From 50bbf7a93efba8cdbac043586d793a869d8ef88c Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 16 Apr 2023 15:32:16 +0000
Subject: Bounds check mdlen that is passed to sha3_init().

While here, use KECCAK_BYTE_WIDTH instead of hardcoding the value.
---
 src/lib/libcrypto/sha/sha3.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/sha/sha3.c b/src/lib/libcrypto/sha/sha3.c
index d406241f8a..b070d715ca 100644
--- a/src/lib/libcrypto/sha/sha3.c
+++ b/src/lib/libcrypto/sha/sha3.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sha3.c,v 1.14 2023/04/15 20:00:24 jsing Exp $	*/
+/*	$OpenBSD: sha3.c,v 1.15 2023/04/16 15:32:16 jsing Exp $	*/
 /*
  * The MIT License (MIT)
  *
@@ -121,10 +121,13 @@ sha3_keccakf(uint64_t st[25])
 int
 sha3_init(sha3_ctx *c, int mdlen)
 {
+	if (mdlen < 0 || mdlen >= KECCAK_BYTE_WIDTH / 2)
+		return 0;
+
 	memset(c, 0, sizeof(*c));
 
 	c->mdlen = mdlen;
-	c->rsize = 200 - 2 * mdlen;
+	c->rsize = KECCAK_BYTE_WIDTH - 2 * mdlen;
 
 	return 1;
 }
-- 
cgit v1.2.3-55-g6feb