mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 17:43:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #8140 from daverodgman/sha3-zeroize

Browse Source 
Ensure mbedtls_sha3_finish zeroizes the context
This commit is contained in:
Tom Cosgrove 2023-08-31 07:16:35 +00:00 committed by GitHub
commit 5a387c8515
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
library/sha3.c
View File

@ -259,10 +259,13 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx,
int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
uint8_t *output, size_t olen) uint8_t *output, size_t olen)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Catch SHA-3 families, with fixed output length */ /* Catch SHA-3 families, with fixed output length */
if (ctx->olen > 0) { if (ctx->olen > 0) {
if (ctx->olen > olen) { if (ctx->olen > olen) {
return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; ret = MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
goto exit;
} }
olen = ctx->olen; olen = ctx->olen;
} }
@ -280,7 +283,11 @@ int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
} }
} }
return 0; ret = 0;
exit:
mbedtls_sha3_free(ctx);
return ret;
} }
/* /*

5
tests/suites/test_suite_shax.function
View File

@ -176,9 +176,12 @@ void sha3_invalid_param()
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0); TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0); TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0);
exit: exit: