From aae7803dbcc61e039a0f8f11e61b169dc1010ae5 Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 16 Apr 2023 15:32:16 +0000 Subject: [PATCH] Bounds check mdlen that is passed to sha3_init(). While here, use KECCAK_BYTE_WIDTH instead of hardcoding the value. --- lib/libcrypto/sha/sha3.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/sha/sha3.c b/lib/libcrypto/sha/sha3.c index d406241f8a2..b070d715ca4 100644 --- a/lib/libcrypto/sha/sha3.c +++ b/lib/libcrypto/sha/sha3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha3.c,v 1.14 2023/04/15 20:00:24 jsing Exp $ */ +/* $OpenBSD: sha3.c,v 1.15 2023/04/16 15:32:16 jsing Exp $ */ /* * The MIT License (MIT) * @@ -121,10 +121,13 @@ sha3_keccakf(uint64_t st[25]) int sha3_init(sha3_ctx *c, int mdlen) { + if (mdlen < 0 || mdlen >= KECCAK_BYTE_WIDTH / 2) + return 0; + memset(c, 0, sizeof(*c)); c->mdlen = mdlen; - c->rsize = 200 - 2 * mdlen; + c->rsize = KECCAK_BYTE_WIDTH - 2 * mdlen; return 1; } -- 2.20.1