Skip to content

Commit

Permalink
sha3: fix cSHAKE initialization for extremely large N ana and or S
Browse files Browse the repository at this point in the history 
While both impractical and unlikely, the multiplication could overflow
on 32-bit architectures.

The 64-bit architecture case is unaffected by both the maximum length
of Go slices being too small to trigger the overflow (everything except
s390), and it being safe to assume no machine has more than 2 EiB of
memory.

Fixes golang/go#66232
  • Loading branch information
@Yawning
Yawning committed Mar 11, 2024
1 parent 7067223 commit ca7a141
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions sha3/shake.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,9 +85,9 @@ func newCShake(N, S []byte, rate, outputLen int, dsbyte byte) ShakeHash {

// leftEncode returns max 9 bytes
c.initBlock = make([]byte, 0, 9*2+len(N)+len(S))
c.initBlock = append(c.initBlock, leftEncode(uint64(len(N)*8))...)
c.initBlock = append(c.initBlock, leftEncode(uint64(len(N))*8)...)
c.initBlock = append(c.initBlock, N...)
c.initBlock = append(c.initBlock, leftEncode(uint64(len(S)*8))...)
c.initBlock = append(c.initBlock, leftEncode(uint64(len(S))*8)...)
c.initBlock = append(c.initBlock, S...)
c.Write(bytepad(c.initBlock, c.rate))
return &c
Expand Down

0 comments on commit ca7a141

Please sign in to comment.