From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 21 Apr 2022 15:07:40 +0000 (+0200)
Subject: siphash: Fail finalization on uninitialized siphash context
X-Git-Tag: openssl-3.2.0-alpha1~2737
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=650b142c2e4c1d57868bdbbe1f7f4549ee77f8eb;p=thirdparty%2Fopenssl.git

siphash: Fail finalization on uninitialized siphash context

Fixes #18140

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18142)
---

diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c
index 7584255709d..bb4c3925af9 100644
--- a/crypto/siphash/siphash.c
+++ b/crypto/siphash/siphash.c
@@ -204,7 +204,7 @@ int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen)
     uint64_t v2 = ctx->v2;
     uint64_t v3 = ctx->v3;
 
-    if (outlen != (size_t)ctx->hash_size)
+    if (ctx->crounds == 0 || outlen == 0 || outlen != (size_t)ctx->hash_size)
         return 0;
 
     switch (ctx->len) {