Return -1 if crypto_generichash_final() is called twice

2016-04-06 00:57:46 +02:00 · 2016-04-06 00:57:46 +02:00 · 1818267d64
commit 1818267d64
parent df91dd1dd4
2 changed files with 16 additions and 2 deletions
--- a/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c
+++ b/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c
@ -54,6 +54,11 @@ static inline int blake2b_clear_lastnode( blake2b_state *S )
 }
 #endif

+static inline int blake2b_is_lastblock( const blake2b_state *S )
+{
+  return S->f[0] != 0;
+}
+
 static inline int blake2b_set_lastblock( blake2b_state *S )
 {
  if( S->last_node ) blake2b_set_lastnode( S );
@ -327,6 +332,9 @@ int blake2b_final( blake2b_state *S, uint8_t *out, uint8_t outlen )
  if( !outlen || outlen > BLAKE2B_OUTBYTES ) {
    abort(); /* LCOV_EXCL_LINE */
  }
+  if( blake2b_is_lastblock( S ) ) {
+    return -1;
+  }
  if( S->buflen > BLAKE2B_BLOCKBYTES )
  {
    blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
--- a/test/default/generichash2.c
+++ b/test/default/generichash2.c
@ -26,12 +26,18 @@ main(void)
        crypto_generichash_update(&st, in, i);
        crypto_generichash_update(&st, in, i);
        crypto_generichash_update(&st, in, i);
-        crypto_generichash_final(&st, out,
-                                 1 + i % crypto_generichash_BYTES_MAX);
+        if (crypto_generichash_final(&st, out,
+                                     1 + i % crypto_generichash_BYTES_MAX) != 0) {
+            printf("crypto_generichash_final() should have returned 0\n");
+        }
        for (j = 0; j < 1 + i % crypto_generichash_BYTES_MAX; ++j) {
            printf("%02x", (unsigned int)out[j]);
        }
        printf("\n");
+        if (crypto_generichash_final(&st, out,
+                                     1 + i % crypto_generichash_BYTES_MAX) != -1) {
+            printf("crypto_generichash_final() should have returned -1\n");
+        }
    }

    assert(crypto_generichash_init(&st, k, sizeof k, 0U) == -1);