You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While investigating a bug report in our platform we think we have found a bug in the hmac implementation.
cf_hmac_init uses temporary buffers k and blk that are initialized at a size of CF_CHASH_MAXBLK=128. However, the block sizes for sha3-224 and sha3-256 are 144 and 136, causing a buffer overflow on the memset at hmac.c:53
A simple fix is setting CF_CHASH_MAXBLK at 144
The text was updated successfully, but these errors were encountered:
Hello and kudos for the awesome project.
While investigating a bug report in our platform we think we have found a bug in the hmac implementation.
cf_hmac_inituses temporary buffers k and blk that are initialized at a size of CF_CHASH_MAXBLK=128. However, the block sizes for sha3-224 and sha3-256 are 144 and 136, causing a buffer overflow on the memset at hmac.c:53A simple fix is setting CF_CHASH_MAXBLK at 144
The text was updated successfully, but these errors were encountered: