New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signed Integer Overflow in HMAC #20

Open

YuaaCindy opened this issue Jan 12, 2022 · 0 comments

YuaaCindy commented Jan 12, 2022

Hello.
It seems that there is a signed integer overflow in bitops.h:54 :

static inline uint32_t read32_be(const uint8_t buf[4])
{
*  return (buf[0] << 24) |
         (buf[1] << 16) |
         (buf[2] << 8) |
         (buf[3]);
}

It could be triggered by:

const uint8_t key[] =   {0xd9, 0x63, 0xca, 0xf9} ;
const uint8_t msg[] =  {0xb8, 0x02, 0x6b, 0xa9};
cf_hmac_init(&ctx, &cf_sha256, key, sizeof(key));
cf_hmac_update(&ctx, msg, sizeof(msg));

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment