On 26.10.2025 13.30, Hiltjo Posthuma wrote:
> Maybe a starting point is in with processblock():
>
> libutil/sha512.c: sha512_update() (defined in sha512-224.h).
>
This is actually a simple case of passing wrongly sized buffer to
sha512_sum_n() when finalizing, and happens with any input. The problem
lies with sha512_sum_n() requiring the digest length argument to be in
multiples of uint64_t, but for 224 bits this would be 3.5. Either the
argument needs to be changed to be more granular, or the
sha512_224_sum() in libutil/sha512-224.c needs to use a temporary buffer.
The SHA-256 based sha224sum actually has the same problem, but there the
fix is simpler, just changing the argument of sha256_sum_n to 7, as
SHA-256 internally uses 32-bit ints.
--
Santtu
Received on Mon Nov 03 2025 - 13:52:21 CET