Return -1 if crypto_generichash_final() is called twice

This commit is contained in:
Frank Denis 2016-04-06 00:57:46 +02:00
parent df91dd1dd4
commit 1818267d64
2 changed files with 16 additions and 2 deletions

View File

@ -54,6 +54,11 @@ static inline int blake2b_clear_lastnode( blake2b_state *S )
} }
#endif #endif
static inline int blake2b_is_lastblock( const blake2b_state *S )
{
return S->f[0] != 0;
}
static inline int blake2b_set_lastblock( blake2b_state *S ) static inline int blake2b_set_lastblock( blake2b_state *S )
{ {
if( S->last_node ) blake2b_set_lastnode( S ); if( S->last_node ) blake2b_set_lastnode( S );
@ -327,6 +332,9 @@ int blake2b_final( blake2b_state *S, uint8_t *out, uint8_t outlen )
if( !outlen || outlen > BLAKE2B_OUTBYTES ) { if( !outlen || outlen > BLAKE2B_OUTBYTES ) {
abort(); /* LCOV_EXCL_LINE */ abort(); /* LCOV_EXCL_LINE */
} }
if( blake2b_is_lastblock( S ) ) {
return -1;
}
if( S->buflen > BLAKE2B_BLOCKBYTES ) if( S->buflen > BLAKE2B_BLOCKBYTES )
{ {
blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES ); blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );

View File

@ -26,12 +26,18 @@ main(void)
crypto_generichash_update(&st, in, i); crypto_generichash_update(&st, in, i);
crypto_generichash_update(&st, in, i); crypto_generichash_update(&st, in, i);
crypto_generichash_update(&st, in, i); crypto_generichash_update(&st, in, i);
crypto_generichash_final(&st, out, if (crypto_generichash_final(&st, out,
1 + i % crypto_generichash_BYTES_MAX); 1 + i % crypto_generichash_BYTES_MAX) != 0) {
printf("crypto_generichash_final() should have returned 0\n");
}
for (j = 0; j < 1 + i % crypto_generichash_BYTES_MAX; ++j) { for (j = 0; j < 1 + i % crypto_generichash_BYTES_MAX; ++j) {
printf("%02x", (unsigned int)out[j]); printf("%02x", (unsigned int)out[j]);
} }
printf("\n"); printf("\n");
if (crypto_generichash_final(&st, out,
1 + i % crypto_generichash_BYTES_MAX) != -1) {
printf("crypto_generichash_final() should have returned -1\n");
}
} }
assert(crypto_generichash_init(&st, k, sizeof k, 0U) == -1); assert(crypto_generichash_init(&st, k, sizeof k, 0U) == -1);