From 758f23db837cb45fa4fe1b1379948cfc10ef0850 Mon Sep 17 00:00:00 2001 From: Mark Atwood Date: Tue, 24 Mar 2026 06:02:13 -0700 Subject: [PATCH] Fix wc_SignatureVerify/Generate to allow empty messages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit wc_SignatureVerify and wc_SignatureGenerate_ex rejected data_len==0 (and data==NULL) with BAD_FUNC_ARG. Signing and verifying an empty message is valid — the hash of an empty string is well-defined for all hash algorithms, and PKCS#1 v1.5 / PSS impose no minimum message length. wc_Hash already handles NULL data with data_len==0 correctly (producing e.g. SHA-256 of ""), so the only change needed is relaxing the argument check in the two wrapper functions. Triggered by Wycheproof RSA PKCS#1 v1.5 test vectors where tcId=1 in every file is a signature over an empty message. Co-Authored-By: Claude Opus 4.6 (1M context) --- wolfcrypt/src/signature.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index 5218760b796..c003f6400a3 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -324,8 +324,10 @@ int wc_SignatureVerify( byte hash_data[MAX_DER_DIGEST_SZ]; #endif - /* Check arguments */ - if (data == NULL || data_len == 0 || + /* Check arguments. + * data may be NULL when data_len is 0 (empty message is valid — + * the hash of an empty string is well-defined). */ + if ((data == NULL && data_len > 0) || sig == NULL || sig_len == 0 || key == NULL || key_len == 0) { return BAD_FUNC_ARG; @@ -523,8 +525,9 @@ int wc_SignatureGenerate_ex( byte hash_data[MAX_DER_DIGEST_SZ]; #endif - /* Check arguments */ - if (data == NULL || data_len == 0 || + /* Check arguments. + * data may be NULL when data_len is 0 (signing an empty message). */ + if ((data == NULL && data_len > 0) || sig == NULL || sig_len == NULL || *sig_len == 0 || key == NULL || key_len == 0) { return BAD_FUNC_ARG;