commit 87f4755cd09eecdab7c750a347143cc6fb3b262d
parent 1bae669f236b9612eacd64554cfb39733157ef43
Author: Santtu Lakkala <inz@inz.fi>
Date: Mon, 3 Nov 2025 17:46:05 +0200
libutil: Fix buffer overflows in 224-bit SHA
Adjust buffer sizes for both SHA-256 and SHA-512 based 224-bit SHA
checksums.
Use a temporary buffer for SHA-512/224, as 224 is not multiple of 64-bit
internal state array of SHA-512.
Diffstat:
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/libutil/sha224.c b/libutil/sha224.c
@@ -22,5 +22,5 @@ sha224_init(void *ctx)
void
sha224_sum(void *ctx, uint8_t md[SHA224_DIGEST_LENGTH])
{
- sha256_sum_n(ctx, md, 8);
+ sha256_sum_n(ctx, md, 7);
}
diff --git a/libutil/sha512-224.c b/libutil/sha512-224.c
@@ -1,5 +1,6 @@
/* public domain sha512/224 implementation based on fips180-3 */
#include <stdint.h>
+#include <string.h>
#include "../sha512-224.h"
extern void sha512_sum_n(void *, uint8_t *, int n);
@@ -22,5 +23,7 @@ sha512_224_init(void *ctx)
void
sha512_224_sum(void *ctx, uint8_t md[SHA512_224_DIGEST_LENGTH])
{
- sha512_sum_n(ctx, md, 4);
+ uint8_t buf[32];
+ sha512_sum_n(ctx, buf, 4);
+ memcpy(md, buf, SHA512_224_DIGEST_LENGTH);
}
