[openssl] master update
patrick.steuer at de.ibm.com
patrick.steuer at de.ibm.com
Sun Aug 18 19:14:55 UTC 2019
The branch master has been updated
via 3ce46435e6ebed69bec0fa3454cc195ced426d42 (commit)
via a890ef833d114da3430c2f2efd95e01714704d34 (commit)
from 5be78a88aa922a6c43a83a18dbe252c6a358b8e9 (commit)
- Log -----------------------------------------------------------------
commit 3ce46435e6ebed69bec0fa3454cc195ced426d42
Author: Patrick Steuer <patrick.steuer at de.ibm.com>
Date: Mon Aug 5 16:56:14 2019 +0200
Test for out-of-bounds write when requesting zero bytes from shake
Signed-off-by: Patrick Steuer <patrick.steuer at de.ibm.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9433)
commit a890ef833d114da3430c2f2efd95e01714704d34
Author: Patrick Steuer <patrick.steuer at de.ibm.com>
Date: Mon Aug 5 16:53:16 2019 +0200
Directly return from final sha3/keccak_final if no bytes are requested
Requesting zero bytes from shake previously led to out-of-bounds write
on some platforms.
Signed-off-by: Patrick Steuer <patrick.steuer at de.ibm.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9433)
-----------------------------------------------------------------------
Summary of changes:
crypto/sha/sha3.c | 3 +++
providers/common/digests/sha3_prov.c | 6 ++++--
test/evp_test.c | 22 ++++++++++++++++++++++
3 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/crypto/sha/sha3.c b/crypto/sha/sha3.c
index 19ef4266d0..fafa3556f3 100644
--- a/crypto/sha/sha3.c
+++ b/crypto/sha/sha3.c
@@ -89,6 +89,9 @@ int sha3_final(unsigned char *md, KECCAK1600_CTX *ctx)
size_t bsz = ctx->block_size;
size_t num = ctx->bufsz;
+ if (ctx->md_size == 0)
+ return 1;
+
/*
* Pad the data with 10*1. Note that |num| can be |bsz - 1|
* in which case both byte operations below are performed on
diff --git a/providers/common/digests/sha3_prov.c b/providers/common/digests/sha3_prov.c
index 469a1606ff..17b15b7ca2 100644
--- a/providers/common/digests/sha3_prov.c
+++ b/providers/common/digests/sha3_prov.c
@@ -90,10 +90,12 @@ static int keccak_update(void *vctx, const unsigned char *inp, size_t len)
static int keccak_final(void *vctx, unsigned char *out, size_t *outl,
size_t outsz)
{
- int ret;
+ int ret = 1;
KECCAK1600_CTX *ctx = vctx;
- ret = ctx->meth.final(out, ctx);
+ if (outsz > 0)
+ ret = ctx->meth.final(out, ctx);
+
*outl = ctx->md_size;
return ret;
}
diff --git a/test/evp_test.c b/test/evp_test.c
index 029738f296..76a0231c8b 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -407,6 +407,28 @@ static int digest_test_run(EVP_TEST *t)
}
if (EVP_MD_flags(expected->digest) & EVP_MD_FLAG_XOF) {
+ EVP_MD_CTX *mctx_cpy;
+ char dont[] = "touch";
+
+ if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
+ goto err;
+ }
+ if (!EVP_MD_CTX_copy(mctx_cpy, mctx)) {
+ EVP_MD_CTX_free(mctx_cpy);
+ goto err;
+ }
+ if (!EVP_DigestFinalXOF(mctx_cpy, (unsigned char *)dont, 0)) {
+ EVP_MD_CTX_free(mctx_cpy);
+ t->err = "DIGESTFINALXOF_ERROR";
+ goto err;
+ }
+ if (!TEST_str_eq(dont, "touch")) {
+ EVP_MD_CTX_free(mctx_cpy);
+ t->err = "DIGESTFINALXOF_ERROR";
+ goto err;
+ }
+ EVP_MD_CTX_free(mctx_cpy);
+
got_len = expected->output_len;
if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
t->err = "DIGESTFINALXOF_ERROR";
More information about the openssl-commits
mailing list