diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 36942db88..7d673bc91 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -145,9 +145,9 @@ int mbedtls_sha3_update( mbedtls_sha3_context *ctx, * and have a hash operation started. * \param output The SHA-3 checksum result. * This must be a writable buffer of length \c olen bytes. - * \param olen Defines a variable output length (in bytes). \c output must be - * \c olen bytes length. For SHA-3 224, SHA-3 256, SHA-3 384 and - * SHA-3 512 must equal to 28, 32, 48 and 64, respectively. + * \param olen Defines the length of output buffer (in bytes). For SHA-3 224, SHA-3 256, + * SHA-3 384 and SHA-3 512 \c olen must equal to 28, 32, 48 and 64, + * respectively. * * \return \c 0 on success. * \return A negative error code on failure. @@ -171,8 +171,9 @@ int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, * \param ilen The length of the input data in Bytes. * \param output The SHA-3 checksum result. * This must be a writable buffer of length \c olen bytes. - * \param olen Determines the length (in bytes) of the output. \c output - * must be \c olen bytes length. + * \param olen Defines the length of output buffer (in bytes). For SHA-3 224, SHA-3 256, + * SHA-3 384 and SHA-3 512 \c olen must equal to 28, 32, 48 and 64, + * respectively. * * \return \c 0 on success. * \return A negative error code on failure. diff --git a/library/sha3.c b/library/sha3.c index f5af2b7b8..9aadf9df7 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -244,8 +244,13 @@ int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, if( ctx == NULL || output == NULL ) return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); - if( ctx->olen > 0 && ctx->olen != olen ) - return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + /* Catch SHA-3 families, with fixed output length */ + if( ctx->olen > 0 ) + { + if ( ctx->olen > olen ) + return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + olen = ctx->olen; + } ABSORB( ctx, ctx->index, ctx->xor_byte ); ABSORB( ctx, ctx->max_block_size - 1, 0x80 );