diff options
author | MÃ¥rten Nordheim <marten.nordheim@qt.io> | 2023-03-08 11:10:49 +0100 |
---|---|---|
committer | Marc Mutz <marc.mutz@qt.io> | 2023-03-10 14:39:37 +0000 |
commit | fa4b7495b741c3e7943860c5ff15212afceda710 (patch) | |
tree | 0ccf1097ab03488c29e80e0563cb259a9dafa948 /src/3rdparty/sha3/KeccakSponge.c | |
parent | 4f02973e2f447dfc92234ec247d7157ea0e1e807 (diff) |
Fix overflow in SHA-3/Keccak
state->rate is always larger than or equal to state->bitsInQueue;
when bitsInQueue == rate the queue is consumed and bitsInQueue is set to
0 again.
Done-with: Marc Mutz <marc.mutz@qt.io>
Pick-to: 6.5.0 6.5 6.4.3 6.4 6.2 5.15
Change-Id: I56d268a19fb3cd542cc027edc962253f09d97a14
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Diffstat (limited to 'src/3rdparty/sha3/KeccakSponge.c')
-rw-r--r-- | src/3rdparty/sha3/KeccakSponge.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/3rdparty/sha3/KeccakSponge.c b/src/3rdparty/sha3/KeccakSponge.c index 6f3da95dbb..337c10ccaf 100644 --- a/src/3rdparty/sha3/KeccakSponge.c +++ b/src/3rdparty/sha3/KeccakSponge.c @@ -170,9 +170,10 @@ static int Absorb(spongeState *state, const unsigned char *data, unsigned long l i += wholeBlocks*state->rate; } else { - partialBlock = (unsigned int)(databitlen - i); - if (partialBlock+state->bitsInQueue > state->rate) + if (databitlen-i > state->rate - state->bitsInQueue) partialBlock = state->rate-state->bitsInQueue; + else + partialBlock = (unsigned int)(databitlen - i); partialByte = partialBlock % 8; partialBlock -= partialByte; memcpy(state->dataQueue+state->bitsInQueue/8, data+i/8, partialBlock/8); |