[openssl-commits] [openssl] master update
matthias.st.pierre at ncp-e.com
matthias.st.pierre at ncp-e.com
Fri Aug 3 10:04:20 UTC 2018
The branch master has been updated
via 28c5b7d482dda8597bbf93890463d7eb0f9f2355 (commit)
from d8a4f8ffd04e157d3591044cde8d7a56f605742c (commit)
- Log -----------------------------------------------------------------
commit 28c5b7d482dda8597bbf93890463d7eb0f9f2355
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date: Wed Aug 1 21:50:41 2018 +0200
Fix some undefined behaviour in the Curve448 code (2nd attempt)
Fixes #6800
Replaces #5418
This commit reverts commit 7876dbffcee9 and moves the check for a
zero-length input down the callstack into sha3_update().
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6838)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/curve448/eddsa.c | 9 +++------
crypto/evp/m_sha3.c | 3 +++
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index 85565a8..909413a 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -63,8 +63,7 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
|| !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
|| !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
- || (context_len > 0
- && !EVP_DigestUpdate(hashctx, context, context_len)))
+ || !EVP_DigestUpdate(hashctx, context, context_len))
return C448_FAILURE;
return C448_SUCCESS;
@@ -161,8 +160,7 @@ c448_error_t c448_ed448_sign(
|| !EVP_DigestUpdate(hashctx,
expanded + EDDSA_448_PRIVATE_BYTES,
EDDSA_448_PRIVATE_BYTES)
- || (message_len > 0
- && !EVP_DigestUpdate(hashctx, message, message_len))) {
+ || !EVP_DigestUpdate(hashctx, message, message_len)) {
OPENSSL_cleanse(expanded, sizeof(expanded));
goto err;
}
@@ -202,8 +200,7 @@ c448_error_t c448_ed448_sign(
if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
|| !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
|| !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
- || (message_len > 0
- && !EVP_DigestUpdate(hashctx, message, message_len))
+ || !EVP_DigestUpdate(hashctx, message, message_len)
|| !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
goto err;
diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c
index cf902e7..bfc65b2 100644
--- a/crypto/evp/m_sha3.c
+++ b/crypto/evp/m_sha3.c
@@ -66,6 +66,9 @@ static int sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
size_t bsz = ctx->block_size;
size_t num, rem;
+ if (len == 0)
+ return 1;
+
if ((num = ctx->num) != 0) { /* process intermediate buffer? */
rem = bsz - num;
More information about the openssl-commits
mailing list