From b86e684ed4b694eb77fe3922d3597211e63bb929 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 14:46:04 +0000 Subject: [PATCH] Move/remove param validation in mbedtls_rsa_rsaes_pkcs1_v15_encrypt - The validity of the input and output parameters is checked by parameter validation. - A PRNG is required in public mode only (even though it's also recommended in private mode), so move the check to the corresponding branch. --- library/rsa.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 603db092c..154738ff7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1223,10 +1223,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - // We don't check p_rng because it won't be dereferenced here - if( f_rng == NULL || input == NULL || output == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - olen = ctx->len; /* first comparison checks for overflow */ @@ -1238,6 +1234,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, *p++ = 0; if( mode == MBEDTLS_RSA_PUBLIC ) { + if( f_rng == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + *p++ = MBEDTLS_RSA_CRYPT; while( nb_pad-- > 0 )