Ensure EVP_MAC_update() passes the length even if it is 0

We leave it up to the EVP_MAC implemenations what to do with an update
where the data length is 0. In the TLS HMAC implemenation this is still
signficant.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)

diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 2198c466805f2d61be6dc36a0e85e51536801a67..79dd49ae200ec7d665005288f7e693043afeadd2 100644 (file)
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -112,8 +112,6 @@ int EVP_MAC_init(EVP_MAC_CTX *ctx)
 
 int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen)
 {
-    if (datalen == 0)
-        return 1;
     return ctx->meth->update(ctx->data, data, datalen);
 }
 

diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c
index b567369f5871f0a59839c55fd1ec89035e3575c5..c2f292f9bb50eaf6af7fd0ffe94e619c8a6305b5 100644 (file)
--- a/providers/implementations/macs/blake2_mac_impl.c
+++ b/providers/implementations/macs/blake2_mac_impl.c
@@ -92,6 +92,9 @@ static int blake2_mac_update(void *vmacctx,
 {
     struct blake2_mac_data_st *macctx = vmacctx;
 
+    if (datalen == 0)
+        return 1;
+
     return BLAKE2_UPDATE(&macctx->ctx, data, datalen);
 }
 

diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c
index f0c152d48f1ce6a0f2e1bc459fdbf8f4fce8c742..c44dea3ec19c61f51e7830359864a376a745bb62 100644 (file)
--- a/providers/implementations/macs/gmac_prov.c
+++ b/providers/implementations/macs/gmac_prov.c
@@ -99,6 +99,9 @@ static int gmac_update(void *vmacctx, const unsigned char *data,
     EVP_CIPHER_CTX *ctx = macctx->ctx;
     int outlen;
 
+    if (datalen == 0)
+        return 1;
+
     while (datalen > INT_MAX) {
         if (!EVP_EncryptUpdate(ctx, NULL, &outlen, data, INT_MAX))
             return 0;

diff --git a/providers/implementations/macs/poly1305_prov.c b/providers/implementations/macs/poly1305_prov.c
index 08eb81ee0ddc41a726a2fadedebd322c6603373e..36546eb95d92642cd49619bee7d42a7a23015235 100644 (file)
--- a/providers/implementations/macs/poly1305_prov.c
+++ b/providers/implementations/macs/poly1305_prov.c
@@ -83,6 +83,9 @@ static int poly1305_update(void *vmacctx, const unsigned char *data,
 {
     struct poly1305_data_st *ctx = vmacctx;
 
+    if (datalen == 0)
+        return 1;
+
     /* poly1305 has nothing to return in its update function */
     Poly1305_Update(&ctx->poly1305, data, datalen);
     return 1;

diff --git a/providers/implementations/macs/siphash_prov.c b/providers/implementations/macs/siphash_prov.c
index 8797241e33b6af3e0e379edee956db7e44958460..1bea7a2787773aa2dcbc0a276c6e2e97df4da8a1 100644 (file)
--- a/providers/implementations/macs/siphash_prov.c
+++ b/providers/implementations/macs/siphash_prov.c
@@ -91,6 +91,9 @@ static int siphash_update(void *vmacctx, const unsigned char *data,
 {
     struct siphash_data_st *ctx = vmacctx;
 
+    if (datalen == 0)
+        return 1;
+
     SipHash_Update(&ctx->siphash, data, datalen);
     return 1;
 }