status-im
/
secp256k1
mirror of https://github.com/status-im/secp256k1.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Change SHA256 byte counter from size_t to uint64_t 

This avoids that the SHA256 implementation would produce wrong paddings
and thus wrong digests for messages of length >= 2^32 bytes on 32-bit
platforms.

This is not exploitable in any way since the SHA256 API is an internal
API and we never call it with that long messages.
This commit is contained in:
Tim Ruffing 2020-03-31 13:40:37 +02:00
parent ac83be33d0
commit eb28464a8b
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/hash.h
View File

@ -13,7 +13,7 @@
typedef struct {
uint32_t s[8];
uint32_t buf[16]; /* In big endian */
size_t bytes;
uint64_t bytes;
} secp256k1_sha256;
static void secp256k1_sha256_initialize(secp256k1_sha256 *hash);

2
src/hash_impl.h
View File

@ -153,6 +153,8 @@ static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out
uint32_t sizedesc[2];
uint32_t out[8];
int i = 0;
/* The maximum message size of SHA256 is 2^64-1 bits. */
VERIFY_CHECK(hash->bytes < ((uint64_t)1 << 61));
sizedesc[0] = BE32(hash->bytes >> 29);
sizedesc[1] = BE32(hash->bytes << 3);
secp256k1_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64));