From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 6 Oct 2023 12:59:32 +0000 (+0300)
Subject: lib: Fix sha2 functions to not produce wrong results with >500MB input
X-Git-Tag: 2.3.21.1~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=955bff2155b376eeea512209f20d2ec6b67a4436;p=thirdparty%2Fdovecot%2Fcore.git

lib: Fix sha2 functions to not produce wrong results with >500MB input
---

diff --git a/src/lib/sha2.c b/src/lib/sha2.c
index 93dddfbb39..b6bef47684 100644
--- a/src/lib/sha2.c
+++ b/src/lib/sha2.c
@@ -287,7 +287,7 @@ void sha256_result(struct sha256_ctx *ctx,
 {
 	size_t block_nb;
 	size_t pm_len;
-	size_t len_b;
+	uint64_t len_b;
 	int i;
 
 	block_nb = (1 + ((SHA256_BLOCK_SIZE - 9)
@@ -298,7 +298,7 @@ void sha256_result(struct sha256_ctx *ctx,
 
 	memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
 	ctx->block[ctx->len] = 0x80;
-	UNPACK32(len_b, ctx->block + pm_len - 4);
+	UNPACK64(len_b, ctx->block + pm_len - 8);
 
 	sha256_transf(ctx, ctx->block, block_nb);
 
@@ -414,7 +414,7 @@ void sha384_result(struct sha384_ctx *ctx,
 {
 	unsigned int block_nb;
 	unsigned int pm_len;
-	size_t len_b;
+	uint64_t len_b;
 	int i;
 
 	block_nb = 1 + ((SHA384_BLOCK_SIZE - 17)
@@ -425,7 +425,7 @@ void sha384_result(struct sha384_ctx *ctx,
 
 	memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
 	ctx->block[ctx->len] = 0x80;
-	UNPACK32(len_b, ctx->block + pm_len - 4);
+	UNPACK64(len_b, ctx->block + pm_len - 8);
 
 	sha384_transf(ctx, ctx->block, block_nb);
 
@@ -541,7 +541,7 @@ void sha512_result(struct sha512_ctx *ctx,
 {
 	unsigned int block_nb;
 	unsigned int pm_len;
-	size_t len_b;
+	uint64_t len_b;
 	int i;
 
 	block_nb = 1 + ((SHA512_BLOCK_SIZE - 17)
@@ -552,7 +552,7 @@ void sha512_result(struct sha512_ctx *ctx,
 
 	memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
 	ctx->block[ctx->len] = 0x80;
-	UNPACK32(len_b, ctx->block + pm_len - 4);
+	UNPACK64(len_b, ctx->block + pm_len - 8);
 
 	sha512_transf(ctx, ctx->block, block_nb);
 
diff --git a/src/lib/sha2.h b/src/lib/sha2.h
index 8c893eb3ad..92bd2c74c6 100644
--- a/src/lib/sha2.h
+++ b/src/lib/sha2.h
@@ -38,21 +38,21 @@
 #include "sha-common.h"
 
 struct sha256_ctx {
-	size_t tot_len;
+	uint64_t tot_len;
 	size_t len;
 	unsigned char block[2 * SHA256_BLOCK_SIZE];
 	uint32_t h[8];
 };
 
 struct sha384_ctx {
-	size_t tot_len;
+	uint64_t tot_len;
 	size_t len;
 	unsigned char block[2 * SHA384_BLOCK_SIZE];
 	uint64_t h[8];
 };
 
 struct sha512_ctx {
-	size_t tot_len;
+	uint64_t tot_len;
 	size_t len;
 	unsigned char block[2 * SHA512_BLOCK_SIZE];
 	uint64_t h[8];
diff --git a/src/lib/test-hash-method.c b/src/lib/test-hash-method.c
index 0fd41e0bb4..97db7c8bb6 100644
--- a/src/lib/test-hash-method.c
+++ b/src/lib/test-hash-method.c
@@ -1,6 +1,7 @@
 /* Copyright (c) 2014-2018 Dovecot authors, see the included COPYING file */
 
 #include "test-lib.h"
+#include "hex-binary.h"
 #include "mmap-util.h"
 #include "hash-method.h"
 
@@ -453,8 +454,42 @@ static void test_hash_methods_fips() {
 	test_end();
 }
 
+static void test_hash_methods_large(void)
+{
+	struct {
+		const char *method;
+		const char *hash;
+	} tests[] = {
+		{ "sha256", "1ad0598b790b3acb38876105cc8938c3365f3215fbee3412ac3cd5e96a7dad01" },
+		{ "sha384", "c187c084ffe516fea74b313340a540bc0bab306b1bdc564da21ecdc639e51f194460a0279c04aa40d65cec58698b10c0" },
+		{ "sha512", "556247cfeab056903a3f42cf8496019d9ad90911ded9aa1ede3046b803623e5e2cd2adbd0620e666a927436d125984de9199d643ff21ad1c76e29b116c13ffb2" },
+	};
+	unsigned char data[1024];
+	unsigned int i;
+
+	test_begin("hash method (large inputs)");
+	for (i = 0; i < sizeof(data); i++)
+		data[i] = i & 0xFF;
+
+	for (i = 0; i < N_ELEMENTS(tests); i++) {
+		const struct hash_method *method =
+			hash_method_lookup(tests[i].method);
+		unsigned char context[method->context_size];
+		unsigned char result[method->digest_size];
+
+		method->init(context);
+		for (unsigned int j = 0; j < 600000; j++)
+			method->loop(context, data, sizeof(data));
+		method->result(context, result);
+		test_assert_strcmp_idx(binary_to_hex(result, method->digest_size),
+				       tests[i].hash, i);
+	}
+	test_end();
+}
+
 void test_hash_method(void)
 {
 	test_hash_method_boundary();
 	test_hash_methods_fips();
+	test_hash_methods_large();
 }