diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-11-21 13:00:56 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-11-21 13:00:56 +0700 |
| commit | 6c908ec88bc7d10c01ef73180f4c6fa7d3581c34 (patch) | |
| tree | 21af81f2a7c47138264abbd37c8fd183be2304ff | |
| parent | Ed448: Reject small order public keys (diff) | |
| download | BouncyCastle.NET-ed25519-6c908ec88bc7d10c01ef73180f4c6fa7d3581c34.tar.xz | |
Output buffer guards in Blake digests
| -rw-r--r-- | crypto/src/crypto/digests/Blake2bDigest.cs | 4 | ||||
| -rw-r--r-- | crypto/src/crypto/digests/Blake2sDigest.cs | 4 | ||||
| -rw-r--r-- | crypto/src/crypto/digests/Blake2xsDigest.cs | 4 | ||||
| -rw-r--r-- | crypto/src/crypto/digests/Blake3Digest.cs | 28 |
4 files changed, 17 insertions, 23 deletions
diff --git a/crypto/src/crypto/digests/Blake2bDigest.cs b/crypto/src/crypto/digests/Blake2bDigest.cs index 953ac0062..b880bc568 100644 --- a/crypto/src/crypto/digests/Blake2bDigest.cs +++ b/crypto/src/crypto/digests/Blake2bDigest.cs @@ -431,6 +431,8 @@ namespace Org.BouncyCastle.Crypto.Digests */ public int DoFinal(byte[] output, int outOffset) { + Check.OutputLength(output, outOffset, digestLength, "output buffer too short"); + #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER return DoFinal(output.AsSpan(outOffset)); #else @@ -464,6 +466,8 @@ namespace Org.BouncyCastle.Crypto.Digests #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER public int DoFinal(Span<byte> output) { + Check.OutputLength(output, digestLength, "output buffer too short"); + f0 = 0xFFFFFFFFFFFFFFFFUL; t0 += (ulong)bufferPos; if (bufferPos > 0 && t0 == 0) diff --git a/crypto/src/crypto/digests/Blake2sDigest.cs b/crypto/src/crypto/digests/Blake2sDigest.cs index a6ee75af5..591095fbf 100644 --- a/crypto/src/crypto/digests/Blake2sDigest.cs +++ b/crypto/src/crypto/digests/Blake2sDigest.cs @@ -467,6 +467,8 @@ namespace Org.BouncyCastle.Crypto.Digests */ public int DoFinal(byte[] output, int outOffset) { + Check.OutputLength(output, outOffset, digestLength, "output buffer too short"); + #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER return DoFinal(output.AsSpan(outOffset)); #else @@ -502,6 +504,8 @@ namespace Org.BouncyCastle.Crypto.Digests #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER public int DoFinal(Span<byte> output) { + Check.OutputLength(output, digestLength, "output buffer too short"); + f0 = 0xFFFFFFFFU; t0 += (uint)bufferPos; // bufferPos may be < 64, so (t0 == 0) does not work diff --git a/crypto/src/crypto/digests/Blake2xsDigest.cs b/crypto/src/crypto/digests/Blake2xsDigest.cs index ac7e8f611..05323d14a 100644 --- a/crypto/src/crypto/digests/Blake2xsDigest.cs +++ b/crypto/src/crypto/digests/Blake2xsDigest.cs @@ -254,6 +254,8 @@ namespace Org.BouncyCastle.Crypto.Digests */ public int Output(byte[] output, int outOff, int outLen) { + Check.OutputLength(output, outOff, outLen, "output buffer too short"); + #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER return Output(output.AsSpan(outOff, outLen)); #else @@ -298,6 +300,8 @@ namespace Org.BouncyCastle.Crypto.Digests #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER public int DoFinal(Span<byte> output) { + Check.OutputLength(output, digestLength, "output buffer too short"); + return OutputFinal(output[..digestLength]); } diff --git a/crypto/src/crypto/digests/Blake3Digest.cs b/crypto/src/crypto/digests/Blake3Digest.cs index 720af805d..fa6bb4538 100644 --- a/crypto/src/crypto/digests/Blake3Digest.cs +++ b/crypto/src/crypto/digests/Blake3Digest.cs @@ -465,33 +465,20 @@ namespace Org.BouncyCastle.Crypto.Digests public int DoFinal(byte[] pOutput, int pOutOffset) { -#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - return OutputFinal(pOutput.AsSpan(pOutOffset, GetDigestSize())); -#else return OutputFinal(pOutput, pOutOffset, GetDigestSize()); -#endif } public int OutputFinal(byte[] pOut, int pOutOffset, int pOutLen) { -#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER - return OutputFinal(pOut.AsSpan(pOutOffset, pOutLen)); -#else - /* Reject if we are already outputting */ - if (m_outputting) - throw new InvalidOperationException(ERR_OUTPUTTING); - - /* Build the required output */ int length = Output(pOut, pOutOffset, pOutLen); - - /* reset the underlying digest and return the length */ Reset(); return length; -#endif } public int Output(byte[] pOut, int pOutOffset, int pOutLen) { + Check.OutputLength(pOut, pOutOffset, pOutLen, "output buffer too short"); + #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER return Output(pOut.AsSpan(pOutOffset, pOutLen)); #else @@ -548,19 +535,14 @@ namespace Org.BouncyCastle.Crypto.Digests #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER public int DoFinal(Span<byte> output) { - return OutputFinal(output[..GetDigestSize()]); + int digestSize = GetDigestSize(); + Check.OutputLength(output, digestSize, "output buffer too short"); + return OutputFinal(output[..digestSize]); } public int OutputFinal(Span<byte> output) { - /* Reject if we are already outputting */ - if (m_outputting) - throw new InvalidOperationException(ERR_OUTPUTTING); - - /* Build the required output */ int length = Output(output); - - /* reset the underlying digest and return the length */ Reset(); return length; } |