Skip to content

crypto: Fix SHA-256 padding length field to 64-bit #98616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

crypto: Fix SHA-256 padding length field to 64-bit #98616

wants to merge 1 commit into from
+34 −9

Conversation

@kaabia
Copy link
Contributor

@kaabia kaabia commented Oct 30, 2025
edited
Loading

Fixes #98952

The SHA-256 standard (FIPS 180-4) requires the total message length (L) in bits to be appended as a 64-bit big-endian integer.

The previous implementation incorrectly calculated and wrote only the lower 32 bits of the length field (to W[15]), implicitly assuming the upper 32 bits (W[14]) were correctly zeroed.

This commit updates it51xxx_hash_handler() to explicitly calculate the length using uint64_t and writes both the MSB (W[14]) and LSB (W[15]) words in big-endian format. This ensures standard compliance and correct hashing for all message lengths.

Reference: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

image

@kaabia kaabia force-pushed the fix/it51xxx-sha-padding-length branch from 2fde922 to e89942d Compare October 30, 2025 22:44
@kaabia kaabia changed the title crypto: it51xxx: Fix SHA-256 padding length field to 64-bit crypto: Fix SHA-256 padding length field to 64-bit Oct 30, 2025
@kaabia kaabia force-pushed the fix/it51xxx-sha-padding-length branch from e89942d to 329192f Compare October 30, 2025 23:32
dsseng

This comment was marked as resolved.

Sign in to view

@kaabia
crypto: ite: sha: make SHA-256 padding length 64-bit
c90121b 
The SHA-256 standard (FIPS 180-4) requires the total message
length (L) in bits to be appended as a 64-bit big-endian
integer across words W[14] and W[15] of the final block.

The previous code incorrectly calculated and wrote only the
lower 32 bits of the length (to W[15]). This failed
for messages longer than 2^{32}/8 bytes and relied on
W[14] being pre-zeroed.

This commit updates the SHA handlers for both it51xxx and
it8xxx2 to explicitly calculate L as a `uint64_t`. It then
correctly writes both the MSB (W[14]) and the LSB (W[15])
words in the required big-endian format.

This ensures standard compliance and correct hashing.

Signed-off-by: Badr Bacem KAABIA <[email protected]>
@kaabia kaabia force-pushed the fix/it51xxx-sha-padding-length branch from 329192f to c90121b Compare November 1, 2025 17:12
@kaabia
Copy link
Contributor Author

kaabia commented Nov 1, 2025

Please reword the commit message to point at the drivers that were changed, for example:

crypto: ite: sha: make SHA-256 padding length 64-bit

Commit message changed as requested.
Thank you for your review.

@kaabia kaabia requested a review from dsseng November 1, 2025 17:14
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 1, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@kaabia kaabia requested a review from dsseng November 3, 2025 21:12
@dsseng
Copy link
Member

dsseng commented Nov 3, 2025

I have nothing more to say on this, my approval is still valid and not overridden (but I am not a maintainer with merge rights on the code)

I believe currently many maintainers are busy with the release engineering process (and anyway during the release merges are usually suspended). So please wait, nothing to do on this PR at the moment

Thanks for the contribution

@kaabia kaabia mentioned this pull request Nov 5, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valeriosetti valeriosetti valeriosetti approved these changes

@ceolin ceolin Awaiting requested review from ceolin

@Chenhongren Chenhongren Awaiting requested review from Chenhongren

@Dino-Li Dino-Li Awaiting requested review from Dino-Li

@fabiobaltieri fabiobaltieri Awaiting requested review from fabiobaltieri

@GTLin08 GTLin08 Awaiting requested review from GTLin08

@keith-zephyr keith-zephyr Awaiting requested review from keith-zephyr

@RuibinChang RuibinChang Awaiting requested review from RuibinChang

@dsseng dsseng Awaiting requested review from dsseng

At least 2 approving reviews are required to merge this pull request.

Assignees

@Chenhongren Chenhongren

@Dino-Li Dino-Li

@RuibinChang RuibinChang

@GTLin08 GTLin08

Labels

area: Crypto / RNG platform: ITE ITE

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Crypto: SHA-256 padding incorrectly limits message length field to 32 bits

8 participants

@kaabia @dsseng @valeriosetti @Chenhongren @zephyrbot @Dino-Li @RuibinChang @GTLin08