From: Matt Caswell Date: Mon, 31 Aug 2020 13:44:17 +0000 (+0100) Subject: Ensure EVP_MAC_update() passes the length even if it is 0 X-Git-Tag: openssl-3.0.0-alpha7~408 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0bc193dd05fa0f5580706f34994beb74baf3d531;p=thirdparty%2Fopenssl.git Ensure EVP_MAC_update() passes the length even if it is 0 We leave it up to the EVP_MAC implemenations what to do with an update where the data length is 0. In the TLS HMAC implemenation this is still signficant. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12732) --- diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index 2198c466805..79dd49ae200 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -112,8 +112,6 @@ int EVP_MAC_init(EVP_MAC_CTX *ctx) int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen) { - if (datalen == 0) - return 1; return ctx->meth->update(ctx->data, data, datalen); } diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c index b567369f587..c2f292f9bb5 100644 --- a/providers/implementations/macs/blake2_mac_impl.c +++ b/providers/implementations/macs/blake2_mac_impl.c @@ -92,6 +92,9 @@ static int blake2_mac_update(void *vmacctx, { struct blake2_mac_data_st *macctx = vmacctx; + if (datalen == 0) + return 1; + return BLAKE2_UPDATE(&macctx->ctx, data, datalen); } diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index f0c152d48f1..c44dea3ec19 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -99,6 +99,9 @@ static int gmac_update(void *vmacctx, const unsigned char *data, EVP_CIPHER_CTX *ctx = macctx->ctx; int outlen; + if (datalen == 0) + return 1; + while (datalen > INT_MAX) { if (!EVP_EncryptUpdate(ctx, NULL, &outlen, data, INT_MAX)) return 0; diff --git a/providers/implementations/macs/poly1305_prov.c b/providers/implementations/macs/poly1305_prov.c index 08eb81ee0dd..36546eb95d9 100644 --- a/providers/implementations/macs/poly1305_prov.c +++ b/providers/implementations/macs/poly1305_prov.c @@ -83,6 +83,9 @@ static int poly1305_update(void *vmacctx, const unsigned char *data, { struct poly1305_data_st *ctx = vmacctx; + if (datalen == 0) + return 1; + /* poly1305 has nothing to return in its update function */ Poly1305_Update(&ctx->poly1305, data, datalen); return 1; diff --git a/providers/implementations/macs/siphash_prov.c b/providers/implementations/macs/siphash_prov.c index 8797241e33b..1bea7a27877 100644 --- a/providers/implementations/macs/siphash_prov.c +++ b/providers/implementations/macs/siphash_prov.c @@ -91,6 +91,9 @@ static int siphash_update(void *vmacctx, const unsigned char *data, { struct siphash_data_st *ctx = vmacctx; + if (datalen == 0) + return 1; + SipHash_Update(&ctx->siphash, data, datalen); return 1; }