Fix ZUC out-of-bounds read

CMakeLists.txt

@@ -777,7 +777,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1039")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1042")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)

include/gmssl/version.h

@@ -19,7 +19,7 @@ extern "C" {
 
 // Also update CPACK_PACKAGE_VERSION in CMakeLists.txt
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1039"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1042"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);

include/gmssl/zuc.h

@@ -92,9 +92,10 @@ typedef struct ZUC256_MAC_CTX_st {
 } ZUC256_MAC_CTX;
 
 void zuc256_mac_init(ZUC256_MAC_CTX *ctx, const uint8_t key[ZUC256_KEY_SIZE],
-	const uint8_t iv[ZUC256_IV_SIZE], int macbits);
+	const uint8_t iv[ZUC256_IV_SIZE], int macbits); // macbits should be 32, 64, or 128
 void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len);
-void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]);
+void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits,
+	uint8_t *mac); // mac size should be 4, 8 or 16
 
 
 typedef struct {

src/zuc.c

@@ -325,11 +325,11 @@ void zuc_encrypt(ZUC_STATE *state, const uint8_t *in, size_t inlen, uint8_t *out
 		}
 		LFSR[15] = V;
 
+		// output ciphertext
+		if (inlen >= 4) {
 			// xor with plaintext
 			Z ^= GETU32(in);
 
-		// output ciphertext
-		if (inlen >= 4) {
 			PUTU32(out, Z);
 			inlen -= 4;
 			in += 4;
@@ -338,6 +338,11 @@ void zuc_encrypt(ZUC_STATE *state, const uint8_t *in, size_t inlen, uint8_t *out
 			uint8_t word[4];
 			size_t i;
 
+			memcpy(word, in, inlen);
+
+			// xor with plaintext
+			Z ^= GETU32(word);
+
 			PUTU32(word, Z);
 			for (i = 0; i < inlen; i++) {
 				out[i] = word[i];