sha3: fix SHA-3 on s390x when using KIMD instruction

An illegal instruction would occur due to a bug in the way input slices were rounded down in size to a multiple of the rate for a given hash type. This would only occur when the Write function was called with more than ~3KiB of data and the length of the data was not a multiple of the rate. Fixes golang/go#36459. Change-Id: I621ef8d75602bcd59bb44491e17f721050001e6d Reviewed-on: https://go-review.googlesource.com/c/crypto/+/213857 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Michael Munday <mike.munday@ibm.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
2020-01-08 21:34:17 +00:00 · 2020-01-08 21:34:17 +00:00 · 5d647ca157
--- a/sha3/sha3_s390x.go
+++ b/sha3/sha3_s390x.go
@ -112,7 +112,7 @@ func (s *asmState) Write(b []byte) (int, error) {
 		if len(s.buf) == 0 && len(b) >= cap(s.buf) {
 			// Hash the data directly and push any remaining bytes
 			// into the buffer.
-			remainder := len(s.buf) % s.rate
+			remainder := len(b) % s.rate
 			kimd(s.function, &s.a, b[:len(b)-remainder])
 			if remainder != 0 {
 				s.copyIntoBuf(b[len(b)-remainder:])