keccak: some paranoid "can't happen" checks

2017-11-07 11:56:36 +00:00 · 2017-11-07 11:56:36 +00:00 · 4877aca2b6
parent 3dd31d33fa
commit 4877aca2b6
1 changed files with 14 additions and 0 deletions
--- a/src/crypto/keccak.c
+++ b/src/crypto/keccak.c
@ -2,6 +2,8 @@
 // 19-Nov-11  Markku-Juhani O. Saarinen <mjos@iki.fi>
 // A baseline Keccak (3rd round) implementation.

+#include <stdio.h>
+#include <stdlib.h>
 #include "hash-ops.h"
 #include "keccak.h"

@ -79,6 +81,12 @@ int keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
    uint8_t temp[144];
    size_t i, rsiz, rsizw;

+    if (mdlen <= 0 || mdlen > 200 || sizeof(st) != 200)
+    {
+      fprintf(stderr, "Bad keccak use");
+      abort();
+    }
+
    rsiz = sizeof(state_t) == mdlen ? HASH_DATA_AREA : 200 - 2 * mdlen;
    rsizw = rsiz / 8;
    
@ -91,6 +99,12 @@ int keccak(const uint8_t *in, size_t inlen, uint8_t *md, int mdlen)
    }
    
    // last block and padding
+    if (inlen >= sizeof(temp) || inlen > rsiz || rsiz - inlen + inlen + 1 >= sizeof(temp) || rsiz == 0 || rsiz - 1 >= sizeof(temp) || rsizw * 8 > sizeof(temp))
+    {
+      fprintf(stderr, "Bad keccak use");
+      abort();
+    }
+
    memcpy(temp, in, inlen);
    temp[inlen++] = 1;
    memset(temp + inlen, 0, rsiz - inlen);