diff --git a/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c b/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c index 676bc330..924c90af 100644 --- a/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c +++ b/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c @@ -54,6 +54,11 @@ static inline int blake2b_clear_lastnode( blake2b_state *S ) } #endif +static inline int blake2b_is_lastblock( const blake2b_state *S ) +{ + return S->f[0] != 0; +} + static inline int blake2b_set_lastblock( blake2b_state *S ) { if( S->last_node ) blake2b_set_lastnode( S ); @@ -327,6 +332,9 @@ int blake2b_final( blake2b_state *S, uint8_t *out, uint8_t outlen ) if( !outlen || outlen > BLAKE2B_OUTBYTES ) { abort(); /* LCOV_EXCL_LINE */ } + if( blake2b_is_lastblock( S ) ) { + return -1; + } if( S->buflen > BLAKE2B_BLOCKBYTES ) { blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES ); diff --git a/test/default/generichash2.c b/test/default/generichash2.c index 6447d7e0..c0048828 100644 --- a/test/default/generichash2.c +++ b/test/default/generichash2.c @@ -26,12 +26,18 @@ main(void) crypto_generichash_update(&st, in, i); crypto_generichash_update(&st, in, i); crypto_generichash_update(&st, in, i); - crypto_generichash_final(&st, out, - 1 + i % crypto_generichash_BYTES_MAX); + if (crypto_generichash_final(&st, out, + 1 + i % crypto_generichash_BYTES_MAX) != 0) { + printf("crypto_generichash_final() should have returned 0\n"); + } for (j = 0; j < 1 + i % crypto_generichash_BYTES_MAX; ++j) { printf("%02x", (unsigned int)out[j]); } printf("\n"); + if (crypto_generichash_final(&st, out, + 1 + i % crypto_generichash_BYTES_MAX) != -1) { + printf("crypto_generichash_final() should have returned -1\n"); + } } assert(crypto_generichash_init(&st, k, sizeof k, 0U) == -1);