Arcola
mbed TLS upgraded to 2.6.0
Fork of
mbedtls
by 
Mark Radbourne
Diff: library/pk_wrap.c
- Revision:
- 1:9ebc941037d5
- Parent:
- 0:cdf462088d13
--- a/library/pk_wrap.c Thu Jan 05 00:18:44 2017 +0000
+++ b/library/pk_wrap.c Fri Sep 29 18:41:59 2017 +0100
@@ -30,6 +30,7 @@
/* Even if RSA not activated, for the sake of RSA-alt */
#include "mbedtls/rsa.h"
+#include "mbedtls/bignum.h"
#include <string.h>
@@ -49,6 +50,8 @@
#define mbedtls_free free
#endif
+#include <limits.h>
+
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
@@ -74,6 +77,11 @@
{
int ret;
+#if defined(MBEDTLS_HAVE_INT64)
+ if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
if( sig_len < ((mbedtls_rsa_context *) ctx)->len )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
@@ -93,6 +101,11 @@
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
+#if defined(MBEDTLS_HAVE_INT64)
+ if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
*sig_len = ((mbedtls_rsa_context *) ctx)->len;
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
@@ -402,6 +415,11 @@
{
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
+#if defined(MBEDTLS_HAVE_INT64)
+ if( UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,