Permalink
Browse files

Merge pull request #347 from secumod/master

Return SOTER_INVALID_PARAMETER if the caller tries to reuse a hash context after finalising
  • Loading branch information...
secumod committed Jan 3, 2019
2 parents 74b8b8d + ef3fd0d commit d365850bc779a54d848865bc33904489b1d3b7be
@@ -52,26 +52,15 @@ jobs:
- ~/valgrind

- checkout
- run: git submodule update --init
- run: make
- run: make JAVA_HOME=/usr/lib/jvm/default-java themis_jni
- run: sudo make install
- run: sudo make themispp_install
- run: sudo make pythemis_install
- run: sudo make rubythemis_install
- run: sudo make jsthemis_install

- restore_cache:
keys:
- boringssl-chromium-stable

- run: if [ ! -d $HOME/boringssl ]; then cd $HOME && git clone https://boringssl.googlesource.com/boringssl && cd boringssl && git checkout chromium-stable && mkdir build && cd build && cmake .. && make && cp decrepit/libdecrepit.a crypto/; fi

- save_cache:
key: boringssl-chromium-stable
paths:
- ~/boringssl

- run: make ENGINE=boringssl ENGINE_INCLUDE_PATH=$HOME/boringssl/include ENGINE_LIB_PATH=$HOME/boringssl/build/crypto BUILD_PATH=build_with_boringssl prepare_tests_basic
- run: make ENGINE=boringssl BUILD_PATH=build_with_boringssl prepare_tests_basic
- run: make BUILD_PATH=cover_build COVERAGE=y prepare_tests_basic
- run: make prepare_tests_all
- run: mkdir -p $HOME/go/src/$GOTHEMIS_IMPORT
@@ -258,7 +258,7 @@ soter_static: $(SOTER_OBJ)

soter_shared: CMD = $(CC) -shared -o $(BIN_PATH)/lib$(SOTER_BIN).$(SHARED_EXT) $(SOTER_OBJ) $(LDFLAGS) $(COVERLDFLAGS)

soter_shared: $(SOTER_OBJ)
soter_shared: $(SOTER_OBJ) $(SOTER_ENGINE_DEPS)
@echo -n "link "
@$(BUILD_CMD)
ifdef IS_MACOS
@@ -19,13 +19,24 @@ SOTER_SRC += $(wildcard $(CRYPTO_ENGINE)/*.c)
# Put path to your OpenSSL/LibreSSL here
OPENSSL_DIR = libs/librebin

ifneq ($(CRYPTO_ENGINE_INCLUDE_PATH),)
ifeq ($(CRYPTO_ENGINE_INCLUDE_PATH),)
CRYPTO_ENGINE_CFLAGS += -Ithird_party/boringssl/src/include
else
CRYPTO_ENGINE_CFLAGS += -I$(CRYPTO_ENGINE_INCLUDE_PATH)
endif
ifneq ($(CRYPTO_ENGINE_LIB_PATH),)
ifeq ($(CRYPTO_ENGINE_LIB_PATH),)
CRYPTO_ENGINE_LDFLAGS += -L$(BIN_PATH)/boringssl/crypto -L$(BIN_PATH)/boringssl/decrepit
SOTER_ENGINE_DEPS += $(BIN_PATH)/boringssl/crypto/libcrypto.a $(BIN_PATH)/boringssl/decrepit/libdecrepit.a
else
CRYPTO_ENGINE_LDFLAGS += -L$(CRYPTO_ENGINE_LIB_PATH)
endif
CRYPTO_ENGINE_LDFLAGS += -lcrypto -ldecrepit -lpthread

CFLAGS += $(CRYPTO_ENGINE_CFLAGS)
LDFLAGS += $(CRYPTO_ENGINE_LDFLAGS)

