4 Nov
2012
4 Nov
'12
10:04 p.m.
Nikos Mavrogiannopoulos nmav@gnutls.org writes:
Attached is an updated version of the patch.
+void +gosthash94_digest (gosthash94_ctx * ctx, unsigned length, uint8_t *result) +{
- unsigned index = ctx->length & 31;
- uint32_t *msg32 = (uint32_t*)ctx->message;
- assert(length <= GOSTHASH94_DIGEST_SIZE);
- /* pad the last block with zeroes and hash it */
- if (index > 0)
{memset (ctx->message + index, 0, 32 - index);gost_compute_sum_and_hash (ctx, ctx->message);}- /* hash the message length and the sum */
- msg32[0] = (uint32_t) (ctx->length << 3);
- msg32[1] = (uint32_t) (ctx->length >> 29);
- memset (msg32 + 2, 0, sizeof (uint32_t) * 6);
- gost_block_compress (ctx, msg32);
- gost_block_compress (ctx, ctx->sum);
- /* convert hash state to result bytes */
- _nettle_write_le32(length, result, ctx->hash);
+}
Any good reason for reusing the ctx->message as msg32? The cast looks dangerous, even if maybe it isn't (potentially it could have bad alignment, but not with the current struct layout). I'd replace that with a local array,
uint32_t msg32[8];
Also, the _digest function should reset the state when it's done, in the same way as _init. Which is easy, just call _init, or memset directly.
Regards, /Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.