Requesting zero bytes from shake previously led to out-of-bounds write
on some platforms.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9433)
size_t bsz = ctx->block_size;
size_t num = ctx->bufsz;
+ if (ctx->md_size == 0)
+ return 1;
+
/*
* Pad the data with 10*1. Note that |num| can be |bsz - 1|
* in which case both byte operations below are performed on
static int keccak_final(void *vctx, unsigned char *out, size_t *outl,
size_t outsz)
{
- int ret;
+ int ret = 1;
KECCAK1600_CTX *ctx = vctx;
- ret = ctx->meth.final(out, ctx);
+ if (outsz > 0)
+ ret = ctx->meth.final(out, ctx);
+
*outl = ctx->md_size;
return ret;
}