Disallow XOF algorithms for gcry_md_hash_bufferssanitizer-fixes

* cipher/md.c (_gcry_md_hash_buffer): Skip calculation for XOFs.
(_gcry_md_hash_buffers): Fail when XOFs are selected.
* doc/gcrypt.texi: Explicitly document above behavior for XOFs.
* tests/benchmark.c: Skip benchmarking hash functions without a fixed
output length.
--

Caught by UndefinedBehaviorSanitizer while running tests/benchmarks
where gcry_md_hash_buffer(GCRY_MD_SHAKE128) would result in
memcpy(digest, NULL, 0).

Signed-off-by: Peter Wu <peter@lekensteyn.nl>

1 files changed, 5 insertions, 0 deletions

diff --git a/cipher/md.c b/cipher/md.c
index 0414dcb0..d1d08123 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -948,6 +948,8 @@ _gcry_md_hash_buffer (int algo, void *digest,
     _gcry_sha1_hash_buffer (digest, buffer, length);
   else if (algo == GCRY_MD_RMD160 && !fips_mode () )
     _gcry_rmd160_hash_buffer (digest, buffer, length);
+  else if (md_digest_length (algo) == 0)
+    ; /* Nothing to do for hashes without a fixed output length. */
   else
     {
       /* For the others we do not have a fast function, so we use the
@@ -1007,6 +1009,9 @@ _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest,
   if (hmac && iovcnt < 1)
     return GPG_ERR_INV_ARG;
 
+  if (md_digest_length (algo) == 0)
+    return GPG_ERR_INV_ARG;
+
   if (algo == GCRY_MD_SHA1 && !hmac)
     _gcry_sha1_hash_buffers (digest, iov, iovcnt);
   else