diff --git a/library/rsa.c b/library/rsa.c index 2b4b0fd52..02423c027 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1812,6 +1812,8 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, hashlen == 0 ) || hash != NULL ); RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET( saltlen == MBEDTLS_RSA_SALT_LEN_ANY || + saltlen > 0 ); if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -1854,7 +1856,7 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, else slen = olen - hlen - 2; } - else if ( (saltlen < 0) || ((size_t) saltlen > olen - hlen - 2) ) + else if ( ( (size_t) saltlen ) > olen - hlen - 2 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index c28cf08e2..b928e806c 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -159,7 +159,18 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, hash_result, output ) == result ); if( result == 0 ) { + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); + } + info.buf = rnd_buf->x; + info.length = rnd_buf->len; + + TEST_ASSERT( mbedtls_rsa_rsassa_pss_sign_ext( &ctx, &mbedtls_test_rnd_buffer_rand, + &info, digest, 0, hash_result, + MBEDTLS_RSA_SALT_LEN_ANY, output ) == result ); + if( result == 0 ) + { TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx.len, result_str->len ) == 0 ); } diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 6c73e3947..bbe23608c 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -25,6 +25,7 @@ void rsa_invalid_param( ) const int invalid_padding = 42; const int valid_mode = MBEDTLS_RSA_PRIVATE; const int invalid_mode = 42; + const int negative_salt_length = -2; unsigned char buf[42] = { 0 }; size_t olen; @@ -337,6 +338,33 @@ void rsa_invalid_param( ) 0, NULL, buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, + 0, sizeof( buf ), buf, + negative_salt_length, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( NULL, NULL, NULL, + 0, sizeof( buf ), buf, + MBEDTLS_RSA_SALT_LEN_ANY, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, + 0, sizeof( buf ), NULL, + MBEDTLS_RSA_SALT_LEN_ANY, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, + 0, sizeof( buf ), buf, + MBEDTLS_RSA_SALT_LEN_ANY, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, + MBEDTLS_MD_SHA1, + 0, NULL, + MBEDTLS_RSA_SALT_LEN_ANY, + buf ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_verify( NULL, NULL, NULL, valid_mode,