Skip to content

Input size handling in SHA256 #748

New issue
New issue
Closed
Closed
Input size handling in SHA256#748
Labels
archivedDo not use - historically applied to archived issuesbugcomponent-cryptoCrypto primitives and low-level interfaceshelp-wantedThis issue is not being actively worked on, but PRs welcome.
@xrm

Description

@xrm
xrm
opened on Jan 10, 2017

Dear all,

from my understanding, the sha256 module will most likely give wrong outputs for very large (i.e. > 2^32-1) inputs as the total message size is not calculated correctly.

The code in question is:

    if( ctx->total[0] < (uint32_t) ilen )
        ctx->total[1]++;

https://github.com/ARMmbed/mbedtls/blob/development/library/sha256.c#L256

From my understanding it should rather read something like:

    size_t totalSize = (ctx->total[1] << 32) | ctx->total[0];
    while( totalSize < ilen )
    {
        ctx->total[1]++;
        totalSize += 1<<32;
    }

The other sha modules have the same code, btw.

Thanks
Sebastian

(Disclaimer: I'm not very proficient with SHA2, could be that I missed something, sorry in that case.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    archivedDo not use - historically applied to archived issuesbugcomponent-cryptoCrypto primitives and low-level interfaceshelp-wantedThis issue is not being actively worked on, but PRs welcome.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions