crypto/sha3-buffer: Don't abort on OOM.

* modules/crypto/sha3-buffer (Depends-on): Add stddef-h.
* lib/sha3.h: Include stddef.h.
(sha3_ctx): Use a stack allocated buffer used to cast to store an
EVP_MD_CTX.
* lib/sha3.c (DEFINE_SHA3_INIT_CTX): Initialize the structure to zero.
Use the stack allocated buffer instead of calling EVP_MD_CTX_create.
(sha3_read_ctx): Just call sha3_finish_ctx similar to the other crypto
modules.
(sha3_finish_ctx): Remove call to EVP_MD_CTX_free. Call
EVP_DigestFinal_ex.

diff --git a/ChangeLog b/ChangeLog
index a016eec8f07b75abad8d3bd8d440523e4ddaff95..3752bb91986b3e47fcdc6c4af475ac05e91fb37e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
 2025-09-03  Collin Funk  <collin.funk1@gmail.com>
 
+       crypto/sha3-buffer: Don't abort on OOM.
+       * modules/crypto/sha3-buffer (Depends-on): Add stddef-h.
+       * lib/sha3.h: Include stddef.h.
+       (sha3_ctx): Use a stack allocated buffer used to cast to store an
+       EVP_MD_CTX.
+       * lib/sha3.c (DEFINE_SHA3_INIT_CTX): Initialize the structure to zero.
+       Use the stack allocated buffer instead of calling EVP_MD_CTX_create.
+       (sha3_read_ctx): Just call sha3_finish_ctx similar to the other crypto
+       modules.
+       (sha3_finish_ctx): Remove call to EVP_MD_CTX_free. Call
+       EVP_DigestFinal_ex.
+
        gnulib-tool: Avoid Automake error when using --create-testdir (regr. today).
        * gnulib-tool.sh (func_emit_tests_Makefile_am): Initialize AM_CFLAGS and
        AM_CXXFLAGS when creating a test directory.

diff --git a/lib/sha3.c b/lib/sha3.c
index 5da85db5f2d5653fd3cfca1dd25786ba9952c569..e30210fb3eab4f64b2073c3ae27199734280c0d5 100644 (file)
--- a/lib/sha3.c
+++ b/lib/sha3.c
@@ -323,11 +323,11 @@ sha3_process_block (const void *buffer, size_t len, struct sha3_ctx *ctx)
   void                                                                  \
   sha3_##SIZE##_init_ctx (struct sha3_ctx *ctx)                         \
   {                                                                     \
-    int rc;                                                             \
-    ctx->evp_ctx = EVP_MD_CTX_create ();                                \
-    if (ctx->evp_ctx == NULL)                                           \
-      abort ();                                                         \
-    rc = EVP_DigestInit_ex (ctx->evp_ctx, EVP_sha3_##SIZE (), NULL);    \
+    /* EVP_DigestInit_ex expects all bytes to be zero.  */              \
+    memset (ctx, 0, sizeof *ctx);                                       \
+    EVP_MD_CTX *evp_ctx = (EVP_MD_CTX *) ctx->evp_ctx_buffer;           \
+    int rc = EVP_DigestInit_ex (evp_ctx, EVP_sha3_##SIZE (), NULL);     \
+    /* This should never fail.  */                                      \
     if (rc == 0)                                                        \
       abort ();                                                         \
   }
@@ -341,17 +341,17 @@ void *
 sha3_read_ctx (const struct sha3_ctx *ctx, void *resbuf)
 {
   /* Assume any unprocessed bytes in ctx are not to be ignored.  */
-  int result = EVP_DigestFinal_ex (ctx->evp_ctx, resbuf, NULL);
-  if (result == 0)
-    abort ();
-  return resbuf;
+  return sha3_finish_ctx ((struct sha3_ctx *) ctx, resbuf);
 }
 
 void *
 sha3_finish_ctx (struct sha3_ctx *ctx, void *resbuf)
 {
-  void *result = sha3_read_ctx (ctx, resbuf);
-  EVP_MD_CTX_free (ctx->evp_ctx);
+  EVP_MD_CTX *evp_ctx = (EVP_MD_CTX *) ctx->evp_ctx_buffer;
+  /* This should never fail.  */
+  int result = EVP_DigestFinal_ex (evp_ctx, resbuf, NULL);
+  if (result == 0)
+    abort ();
   return resbuf;
 }
 
@@ -373,7 +373,8 @@ DEFINE_SHA3_BUFFER (512)
 void
 sha3_process_bytes (const void *buffer, size_t len, struct sha3_ctx *ctx)
 {
-  int result = EVP_DigestUpdate (ctx->evp_ctx, buffer, len);
+  EVP_MD_CTX *evp_ctx = (EVP_MD_CTX *) ctx->evp_ctx_buffer;
+  int result = EVP_DigestUpdate (evp_ctx, buffer, len);
   if (result == 0)
     abort ();
 }

diff --git a/lib/sha3.h b/lib/sha3.h
index 7de1216fdae804b0ba615d012be7d9a0bfa7a1d2..adce43eac72ea119a1770ee7c25f47f5f8e551ef 100644 (file)
--- a/lib/sha3.h
+++ b/lib/sha3.h
@@ -19,6 +19,7 @@
 #ifndef SHA3_H
 # define SHA3_H 1
 
+# include <stddef.h>
 # include <stdio.h>
 # include <stdint.h>
 
@@ -50,9 +51,9 @@ enum { SHA3_512_BLOCK_SIZE = 576 / 8 };
 struct sha3_ctx
 {
 # if HAVE_OPENSSL_SHA3
-  /* This is an incomplete type, so we can only place a pointer in the
-     struct.  */
-  EVP_MD_CTX *evp_ctx;
+  /* EVP_MD_CTX is an incomplete type.  EVP_MD_CTX_create allocates 72 bytes of
+     memory as of 2025-09-02.  */
+  max_align_t evp_ctx_buffer[256 / sizeof (max_align_t)];
 # else
   u64 state[25];
   uint8_t buffer[144]; /* Up to BLOCKLEN in use.  */

diff --git a/modules/crypto/sha3-buffer b/modules/crypto/sha3-buffer
index 83b3a090fff026c94035e49e182345b8878f35b6..e0e654e56377000e57e7d7211f40a7a6ac6d8aeb 100644 (file)
--- a/modules/crypto/sha3-buffer
+++ b/modules/crypto/sha3-buffer
@@ -10,6 +10,7 @@ m4/sha3.m4
 Depends-on:
 byteswap
 c99
+stddef-h
 stdint-h
 u64