1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-24 04:25:10 -07:00

Handle oversized contexts

This commit is contained in:
Frank Denis 2020-03-31 14:16:16 +02:00
parent c8d604e1f1
commit 89eb497efa
3 changed files with 39 additions and 2 deletions

View File

@ -1,5 +1,6 @@
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "crypto_core_ed25519.h"
@ -88,8 +89,25 @@ _string_to_points(unsigned char * const px, size_t n, const char *suite,
size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U;
size_t i, j;
if (n > 2U || suite_len > 0xff || ctx_len > 0xff - suite_len) {
return -1;
/* LCOV_EXCL_START */
if (n > 2U || suite_len > 0xff) {
abort();
}
/* LCOV_EXCL_END */
if (ctx_len > 0xff - suite_len) {
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, "H2C-OVERSIZE-DST-",
sizeof "H2C-OVERSIZE-DST-" - 1U);
crypto_hash_sha512_update(&st, (const unsigned char *) suite, suite_len);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_final(&st, u0);
ctx = (const char *) u0;
ctx_len = HASH_BYTES;
/* LCOV_EXCL_START */
if (ctx_len > 0xff - suite_len) {
abort();
}
/* LCOV_EXCL_END */
}
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, empty_block, sizeof empty_block);

View File

@ -50,7 +50,9 @@ main(void)
{
unsigned char *expected_yr, *expected_y, *y;
char * expected_y_hex, *y_hex;
char * oversized_ctx;
size_t i, j;
size_t oversized_ctx_len = 250U;
expected_yr = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
expected_y = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
@ -97,6 +99,21 @@ main(void)
printf("Failed with empty parameters");
}
oversized_ctx = sodium_malloc(oversized_ctx_len);
memset(oversized_ctx, 'X', oversized_ctx_len - 1U);
oversized_ctx[oversized_ctx_len - 1U] = 0;
crypto_core_ed25519_from_string(y, oversized_ctx,
(const unsigned char *) "msg", 3U);
sodium_bin2hex(y_hex, crypto_core_ed25519_BYTES * 2U + 1U, y,
crypto_core_ed25519_BYTES);
printf("NU with oversized context: %s\n", y_hex);
crypto_core_ed25519_from_string_ro(y, oversized_ctx,
(const unsigned char *) "msg", 3U);
sodium_bin2hex(y_hex, crypto_core_ed25519_BYTES * 2U + 1U, y,
crypto_core_ed25519_BYTES);
printf("RO with oversized context: %s\n", y_hex);
sodium_free(oversized_ctx);
sodium_free(y_hex);
sodium_free(expected_y_hex);
sodium_free(y);

View File

@ -1 +1,3 @@
NU with oversized context: b811f71786d032196a8a07d90393084ac4dbec5506590cd96be0f5a92f084298
RO with oversized context: 5948dc10765f78b8f183377a7af622b205ce8bb62de98254c203b512a9ef966b
OK