Refactor EVP_digest for better failure perf, add test

aws · Oct 9, 2023 · 8311023 · 8311023
1 parent b18c7cd
commit 8311023
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/crypto/digest_extra/digest_test.cc b/crypto/digest_extra/digest_test.cc
@@ -403,6 +403,17 @@ TEST(DigestTest, Getters) {
   EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_sha1)));
 }
 
+TEST(DigestTest, TestXOF) {
+  // Assert that passing null outsize pointer for EVP XOF results in error.
+  // Use same buffer for input/output; contents don't matter.
+  const size_t out_size = 16;
+  std::unique_ptr<uint8_t[]> digest(new uint8_t[out_size]);
+  EXPECT_FALSE(EVP_Digest(digest.get(), out_size, digest.get(),
+              /*out_len*/nullptr, EVP_shake128(), /*engine*/nullptr));
+  EXPECT_EQ(ERR_R_PASSED_NULL_PARAMETER, ERR_GET_REASON(ERR_peek_last_error()));
+  ERR_clear_error();
+}
+
 TEST(DigestTest, ASN1) {
   bssl::ScopedCBB cbb;
   ASSERT_TRUE(CBB_init(cbb.get(), 0));

diff --git a/crypto/fipsmodule/digest/digest.c b/crypto/fipsmodule/digest/digest.c
@@ -278,14 +278,19 @@ int EVP_Digest(const void *data, size_t count, uint8_t *out_md,
   EVP_MD_CTX ctx;
   int ret;
 
+  if ((EVP_MD_flags(type) & EVP_MD_FLAG_XOF) && out_size == NULL) {
+    OPENSSL_PUT_ERROR(DIGEST, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
   EVP_MD_CTX_init(&ctx);
   ret = EVP_DigestInit_ex(&ctx, type, impl) &&
         EVP_DigestUpdate(&ctx, data, count);
-  if (EVP_MD_flags(type) & EVP_MD_FLAG_XOF) {
-    if (out_size == NULL) {
-      OPENSSL_PUT_ERROR(DIGEST, ERR_R_PASSED_NULL_PARAMETER);
+  if (ret == 0) {
       return 0;
-    }
+  }
+
+  if (EVP_MD_flags(type) & EVP_MD_FLAG_XOF) {
     ret &= EVP_DigestFinalXOF(&ctx, out_md, *out_size);
   } else {
     ret &= EVP_DigestFinal(&ctx, out_md, out_size);