diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2012-05-18 13:10:42 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2012-05-18 13:11:59 -0700 |
commit | 0403c76938c7f487d303818cd19a72a1b63eb94f (patch) | |
tree | b77915d4432e5d29350f26e6d09be90a98c4fd8c /lib/sha256.c | |
parent | a7cb62bfec02bbcd5d200eeb1ce1f8a4fde631b8 (diff) | |
download | gnulib-0403c76938c7f487d303818cd19a72a1b63eb94f.tar.gz |
crypto: fix bug in large buffer handling
Problem reported by Serge Belyshev for glibc in
<http://sourceware.org/bugzilla/show_bug.cgi?id=14090> and for gnulib in
<http://lists.gnu.org/archive/html/bug-gnulib/2012-05/msg00226.html>.
* lib/md4.c (md4_process_block):
* lib/md5.c (md5_process_block):
* lib/sha1.c (sha1_process_block):
* lib/sha256.c (sha256_process_block):
Don't assume the buffer length is less than 2**32.
Diffstat (limited to 'lib/sha256.c')
-rw-r--r-- | lib/sha256.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/sha256.c b/lib/sha256.c index c1482d3c66..a8d29da18d 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -454,13 +454,13 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) uint32_t f = ctx->state[5]; uint32_t g = ctx->state[6]; uint32_t h = ctx->state[7]; + uint32_t lolen = len; /* First increment the byte count. FIPS PUB 180-2 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); #define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) #define S0(x) (rol(x,25)^rol(x,14)^(x>>3)) |