Ensure mbedtls_sha3_finish zeroizes the context
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
29bf911058
commit
dbddb00158
2 changed files with 13 additions and 3 deletions
|
@ -259,10 +259,13 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx,
|
||||||
int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
|
int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
|
||||||
uint8_t *output, size_t olen)
|
uint8_t *output, size_t olen)
|
||||||
{
|
{
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
|
||||||
/* Catch SHA-3 families, with fixed output length */
|
/* Catch SHA-3 families, with fixed output length */
|
||||||
if (ctx->olen > 0) {
|
if (ctx->olen > 0) {
|
||||||
if (ctx->olen > olen) {
|
if (ctx->olen > olen) {
|
||||||
return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
|
ret = MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
|
||||||
|
goto exit;
|
||||||
}
|
}
|
||||||
olen = ctx->olen;
|
olen = ctx->olen;
|
||||||
}
|
}
|
||||||
|
@ -280,7 +283,11 @@ int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
ret = 0;
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha3_context));
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -176,9 +176,12 @@ void sha3_invalid_param()
|
||||||
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
|
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
|
||||||
|
|
||||||
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
|
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
|
||||||
|
|
||||||
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
|
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
|
||||||
|
|
||||||
|
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
|
||||||
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
|
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
|
||||||
|
|
||||||
|
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
|
||||||
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0);
|
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0);
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
|
Loading…
Reference in a new issue