Skip to content

Commit

Permalink
sha3: fix cSHAKE initialization for extremely large N and or S
Browse files Browse the repository at this point in the history 
While both impractical and unlikely, the multiplication could overflow
on 32-bit architectures.

The 64-bit architecture case is unaffected by both the maximum length
of Go slices being too small to trigger the overflow (everything except
s390), and it being safe to assume no machine has more than 2 EiB of
memory.

Fixes golang/go#66232
  • Loading branch information
@Yawning
Yawning committed Mar 11, 2024
1 parent 7067223 commit 503e180
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions sha3/shake.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,9 +85,9 @@ func newCShake(N, S []byte, rate, outputLen int, dsbyte byte) ShakeHash {

// leftEncode returns max 9 bytes
c.initBlock = make([]byte, 0, 9*2+len(N)+len(S))
c.initBlock = append(c.initBlock, leftEncode(uint64(len(N)*8))...)
c.initBlock = append(c.initBlock, leftEncode(uint64(len(N))*8)...)
c.initBlock = append(c.initBlock, N...)
c.initBlock = append(c.initBlock, leftEncode(uint64(len(S)*8))...)
c.initBlock = append(c.initBlock, leftEncode(uint64(len(S))*8)...)
c.initBlock = append(c.initBlock, S...)
c.Write(bytepad(c.initBlock, c.rate))
return &c
Expand Down

0 comments on commit 503e180

Please sign in to comment.