[ovs-dev] [PATCH] Fix sha1: Use size_t for buffer lengths to support inputs >4GB The sha1_update() and sha1_bytes() functions previously accepted buffer lengths as uint32_t, which silently truncated larger size_t values passed by callers. This manifested as incorrect SHA1 hashes when compacting an OVSDB database larger than 4GB: the truncated length was forwarded to OpenSSL's EVP_DigestUpdate(), causing it to hash only the low 32 bits' worth of bytes.

Tiago Matos via dev Wed, 29 Apr 2026 06:30:24 -0700

Change the length parameter of sha1_update() and sha1_bytes() from
uint32_t to size_t so the full buffer length is preserved on 64-bit
platforms.


Signed-off-by: Tiago Matos <[email protected]>
---
 lib/sha1.c | 5 +++--
 lib/sha1.h | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/sha1.c b/lib/sha1.c
index 871ff55ed..6f7b19e53 100644
--- a/lib/sha1.c
+++ b/lib/sha1.c
@@ -30,6 +30,7 @@
  */
 
 #include <config.h>
+#include <stddef.h>
 #include "sha1.h"
 
 #ifdef HAVE_OPENSSL
@@ -80,7 +81,7 @@ sha1_init(struct sha1_ctx *sha_info)
  * inputLen: The length of the input buffer.
  */
 void
-sha1_update(struct sha1_ctx *ctx, const void *buffer_, uint32_t count)
+sha1_update(struct sha1_ctx *ctx, const void *buffer_, size_t count)
 {
 #ifdef HAVE_OPENSSL
     if (!EVP_DigestUpdate(ctx->ctx, buffer_, count)) {
@@ -114,7 +115,7 @@ sha1_final(struct sha1_ctx *ctx, uint8_t 
digest[SHA1_DIGEST_SIZE])
 
 /* Computes the hash of 'n' bytes in 'data' into 'digest'. */
 void
-sha1_bytes(const void *data, uint32_t n, uint8_t digest[SHA1_DIGEST_SIZE])
+sha1_bytes(const void *data, size_t n, uint8_t digest[SHA1_DIGEST_SIZE])
 {
     struct sha1_ctx ctx;
 
diff --git a/lib/sha1.h b/lib/sha1.h
index 710e5751c..e052d7fef 100644
--- a/lib/sha1.h
+++ b/lib/sha1.h
@@ -56,9 +56,9 @@ struct sha1_ctx {
 };
 
 void sha1_init(struct sha1_ctx *);
-void sha1_update(struct sha1_ctx *, const void *, uint32_t size);
+void sha1_update(struct sha1_ctx *, const void *, size_t size);
 void sha1_final(struct sha1_ctx *, uint8_t digest[SHA1_DIGEST_SIZE]);
-void sha1_bytes(const void *, uint32_t size, uint8_t digest[SHA1_DIGEST_SIZE]);
+void sha1_bytes(const void *, size_t size, uint8_t digest[SHA1_DIGEST_SIZE]);
 
 #define SHA1_FMT \
         "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" \
-- 
2.54.0


-- 




_'Esta mensagem é direcionada apenas para os endereços constantes no 
cabeçalho inicial. Se você não está listado nos endereços constantes no 
cabeçalho, pedimos-lhe que desconsidere completamente o conteúdo dessa 
mensagem e cuja cópia, encaminhamento e/ou execução das ações citadas estão 
imediatamente anuladas e proibidas'._


* **'Apesar do Magazine Luiza tomar 
todas as precauções razoáveis para assegurar que nenhum vírus esteja 
presente nesse e-mail, a empresa não poderá aceitar a responsabilidade por 
quaisquer perdas ou danos causados por esse e-mail ou por seus anexos'.*



_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to