[Bug 266863] SHA512_224_Final() is broken on little-endian machines

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266863] SHA512_224_Final() is broken on little-endian machines"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266863] SHA512_224_Final() is broken on little-endian machines"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 266863] SHA512_224_Final() is broken on little-endian machines"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 06 Oct 2022 08:38:44 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266863

            Bug ID: 266863
           Summary: SHA512_224_Final() is broken on little-endian machines
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: sebastian.huber@embedded-brains.de

I am referring to the SHA512_224_Final() implementation in
sys/crypto/sha2/sha512c.c:

void
SHA512_224_Final(unsigned char digest[static SHA512_224_DIGEST_LENGTH],
SHA512_CTX * ctx)
{

        /* Add padding */
        SHA512_Pad(ctx);

        /* Write the hash */
        be64enc_vect(digest, ctx->state, SHA512_224_DIGEST_LENGTH);

        /* Clear the context state */
        explicit_bzero(ctx, sizeof(*ctx));
}

We have

#define SHA512_224_DIGEST_LENGTH      28

which is not a multiple of 8.

We have for little-endian machines:

/*
 * Encode a length len/4 vector of (uint64_t) into a length len vector of
 * (unsigned char) in big-endian form.  Assumes len is a multiple of 8.
 */
static void
be64enc_vect(unsigned char *dst, const uint64_t *src, size_t len)
{
        size_t i;

        for (i = 0; i < len / 8; i++)
                be64enc(dst + i * 8, src[i]);
}

The result is that the last 32-bits of the digest are not written.

-- 
You are receiving this mail because:
You are the assignee for the bug.