$(BIN_PATH)/boringssl/crypto/libcrypto.a $(BIN_PATH)/boringssl/decrepit/libdecrepit.a:
@echo "building embedded BoringSSL..."
@mkdir -p $(BIN_PATH)/boringssl
@cd $(BIN_PATH)/boringssl && cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="-fpic" ../../third_party/boringssl/src
@$(MAKE) -C $(BIN_PATH)/boringssl
@@ -58,6 +58,11 @@ soter_status_t soter_hash_update(soter_hash_ctx_t *hash_ctx, const void *data, s
return SOTER_INVALID_PARAMETER;
}

if (!EVP_MD_CTX_md(&(hash_ctx->evp_md_ctx)))
{
return SOTER_INVALID_PARAMETER;
}

if (EVP_DigestUpdate(&(hash_ctx->evp_md_ctx), data, length))
{
return SOTER_SUCCESS;
@@ -77,6 +82,11 @@ soter_status_t soter_hash_final(soter_hash_ctx_t *hash_ctx, uint8_t* hash_value,
return SOTER_INVALID_PARAMETER;
}

if (!EVP_MD_CTX_md(&(hash_ctx->evp_md_ctx)))
{
return SOTER_INVALID_PARAMETER;
}

md_length = (size_t)EVP_MD_CTX_size(&(hash_ctx->evp_md_ctx));

if (!hash_value || (md_length > *hash_length))
@@ -64,6 +64,11 @@ soter_status_t soter_hash_update(soter_hash_ctx_t *hash_ctx, const void *data, s
return SOTER_INVALID_PARAMETER;
}

if (!EVP_MD_CTX_md(hash_ctx->evp_md_ctx))
{
return SOTER_INVALID_PARAMETER;
}

if (EVP_DigestUpdate(hash_ctx->evp_md_ctx, data, length))
{
return SOTER_SUCCESS;
@@ -83,6 +88,11 @@ soter_status_t soter_hash_final(soter_hash_ctx_t *hash_ctx, uint8_t* hash_value,
return SOTER_INVALID_PARAMETER;
}

if (!EVP_MD_CTX_md(hash_ctx->evp_md_ctx))
{
return SOTER_INVALID_PARAMETER;
}

md_length = (size_t)EVP_MD_CTX_size(hash_ctx->evp_md_ctx);

if (!hash_value || (md_length > *hash_length))
@@ -92,7 +102,7 @@ soter_status_t soter_hash_final(soter_hash_ctx_t *hash_ctx, uint8_t* hash_value,
return SOTER_BUFFER_TOO_SMALL;
}

if (EVP_DigestFinal_ex(hash_ctx->evp_md_ctx, hash_value, (unsigned int *)&md_length))
if (EVP_DigestFinal(hash_ctx->evp_md_ctx, hash_value, (unsigned int *)&md_length))
{
*hash_length = md_length;
return SOTER_SUCCESS;
@@ -159,7 +159,7 @@ static void test_api_(soter_hash_ctx_t* ctx)

res = soter_hash_final(ctx, hash, &hash_len);
testsuite_fail_unless((SOTER_SUCCESS == res) && (32 == hash_len) && !memcmp(hash, result, hash_len), "soter_hash_final: normal value");

testsuite_fail_unless(SOTER_INVALID_PARAMETER == soter_hash_update(ctx, input, input_len), "soter_hash_update: use after final");
testsuite_fail_unless(SOTER_INVALID_PARAMETER == soter_hash_destroy(NULL), "soter_hash_destroy: invalid context");
testsuite_fail_unless(SOTER_SUCCESS == soter_hash_cleanup(ctx), "soter_hash_cleanup: can't cleanup");
}
@@ -42,7 +42,7 @@ nist_rng_test_suite_clean:

soter_test: CMD = $(CC) -o $(TEST_BIN_PATH)/soter_test $(SOTER_TEST_OBJ) $(COMMON_TEST_OBJ) -L$(BIN_PATH) -lsoter $(LDFLAGS) $(COVERLDFLAGS)

soter_test: nist_rng_test_suite soter_static $(SOTER_TEST_OBJ) $(COMMON_TEST_OBJ)
soter_test: nist_rng_test_suite soter_static $(SOTER_ENGINE_DEPS) $(SOTER_TEST_OBJ) $(COMMON_TEST_OBJ)
@echo -n "link "
@$(BUILD_CMD)

Submodule src updated from 0a54e9 to 749442

0 comments on commit d365850

Please sign in to comment.