[openssl] OpenSSL_1_1_1-stable update

patrick.steuer at de.ibm.com patrick.steuer at de.ibm.com
Sun Aug 18 19:38:44 UTC 2019 

The branch OpenSSL_1_1_1-stable has been updated
       via  efc62e661714a4bba3040a12da4e4a0df8855283 (commit)
       via  6087d4a6fb1877c668dcf934da6a2f9e402dff1d (commit)
      from  ec9cbe21519f85e65e2f128d3f04bfd904642079 (commit)


- Log -----------------------------------------------------------------
commit efc62e661714a4bba3040a12da4e4a0df8855283
Author: Patrick Steuer <patrick.steuer at de.ibm.com>
Date:   Mon Aug 5 16:56:14 2019 +0200

    Test for out-of-bounds write when requesting zero bytes from shake
    
    Signed-off-by: Patrick Steuer <patrick.steuer at de.ibm.com>
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9433)
    
    (cherry picked from commit 3ce46435e6ebed69bec0fa3454cc195ced426d42)

commit 6087d4a6fb1877c668dcf934da6a2f9e402dff1d
Author: Patrick Steuer <patrick.steuer at de.ibm.com>
Date:   Mon Aug 5 16:53:16 2019 +0200

    Directly return from final sha3/keccak_final if no bytes are requested
    
    Requesting zero bytes from shake previously led to out-of-bounds write
    on some platforms.
    
    Signed-off-by: Patrick Steuer <patrick.steuer at de.ibm.com>
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9433)
    
    (cherry picked from commit a890ef833d114da3430c2f2efd95e01714704d34)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/m_sha3.c |  3 +++
 test/evp_test.c     | 22 ++++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c
index 31379c0f6b..b6bbf58211 100644
--- a/crypto/evp/m_sha3.c
+++ b/crypto/evp/m_sha3.c
@@ -108,6 +108,9 @@ static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
     size_t bsz = ctx->block_size;
     size_t num = ctx->num;
 
+    if (ctx->md_size == 0)
+        return 1;
+
     /*
      * Pad the data with 10*1. Note that |num| can be |bsz - 1|
      * in which case both byte operations below are performed on
diff --git a/test/evp_test.c b/test/evp_test.c
index 7a3e41c885..25bae20380 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -403,6 +403,28 @@ static int digest_test_run(EVP_TEST *t)
     }
 
     if (EVP_MD_flags(expected->digest) & EVP_MD_FLAG_XOF) {
+        EVP_MD_CTX *mctx_cpy;
+        char dont[] = "touch";
+
+        if (!TEST_ptr(mctx_cpy = EVP_MD_CTX_new())) {
+            goto err;
+        }
+        if (!EVP_MD_CTX_copy(mctx_cpy, mctx)) {
+            EVP_MD_CTX_free(mctx_cpy);
+            goto err;
+        }
+        if (!EVP_DigestFinalXOF(mctx_cpy, (unsigned char *)dont, 0)) {
+            EVP_MD_CTX_free(mctx_cpy);
+            t->err = "DIGESTFINALXOF_ERROR";
+            goto err;
+        }
+        if (!TEST_str_eq(dont, "touch")) {
+            EVP_MD_CTX_free(mctx_cpy);
+            t->err = "DIGESTFINALXOF_ERROR";
+            goto err;
+        }
+        EVP_MD_CTX_free(mctx_cpy);
+
         got_len = expected->output_len;
         if (!EVP_DigestFinalXOF(mctx, got, got_len)) {
             t->err = "DIGESTFINALXOF_ERROR";

More information about the openssl-commits mailing list