Ensure mbedtls_sha3_finish zeroizes the context

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2023-08-30 18:43:23 +01:00
parent 29bf911058
commit dbddb00158
2 changed files with 13 additions and 3 deletions

View file

@ -259,10 +259,13 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx,
int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
uint8_t *output, size_t olen) uint8_t *output, size_t olen)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Catch SHA-3 families, with fixed output length */ /* Catch SHA-3 families, with fixed output length */
if (ctx->olen > 0) { if (ctx->olen > 0) {
if (ctx->olen > olen) { if (ctx->olen > olen) {
return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; ret = MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
goto exit;
} }
olen = ctx->olen; olen = ctx->olen;
} }
@ -280,7 +283,11 @@ int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
} }
} }
return 0; ret = 0;
exit:
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha3_context));
return ret;
} }
/* /*

View file

@ -176,9 +176,12 @@ void sha3_invalid_param()
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0); TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0); TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0);
exit: exit: