Add parameter validation to SHA-1
diff --git a/library/sha1.c b/library/sha1.c
index bab6087..e9521e3 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -71,8 +71,15 @@
}
#endif
+#define MBEDTLS_SHA1_VALIDATE_RET(cond) \
+ MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, cond )
+
+#define MBEDTLS_SHA1_VALIDATE(cond) MBEDTLS_VALIDATE( cond )
+
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
{
+ MBEDTLS_SHA1_VALIDATE( ctx != NULL );
+
memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
}
@@ -87,6 +94,9 @@
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src )
{
+ MBEDTLS_SHA1_VALIDATE( dst != NULL );
+ MBEDTLS_SHA1_VALIDATE( src != NULL );
+
*dst = *src;
}
@@ -95,6 +105,8 @@
*/
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
{
+ MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL );
+
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -120,6 +132,9 @@
{
uint32_t temp, W[16], A, B, C, D, E;
+ MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL );
+ MBEDTLS_SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
+
GET_UINT32_BE( W[ 0], data, 0 );
GET_UINT32_BE( W[ 1], data, 4 );
GET_UINT32_BE( W[ 2], data, 8 );
@@ -297,6 +312,9 @@
if( ilen == 0 )
return( 0 );
+ MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL );
+ MBEDTLS_SHA1_VALIDATE_RET( input != NULL );
+
left = ctx->total[0] & 0x3F;
fill = 64 - left;
@@ -352,6 +370,9 @@
uint32_t used;
uint32_t high, low;
+ MBEDTLS_SHA1_VALIDATE_RET( ctx != NULL );
+ MBEDTLS_SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
+
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@@ -420,6 +441,9 @@
int ret;
mbedtls_sha1_context ctx;
+ MBEDTLS_SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
+ MBEDTLS_SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
+
mbedtls_sha1_init( &ctx );
if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )