Merge development commit 8e76332 into development-psa

Additional changes to temporarily enable running tests: ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of mbedtls_ecdh_setup test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of mbedtls_ctr_drbg_update_ret
2025-07-30 22:43:08 +03:00 · 2019-01-31 08:20:20 -05:00
parent 7b9575c654
commit c470b6b021
208 changed files with 11024 additions and 2553 deletions
--- a/library/sha256.c
+++ b/library/sha256.c
@ -49,6 +49,10 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */

+#define SHA256_VALIDATE_RET(cond)                           \
+    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
+#define SHA256_VALIDATE(cond)  MBEDTLS_INTERNAL_VALIDATE( cond )
+
 #if !defined(MBEDTLS_SHA256_ALT)

 /*
@ -76,6 +80,8 @@ do {                                                    \

 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
 {
+    SHA256_VALIDATE( ctx != NULL );
+
    memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
 }

@ -90,6 +96,9 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
                           const mbedtls_sha256_context *src )
 {
+    SHA256_VALIDATE( dst != NULL );
+    SHA256_VALIDATE( src != NULL );
+
    *dst = *src;
 }

@ -98,6 +107,9 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
 */
 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
 {
+    SHA256_VALIDATE_RET( ctx != NULL );
+    SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+
    ctx->total[0] = 0;
    ctx->total[1] = 0;

@ -192,6 +204,9 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
    uint32_t A[8];
    unsigned int i;

+    SHA256_VALIDATE_RET( ctx != NULL );
+    SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
+
    for( i = 0; i < 8; i++ )
        A[i] = ctx->state[i];

@ -263,6 +278,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
    size_t fill;
    uint32_t left;

+    SHA256_VALIDATE_RET( ctx != NULL );
+    SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
+
    if( ilen == 0 )
        return( 0 );

@ -321,6 +339,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
    uint32_t used;
    uint32_t high, low;

+    SHA256_VALIDATE_RET( ctx != NULL );
+    SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+
    /*
     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
     */
@ -395,6 +416,10 @@ int mbedtls_sha256_ret( const unsigned char *input,
    int ret;
    mbedtls_sha256_context ctx;

+    SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+    SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
+    SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+
    mbedtls_sha256_init( &ctx );

    if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )