The branch master has been updated via 28c5b7d482dda8597bbf93890463d7eb0f9f2355 (commit) from d8a4f8ffd04e157d3591044cde8d7a56f605742c (commit)
- Log ----------------------------------------------------------------- commit 28c5b7d482dda8597bbf93890463d7eb0f9f2355 Author: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Date: Wed Aug 1 21:50:41 2018 +0200 Fix some undefined behaviour in the Curve448 code (2nd attempt) Fixes #6800 Replaces #5418 This commit reverts commit 7876dbffcee9 and moves the check for a zero-length input down the callstack into sha3_update(). Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Andy Polyakov <ap...@openssl.org> Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6838) ----------------------------------------------------------------------- Summary of changes: crypto/ec/curve448/eddsa.c | 9 +++------ crypto/evp/m_sha3.c | 3 +++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index 85565a8..909413a 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -63,8 +63,7 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) - || (context_len > 0 - && !EVP_DigestUpdate(hashctx, context, context_len))) + || !EVP_DigestUpdate(hashctx, context, context_len)) return C448_FAILURE; return C448_SUCCESS; @@ -161,8 +160,7 @@ c448_error_t c448_ed448_sign( || !EVP_DigestUpdate(hashctx, expanded + EDDSA_448_PRIVATE_BYTES, EDDSA_448_PRIVATE_BYTES) - || (message_len > 0 - && !EVP_DigestUpdate(hashctx, message, message_len))) { + || !EVP_DigestUpdate(hashctx, message, message_len)) { OPENSSL_cleanse(expanded, sizeof(expanded)); goto err; } @@ -202,8 +200,7 @@ c448_error_t c448_ed448_sign( if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len) || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point)) || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) - || (message_len > 0 - && !EVP_DigestUpdate(hashctx, message, message_len)) + || !EVP_DigestUpdate(hashctx, message, message_len) || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) goto err; diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c index cf902e7..bfc65b2 100644 --- a/crypto/evp/m_sha3.c +++ b/crypto/evp/m_sha3.c @@ -66,6 +66,9 @@ static int sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len) size_t bsz = ctx->block_size; size_t num, rem; + if (len == 0) + return 1; + if ((num = ctx->num) != 0) { /* process intermediate buffer? */ rem = bsz - num; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits