diff options
| author | Patrick Steuer <patrick.steuer@de.ibm.com> | 2019-08-05 16:53:16 +0200 |
|---|---|---|
| committer | Patrick Steuer <patrick.steuer@de.ibm.com> | 2019-08-18 21:06:03 +0200 |
| commit | a890ef833d114da3430c2f2efd95e01714704d34 (patch) | |
| tree | fa4984fae9f1752c4876527c9bbb5a5070114899 /crypto/sha | |
| parent | .travis.yml: Use travis_terminate on failure (diff) | |
| download | openssl-a890ef833d114da3430c2f2efd95e01714704d34.tar.xz openssl-a890ef833d114da3430c2f2efd95e01714704d34.zip | |
Directly return from final sha3/keccak_final if no bytes are requested
Requesting zero bytes from shake previously led to out-of-bounds write
on some platforms.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9433)
Diffstat (limited to 'crypto/sha')
| -rw-r--r-- | crypto/sha/sha3.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/sha/sha3.c b/crypto/sha/sha3.c index 19ef4266d0..fafa3556f3 100644 --- a/crypto/sha/sha3.c +++ b/crypto/sha/sha3.c @@ -89,6 +89,9 @@ int sha3_final(unsigned char *md, KECCAK1600_CTX *ctx) size_t bsz = ctx->block_size; size_t num = ctx->bufsz; + if (ctx->md_size == 0) + return 1; + /* * Pad the data with 10*1. Note that |num| can be |bsz - 1| * in which case both byte operations below are performed on |