keccak: Use size_t to avoid integer overflow (!6) · Merge requests · redhat-crypto / libgcrypt / libgcrypt-mirror

Jakub Jelen requested to merge jjelen/libgcrypt-mirror:sha3 into master Sep 23, 2022

Any input to the SHA3 functions > 4GB was giving wrong result when it was invoked in one-shot, while working correctly when it was fed by chunks. It turned out that the calculation in the keccak_write overflows the unsigned int type (nlanes * 8 does not fit 32b when the inlen > 4GB).

cipher/keccak-armv7-neon.S: Fix function name in comment and change parameter type to size_t
cipher/keccak.c (keccak_ops_t): Change absorb function signature to use size_t (keccak_absorb_lanes64_avx512): Change nlanes type to size_t (_gcry_keccak_absorb_lanes64_armv7_neon): Ditto. (keccak_absorb_lanes64_armv7_neon): Ditto. (keccak_absorb_lanes32bi): Ditto. (keccak_absorb_lanes32bi_bmi2): Ditto. (keccak_write): Change nlanes variable to use size_t and avoid overflow when calculating count.
cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): Change nlanes argument to use size_t.

Signed-off-by: Jakub Jelen jjelen@redhat.com

Edited Sep 23, 2022 by Jakub Jelen

keccak: Use size_t to avoid integer overflow

Merge request reports