mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2026-02-16 14:28:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

{aegis,aes_gcm}: fix overflow with large inputs on 32-bit systems (#19270)

Browse Source 
These systems write the number of *bits* of their inputs as a u64.

However if `@sizeOf(usize) == 4`, an input message or associated data
whose size is > 512 MiB could overflow.

On 64-bit systems, it is safe to assume that no machine has more than
2 EiB of memory.
This commit is contained in:
Frank Denis 2024-03-12 23:56:28 +01:00 committed by GitHub
parent b8920bceb7
commit 153ba46a5b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/std/crypto/aegis.zig
View File

@ -106,8 +106,8 @@ const State128L = struct {
fn mac(state: *State128L, comptime tag_bits: u9, adlen: usize, mlen: usize) [tag_bits / 8]u8 {
const blocks = &state.blocks;
var sizes: [16]u8 = undefined;
mem.writeInt(u64, sizes[0..8], adlen * 8, .little);
mem.writeInt(u64, sizes[8..16], mlen * 8, .little);
mem.writeInt(u64, sizes[0..8], @as(u64, adlen) * 8, .little);
mem.writeInt(u64, sizes[8..16], @as(u64, mlen) * 8, .little);
const tmp = AesBlock.fromBytes(&sizes).xorBlocks(blocks[2]);
var i: usize = 0;
while (i < 7) : (i += 1) {
@ -284,8 +284,8 @@ const State256 = struct {
fn mac(state: *State256, comptime tag_bits: u9, adlen: usize, mlen: usize) [tag_bits / 8]u8 {
const blocks = &state.blocks;
var sizes: [16]u8 = undefined;
mem.writeInt(u64, sizes[0..8], adlen * 8, .little);
mem.writeInt(u64, sizes[8..16], mlen * 8, .little);
mem.writeInt(u64, sizes[0..8], @as(u64, adlen) * 8, .little);
mem.writeInt(u64, sizes[8..16], @as(u64, mlen) * 8, .little);
const tmp = AesBlock.fromBytes(&sizes).xorBlocks(blocks[3]);
var i: usize = 0;
while (i < 7) : (i += 1) {

8
lib/std/crypto/aes_gcm.zig
View File

@ -46,8 +46,8 @@ fn AesGcm(comptime Aes: anytype) type {
mac.pad();
var final_block = h;
mem.writeInt(u64, final_block[0..8], ad.len * 8, .big);
mem.writeInt(u64, final_block[8..16], m.len * 8, .big);
mem.writeInt(u64, final_block[0..8], @as(u64, ad.len) * 8, .big);
mem.writeInt(u64, final_block[8..16], @as(u64, m.len) * 8, .big);
mac.update(&final_block);
mac.final(tag);
for (t, 0..) |x, i| {
@ -86,8 +86,8 @@ fn AesGcm(comptime Aes: anytype) type {
mac.pad();
var final_block = h;
mem.writeInt(u64, final_block[0..8], ad.len * 8, .big);
mem.writeInt(u64, final_block[8..16], m.len * 8, .big);
mem.writeInt(u64, final_block[0..8], @as(u64, ad.len) * 8, .big);
mem.writeInt(u64, final_block[8..16], @as(u64, m.len) * 8, .big);
mac.update(&final_block);
var computed_tag: [Ghash.mac_length]u8 = undefined;
mac.final(&computed_tag);