diff options
author | Matt Caswell <matt@openssl.org> | 2018-02-20 14:53:06 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-02-21 11:13:14 +0000 |
commit | 7876dbffcee9a53ac8a75e90c0443c1193edb580 (patch) | |
tree | 803cde4e64545aef120a345ab3d3b02642b34771 /crypto | |
parent | 6c61b2749634246956f8ec7adc9520e5d22dcbf4 (diff) |
Fix some undefined behaviour in the Curve448 code
We can't add NULL data into a hash
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5418)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ec/curve448/eddsa.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index 7175715703..d31887638c 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -63,7 +63,8 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) - || !EVP_DigestUpdate(hashctx, context, context_len)) + || (context_len > 0 + && !EVP_DigestUpdate(hashctx, context, context_len))) return C448_FAILURE; return C448_SUCCESS; @@ -160,7 +161,8 @@ c448_error_t c448_ed448_sign( || !EVP_DigestUpdate(hashctx, expanded + EDDSA_448_PRIVATE_BYTES, EDDSA_448_PRIVATE_BYTES) - || !EVP_DigestUpdate(hashctx, message, message_len)) { + || (message_len > 0 + && !EVP_DigestUpdate(hashctx, message, message_len))) { OPENSSL_cleanse(expanded, sizeof(expanded)); goto err; } @@ -200,7 +202,8 @@ c448_error_t c448_ed448_sign( if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len) || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point)) || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) - || !EVP_DigestUpdate(hashctx, message, message_len) + || (message_len > 0 + && !EVP_DigestUpdate(hashctx, message, message_len)) || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) goto err; |