Fix bug #73127

gost-crypto hash was incorrect if input data contained long 0xFF sequence, due to a carry-propagation bug.
author: Grundik <grundik@ololo.cc> 2017-02-18 05:53:13 +0300
committer: Nikita Popov <nikita.ppv@gmail.com> 2017-02-24 23:20:49 +0100
commit: eac8166bd468a3c7c00b5163f6f86804911b660d (patch)
tree: 58a3ce6ca89bdb3bd5bee78b5a803f1704a6efdf /ext/hash/hash_gost.c
parent: 9450e23b3288100c07f2990cd0bce962ca56461b (diff)
download: php-git-eac8166bd468a3c7c00b5163f6f86804911b660d.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/ext/hash/hash_gost.c b/ext/hash/hash_gost.c
index ed8ca15653..c17133786c 100644
--- a/ext/hash/hash_gost.c
+++ b/ext/hash/hash_gost.c
@@ -227,14 +227,13 @@ static inline void Gost(PHP_GOST_CTX *context, php_hash_uint32 data[8])
 static inline void GostTransform(PHP_GOST_CTX *context, const unsigned char input[32])
 {
 	int i, j;
-	php_hash_uint32 data[8], temp = 0, save = 0;
+	php_hash_uint32 data[8], temp = 0;
 
 	for (i = 0, j = 0; i < 8; ++i, j += 4) {
 		data[i] =	((php_hash_uint32) input[j]) | (((php_hash_uint32) input[j + 1]) << 8) |
 					(((php_hash_uint32) input[j + 2]) << 16) | (((php_hash_uint32) input[j + 3]) << 24);
-		save = context->state[i + 8];
 		context->state[i + 8] += data[i] + temp;
-		temp = ((context->state[i + 8] < data[i]) || (context->state[i + 8] < save)) ? 1 : 0;
+		temp = context->state[i + 8] < data[i] ? 1 : (context->state[i + 8] == data[i] ? temp : 0);
 	}
 
 	Gost(context, data);
author	Grundik <grundik@ololo.cc>	2017-02-18 05:53:13 +0300
committer	Nikita Popov <nikita.ppv@gmail.com>	2017-02-24 23:20:49 +0100
commit	eac8166bd468a3c7c00b5163f6f86804911b660d (patch)
tree	58a3ce6ca89bdb3bd5bee78b5a803f1704a6efdf /ext/hash/hash_gost.c
parent	9450e23b3288100c07f2990cd0bce962ca56461b (diff)
download	php-git-eac8166bd468a3c7c00b5163f6f86804911b660d.tar.gz