Permalink
Browse files

Return SOTER_INVALID_PARAMETER if the caller tries to reuse hash cont…

…ext after finalising it for BoringSSL backend

In BoringSSL EVP_DigestFinal "cleans up" the internal hash context and fills the
whole structure with zeroes. We can use this as a marker that the context has
been finalised. We just access the first "digest" member, which is a pointer
to a specific digest algorithm implementation. If the pointer is NULL, it means
there is no algorithm associated with the context, therefore it was either
finalised or never initialised in the first place.
  • Loading branch information...
secumod committed Dec 26, 2018
1 parent 30b8643 commit c865d191d3e173eb6b8c5e8a146ec8c9886ade20
Showing with 10 additions and 0 deletions.
  1. +10 −0 src/soter/boringssl/soter_hash.c
@@ -58,6 +58,11 @@ soter_status_t soter_hash_update(soter_hash_ctx_t *hash_ctx, const void *data, s
return SOTER_INVALID_PARAMETER;
}

if (!EVP_MD_CTX_md(&(hash_ctx->evp_md_ctx)))
{
return SOTER_INVALID_PARAMETER;
}

if (EVP_DigestUpdate(&(hash_ctx->evp_md_ctx), data, length))
{
return SOTER_SUCCESS;
@@ -77,6 +82,11 @@ soter_status_t soter_hash_final(soter_hash_ctx_t *hash_ctx, uint8_t* hash_value,
return SOTER_INVALID_PARAMETER;
}

if (!EVP_MD_CTX_md(&(hash_ctx->evp_md_ctx)))
{
return SOTER_INVALID_PARAMETER;
}

md_length = (size_t)EVP_MD_CTX_size(&(hash_ctx->evp_md_ctx));

if (!hash_value || (md_length > *hash_length))

0 comments on commit c865d19

Please sign in to comment.