sha3: fix SHA-3 on s390x when using KIMD instruction An illegal instruction would occur due to a bug in the way input slices were rounded down in size to a multiple of the rate for a given hash type. This would only occur when the Write function was called with more than ~3KiB of data and the length of the data was not a multiple of the rate. Fixes golang/go#36459. Change-Id: I621ef8d75602bcd59bb44491e17f721050001e6d Reviewed-on: https://go-review.googlesource.com/c/crypto/+/213857 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Michael Munday <mike.munday@ibm.com> TryBot-Result: Gobot Gobot <gobot@golang.org>

commit: 5d647ca1575777a812e903a7e98177174d8c295a [log] [tgz]
author: Michael Munday <mike.munday@ibm.com> Wed Jan 08 21:34:17 2020 +0000
committer: Michael Munday <mike.munday@ibm.com> Wed Jan 08 21:55:11 2020 +0000
tree: a25d8e0957c2e491b714a4c12741bca2c7bdf39a
parent: 53104e6ec876ad4e22ad27cce588b01392043c1b [diff]
diff --git a/sha3/sha3_s390x.go b/sha3/sha3_s390x.go
index c13ec85..259ff4d 100644
--- a/sha3/sha3_s390x.go
+++ b/sha3/sha3_s390x.go

@@ -112,7 +112,7 @@
 		if len(s.buf) == 0 && len(b) >= cap(s.buf) {
 			// Hash the data directly and push any remaining bytes
 			// into the buffer.
-			remainder := len(s.buf) % s.rate
+			remainder := len(b) % s.rate
 			kimd(s.function, &s.a, b[:len(b)-remainder])
 			if remainder != 0 {
 				s.copyIntoBuf(b[len(b)-remainder:])
commit	5d647ca1575777a812e903a7e98177174d8c295a	[log] [tgz]
author	Michael Munday <mike.munday@ibm.com>	Wed Jan 08 21:34:17 2020 +0000
committer	Michael Munday <mike.munday@ibm.com>	Wed Jan 08 21:55:11 2020 +0000
tree	a25d8e0957c2e491b714a4c12741bca2c7bdf39a
parent	53104e6ec876ad4e22ad27cce588b01392043c1b [diff]