Merge pull request #4719 from nick-child-ibm/2.16-hashlen

Backport 2.16: pk.c: Ensure min hash_len in pk_hashlen_helper
2026-05-11 06:28:17 +02:00 · 2021-06-29 18:16:55 +02:00
parent 438ef16d45 c15e31d355
commit 90e6c24cf9
2 changed files with 9 additions and 1 deletions
--- a/ChangeLog.d/ensure_hash_len_is_valid.txt
+++ b/ChangeLog.d/ensure_hash_len_is_valid.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
+     restartable variants now require at least the specified hash length if
+     nonzero. Before, for RSA, hash_len was ignored in favor of the length of
+     the specified hash algorithm.
--- a/library/pk.c
+++ b/library/pk.c
@@ -225,12 +225,15 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len
 {
    const mbedtls_md_info_t *md_info;

-    if( *hash_len != 0 )
+    if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE )
        return( 0 );

    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
        return( -1 );

+    if ( *hash_len != 0 && *hash_len < mbedtls_md_get_size( md_info ) )
+        return ( -1 );
+
    *hash_len = mbedtls_md_get_size( md_info );
    return( 0 );
 }