Commit 6087d4a6 authored by Patrick Steuer's avatar Patrick Steuer
Browse files

Directly return from final sha3/keccak_final if no bytes are requested 



Requesting zero bytes from shake previously led to out-of-bounds write
on some platforms.

Signed-off-by: default avatarPatrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9433)

(cherry picked from commit a890ef833d114da3430c2f2efd95e01714704d34)
parent ec9cbe21

crypto/evp/m_sha3.c

+3 −0
Original line number Diff line number Diff line
@@ -108,6 +108,9 @@ static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md) 
    size_t bsz = ctx->block_size;

    size_t num = ctx->num;



    if (ctx->md_size == 0)

        return 1;



    /*

     * Pad the data with 10*1. Note that |num| can be |bsz - 1|

     * in which case both byte operations below are performed on