From 4ad92493646f11a9e689e2bb6f4231e04a15e001 Mon Sep 17 00:00:00 2001
From: sanketh <me@snkth.com>
Date: Mon, 2 Sep 2024 14:48:08 -0400
Subject: [PATCH] do not silently reinit after squeeze

---
 openssl/src/hash.rs | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs
index 6053658ea..c74b594d3 100644
--- a/openssl/src/hash.rs
+++ b/openssl/src/hash.rs
@@ -281,8 +281,6 @@ impl Hasher {
     /// Feeds data into the hasher.
     pub fn update(&mut self, data: &[u8]) -> Result<(), ErrorStack> {
         match self.state {
-            #[cfg(ossl330)]
-            Squeeze => self.init()?,
             Finalized => self.init()?,
             _ => {}
         }
@@ -301,9 +299,6 @@ impl Hasher {
     /// The output will be as long as the buf.
     #[cfg(ossl330)]
     pub fn squeeze_xof(&mut self, buf: &mut [u8]) -> Result<(), ErrorStack> {
-        if self.state == Finalized {
-            self.init()?;
-        }
         unsafe {
             cvt(ffi::EVP_DigestSqueeze(
                 self.ctx,
@@ -318,8 +313,6 @@ impl Hasher {
     /// Returns the hash of the data written and resets the non-XOF hasher.
     pub fn finish(&mut self) -> Result<DigestBytes, ErrorStack> {
         match self.state {
-            #[cfg(ossl330)]
-            Squeeze => self.init()?,
             Finalized => self.init()?,
             _ => {}
         }
@@ -347,8 +340,6 @@ impl Hasher {
     #[cfg(ossl111)]
     pub fn finish_xof(&mut self, buf: &mut [u8]) -> Result<(), ErrorStack> {
         match self.state {
-            #[cfg(ossl330)]
-            Squeeze => self.init()?,
             Finalized => self.init()?,
             _ => {}
         }
@@ -595,9 +586,7 @@ mod tests {
         let mut h = Hasher::new(digest).unwrap();
         let mut buf = vec![0; digest.size()];
         h.finish_xof(&mut buf).unwrap();
-        h.squeeze_xof(&mut buf).unwrap();
-        let null = hash(digest, &[]).unwrap();
-        assert_eq!(&*buf, &*null);
+        h.squeeze_xof(&mut buf).expect_err("squeezing after finalize should fail");
     }
 
     #[cfg(ossl330)]
@@ -608,10 +597,18 @@ mod tests {
         let mut h = Hasher::new(digest).unwrap();
         let mut buf = vec![0; digest.size()];
         h.squeeze_xof(&mut buf).unwrap();
-        h.update(&data).unwrap();
+        h.update(&data).expect_err("updating after squeeze should fail");
+    }
+
+    #[cfg(ossl330)]
+    #[test]
+    fn test_squeeze_then_finalize() {
+        let digest = MessageDigest::shake_128();
+        let data = Vec::from_hex(MD5_TESTS[6].0).unwrap();
+        let mut h = Hasher::new(digest).unwrap();
+        let mut buf = vec![0; digest.size()];
         h.squeeze_xof(&mut buf).unwrap();
-        let null = hash(digest, &data).unwrap();
-        assert_eq!(&*buf, &*null);
+        h.finish_xof(&mut buf).expect_err("finalize after squeeze should fail");
     }
 
     #[test]