -153,11 +154,10 @@
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
+ if( md_info != NULL )
+ TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 );
- if( mbedtls_md_info_from_type( digest ) != NULL )
- TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
-
- TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, 0, hash_result, result_str->x ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, digest, mbedtls_md_get_size( md_info ), hash_result, result_str->x ) == result );
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
