return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
- const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(digestType);
+ /*
+ * If hash_size == 0 then hash type must be known
+ */
+ if(hash_size == 0) {
+ if(digestType == MBEDTLS_MD_NONE) {
+#ifdef USE_DLOG_LOGGING
+ LOGD("%s: Digest type is NONE and hash size is 0", __FUNCTION__);
+#endif
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if(!md_info) {
+ const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(digestType);
+
+ if(!md_info) {
#ifdef USE_DLOG_LOGGING
- LOGD("%s: Can't find hash data for digest type %d", __FUNCTION__, digestType);
+ LOGD("%s: Can't find hash data for digest type %d", __FUNCTION__, digestType);
#endif
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
- if(hash_size == 0) {
#ifdef USE_DLOG_LOGGING
LOGD("%s: Overriding hash size to %zd bytes", __FUNCTION__, hash_size);
#endif
hash_size = mbedtls_md_get_size(md_info);
- } else if(hash_size != mbedtls_md_get_size(md_info)) {
+ } else if(hash_size != 0 && digestType != MBEDTLS_MD_NONE) {
+ /*
+ * If hash_size != 0 then hash type can be specified
+ */
+ const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(digestType);
+
+ if(!md_info) {
#ifdef USE_DLOG_LOGGING
- LOGE("%s: Hash size mismatch. Expected %zd but got %zd", __FUNCTION__, hash_size, (size_t)mbedtls_md_get_size(md_info));
+ LOGD("%s: Can't find hash data for digest type %d", __FUNCTION__, digestType);
#endif
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ if(hash_size != mbedtls_md_get_size(md_info)) {
+#ifdef USE_DLOG_LOGGING
+ LOGE("%s: Hash size mismatch. Expected %zd but got %zd", __FUNCTION__, hash_size, (size_t)mbedtls_md_get_size(md_info));
+#endif
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
}
try {
return;
}
- const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(
- static_cast<mbedtls_md_type_t>(
- message.digest_type()));
-
- if(!md_info) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Can't find crypto algorithm specified by caller";
+ if(message.data_to_sign().size() == 0) {
+ BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Data to sign is empty and hash type is NONE";
signingResponse->set_result(MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- reply(msg);
return;
}
- if(message.data_to_sign().size() != mbedtls_md_get_size(md_info)) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) <<
- "Input hash length mismatch. It is " <<
- message.data_to_sign().size() << " but should be " <<
- mbedtls_md_get_size(md_info);
- signingResponse->set_result(MBEDTLS_ERR_PK_BAD_INPUT_DATA);
- reply(msg);
- return;
+ mbedtls_md_type_t mdType = static_cast<mbedtls_md_type_t>(message.digest_type());
+
+ if(mdType != MBEDTLS_MD_NONE) {
+ const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(mdType);
+
+ if(!md_info) {
+ BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Can't find MD algorithm specified by caller";
+ signingResponse->set_result(MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+ reply(msg);
+ return;
+ }
+
+ if(message.data_to_sign().size() != mbedtls_md_get_size(md_info)) {
+ BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) <<
+ "Input hash length mismatch. It is " <<
+ message.data_to_sign().size() << " but should be " <<
+ mbedtls_md_get_size(md_info);
+ signingResponse->set_result(MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+ reply(msg);
+ return;
+ }
}
signingResponse->set_result(
projects / platform / core / security / device-certificate-manager.git / commitdiff