Fix off-by-one error in all crypto functions

2026-02-15 13:58:27 +00:00 · 2018-04-04 21:32:23 +12:00 · 2018-04-04 21:32:23 +12:00 · f68c2e0a14
commit f68c2e0a14
parent 3d8541121b
5 changed files with 78 additions and 6 deletions
--- a/std/crypto/blake2.zig
+++ b/std/crypto/blake2.zig
@ -84,7 +84,7 @@ fn Blake2s(comptime out_len: usize) type { return struct {
        }

        // Full middle blocks.
-        while (off + 64 < b.len) : (off += 64) {
+        while (off + 64 <= b.len) : (off += 64) {
            d.t += 64;
            d.round(b[off..off + 64], false);
        }
@ -229,6 +229,15 @@ test "blake2s256 streaming" {
    htest.assertEqual(h2, out[0..]);
 }

+test "blake2s256 aligned final" {
+    var block = []u8 {0} ** Blake2s256.block_size;
+    var out: [Blake2s256.digest_size]u8 = undefined;
+
+    var h = Blake2s256.init();
+    h.update(block);
+    h.final(out[0..]);
+}
+

 /////////////////////
 // Blake2b
@ -305,7 +314,7 @@ fn Blake2b(comptime out_len: usize) type { return struct {
        }

        // Full middle blocks.
-        while (off + 128 < b.len) : (off += 128) {
+        while (off + 128 <= b.len) : (off += 128) {
            d.t += 128;
            d.round(b[off..off + 128], false);
        }
@ -447,3 +456,12 @@ test "blake2b512 streaming" {
    h.final(out[0..]);
    htest.assertEqual(h2, out[0..]);
 }
+
+test "blake2b512 aligned final" {
+    var block = []u8 {0} ** Blake2b512.block_size;
+    var out: [Blake2b512.digest_size]u8 = undefined;
+
+    var h = Blake2b512.init();
+    h.update(block);
+    h.final(out[0..]);
+}
--- a/std/crypto/md5.zig
+++ b/std/crypto/md5.zig
@ -59,7 +59,7 @@ pub const Md5 = struct {
        }

        // Full middle blocks.
-        while (off + 64 < b.len) : (off += 64) {
+        while (off + 64 <= b.len) : (off += 64) {
            d.round(b[off..off + 64]);
        }

@ -253,3 +253,12 @@ test "md5 streaming" {

    htest.assertEqual("900150983cd24fb0d6963f7d28e17f72", out[0..]);
 }
+
+test "md5 aligned final" {
+    var block = []u8 {0} ** Md5.block_size;
+    var out: [Md5.digest_size]u8 = undefined;
+
+    var h = Md5.init();
+    h.update(block);
+    h.final(out[0..]);
+}
--- a/std/crypto/sha1.zig
+++ b/std/crypto/sha1.zig
@ -60,7 +60,7 @@ pub const Sha1 = struct {
        }

        // Full middle blocks.
-        while (off + 64 < b.len) : (off += 64) {
+        while (off + 64 <= b.len) : (off += 64) {
            d.round(b[off..off + 64]);
        }

@ -284,3 +284,12 @@ test "sha1 streaming" {
    h.final(out[0..]);
    htest.assertEqual("a9993e364706816aba3e25717850c26c9cd0d89d", out[0..]);
 }
+
+test "sha1 aligned final" {
+    var block = []u8 {0} ** Sha1.block_size;
+    var out: [Sha1.digest_size]u8 = undefined;
+
+    var h = Sha1.init();
+    h.update(block);
+    h.final(out[0..]);
+}
--- a/std/crypto/sha2.zig
+++ b/std/crypto/sha2.zig
@ -105,7 +105,7 @@ fn Sha2_32(comptime params: Sha2Params32) type { return struct {
        }

        // Full middle blocks.
-        while (off + 64 < b.len) : (off += 64) {
+        while (off + 64 <= b.len) : (off += 64) {
            d.round(b[off..off + 64]);
        }

@ -319,6 +319,15 @@ test "sha256 streaming" {
    htest.assertEqual("ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", out[0..]);
 }

+test "sha256 aligned final" {
+    var block = []u8 {0} ** Sha256.block_size;
+    var out: [Sha256.digest_size]u8 = undefined;
+
+    var h = Sha256.init();
+    h.update(block);
+    h.final(out[0..]);
+}
+

 /////////////////////
 // Sha384 + Sha512
@ -420,7 +429,7 @@ fn Sha2_64(comptime params: Sha2Params64) type { return struct {
        }

        // Full middle blocks.
-        while (off + 128 < b.len) : (off += 128) {
+        while (off + 128 <= b.len) : (off += 128) {
            d.round(b[off..off + 128]);
        }

@ -669,3 +678,12 @@ test "sha512 streaming" {
    h.final(out[0..]);
    htest.assertEqual(h2, out[0..]);
 }
+
+test "sha512 aligned final" {
+    var block = []u8 {0} ** Sha512.block_size;
+    var out: [Sha512.digest_size]u8 = undefined;
+
+    var h = Sha512.init();
+    h.update(block);
+    h.final(out[0..]);
+}
--- a/std/crypto/sha3.zig
+++ b/std/crypto/sha3.zig
@ -217,6 +217,15 @@ test "sha3-256 streaming" {
    htest.assertEqual("3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532", out[0..]);
 }

+test "sha3-256 aligned final" {
+    var block = []u8 {0} ** Sha3_256.block_size;
+    var out: [Sha3_256.digest_size]u8 = undefined;
+
+    var h = Sha3_256.init();
+    h.update(block);
+    h.final(out[0..]);
+}
+
 test "sha3-384 single" {
    const h1 = "0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004";
    htest.assertEqualHash(Sha3_384, h1 , "");
@ -278,3 +287,12 @@ test "sha3-512 streaming" {
    h.final(out[0..]);
    htest.assertEqual(h2, out[0..]);
 }
+
+test "sha3-512 aligned final" {
+    var block = []u8 {0} ** Sha3_512.block_size;
+    var out: [Sha3_512.digest_size]u8 = undefined;
+
+    var h = Sha3_512.init();
+    h.update(block);
+    h.final(out[0..]);
+}