cancel
Showing results for 
Search instead for 
Did you mean: 

sha1_alt.c (mbedTLS implementation) bug?

Mario Luzeiro
Senior

I have a file from ST, not sure where it comes from but the header has:

sha1_alt.c for SHA1 HASH

Copyright (c) 2017, STMicroelectronics

I am getting issues with the function that call HAL_HASH_SHA1_Accumulate function.

They are no checking for size/len if it is 0.

For some reason I am getting this issue but not sure if its this file or the application issue.

Shall it checks if size is >0 ?

Do you have an updated version of this file?

3 REPLIES 3
Mario Luzeiro
Senior

I also found that this functions are not working with data length not multiple of 4. Shall it handle this not multiple cases?

It is documented as requiring 4-byte multiple. You're expected to either use it for large block, or wrap it with some spill buffer method to meet the requirements of the underlying hardware.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
Mario Luzeiro
Senior

I found that it misses a padding as described here:

https://tools.ietf.org/html/rfc3174#section-4

mbed crypto software implementation is adding that padding:

https://github.com/ARMmbed/mbed-crypto/blob/aa2e298bde122e695c72288098a9ab3d9ac5729a/library/sha1.c#L368

so as far as I understand, this sha1_alt.c that I have is not implementing the required padding.