isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

In SHA256Pad and SHA512Pad use 511 and 1023 respectively for bitwise AND.

Browse Source 
Previously we were using 504 and 1016 which still produces the
correct result since padding is done in 8-bit bytes.  However, using
size-1 for the bitwise AND makes the intent clearer and likely would
have prevented the previous bug in SHA512Pad.
From Matthieu Barjole and Victor Cutillas of Synacktiv (https://synacktiv.com)
This commit is contained in:
Todd C. Miller
2023-01-09 14:37:47 -07:00
parent 3878ce8d49
commit 0b2f9cbe7c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/util/sha2.c
View File

@@ -276,7 +276,7 @@ SHA256Pad(SHA2_CTX *ctx)
SHA256Update(ctx, (uint8_t *)"\200", 1);
/* Pad message such that the resulting length modulo 512 is 448. */
while ((ctx->count[0] & 504) != 448)
while ((ctx->count[0] & 511) != 448)
SHA256Update(ctx, (uint8_t *)"\0", 1);
/* Append length of message in bits and do final SHA256Transform(). */
@@ -490,7 +490,7 @@ SHA512Pad(SHA2_CTX *ctx)
SHA512Update(ctx, (uint8_t *)"\200", 1);
/* Pad message such that the resulting length modulo 1024 is 896. */
while ((ctx->count[0] & 1016) != 896)
while ((ctx->count[0] & 1023) != 896)
SHA512Update(ctx, (uint8_t *)"\0", 1);
/* Append length of message in bits and do final SHA512Transform(). */