Skip to content

Commit

Permalink
sha1: Fix algorithm for data bigger than 512 megabytes.
Browse files Browse the repository at this point in the history 
In modern systems, size_t is 64 bits. There is a 32 bit overflow check
in sha1_update(), which will not work correctly, because compiler will
do an automatic cast to 64 bits, since size_t type variable is in the
expression. We do want however to lose data, since this is the whole
idea of this overflow check.

Because of this, computation of SHA-1 checksum will always be incorrect
for any data, that is bigger than 512 megabytes, which in bits is the
boundary of 32 bits integer.

In practice it means that any OVSDB transaction, bigger or equal to 512
megabytes, is considered corrupt and ovsdb-server will refuse to work
with the database file. This is especially critical for OVN southbound
database, since it tends to grow rapidly.

Fixes: 5eccf35 ("Replace SHA-1 library with one that is clearly licensed.")
Signed-off-by: Renat Nurgaliyev <[email protected]>
Signed-off-by: Ilya Maximets <[email protected]>
  • Loading branch information
@rnurgaliyev @igsilya
rnurgaliyev authored and igsilya committed Nov 16, 2020
1 parent be4b771 commit a1d2c5f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions lib/sha1.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ sha1_init(struct sha1_ctx *sha_info)
* inputLen: The length of the input buffer.
*/
void
sha1_update(struct sha1_ctx *ctx, const void *buffer_, size_t count)
sha1_update(struct sha1_ctx *ctx, const void *buffer_, uint32_t count)
{
const uint8_t *buffer = buffer_;
unsigned int i;
Expand Down Expand Up @@ -274,7 +274,7 @@ sha1_final(struct sha1_ctx *ctx, uint8_t digest[SHA1_DIGEST_SIZE])

/* Computes the hash of 'n' bytes in 'data' into 'digest'. */
void
sha1_bytes(const void *data, size_t n, uint8_t digest[SHA1_DIGEST_SIZE])
sha1_bytes(const void *data, uint32_t n, uint8_t digest[SHA1_DIGEST_SIZE])
{
struct sha1_ctx ctx;

Expand Down
4 changes: 2 additions & 2 deletions lib/sha1.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,9 @@ struct sha1_ctx {
};

void sha1_init(struct sha1_ctx *);
void sha1_update(struct sha1_ctx *, const void *, size_t);
void sha1_update(struct sha1_ctx *, const void *, uint32_t size);
void sha1_final(struct sha1_ctx *, uint8_t digest[SHA1_DIGEST_SIZE]);
void sha1_bytes(const void *, size_t, uint8_t digest[SHA1_DIGEST_SIZE]);
void sha1_bytes(const void *, uint32_t size, uint8_t digest[SHA1_DIGEST_SIZE]);

#define SHA1_FMT \
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" \
Expand Down

0 comments on commit a1d2c5f

Please sign in to comment.