lib: accept larger input to md5/hmac/sha256/sha512 functions

Avoid unchecked data conversions from size_t to unsigned int. Reported-by: James Fuller Closes #21174
2026-04-11 12:01:42 +08:00 · 2026-03-31 11:22:34 +02:00 · 2026-03-31 11:22:34 +02:00 · dd7fcd581f
commit dd7fcd581f
parent 1570091f10
7 changed files with 41 additions and 20 deletions
--- a/lib/curl_hmac.h
+++ b/lib/curl_hmac.h
@ -57,14 +57,14 @@ struct HMAC_context {
 struct HMAC_context *Curl_HMAC_init(const struct HMAC_params *hashparams,
                                    const unsigned char *key,
                                    unsigned int keylen);
-int Curl_HMAC_update(struct HMAC_context *ctxt,
-                     const unsigned char *data,
-                     unsigned int len);
+void Curl_HMAC_update(struct HMAC_context *ctxt,
+                      const unsigned char *data,
+                      unsigned int len);
 int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *output);

 CURLcode Curl_hmacit(const struct HMAC_params *hashparams,
                     const unsigned char *key, const size_t keylen,
-                     const unsigned char *data, const size_t datalen,
+                     const unsigned char *data, size_t datalen,
                     unsigned char *output);

 #endif
--- a/lib/curl_md5.h
+++ b/lib/curl_md5.h
@ -54,7 +54,7 @@ extern const struct MD5_params Curl_DIGEST_MD5;
 extern const struct HMAC_params Curl_HMAC_MD5;

 CURLcode Curl_md5it(unsigned char *output, const unsigned char *input,
-                    const size_t len);
+                    size_t len);

 struct MD5_context *Curl_MD5_init(const struct MD5_params *md5params);
 CURLcode Curl_MD5_update(struct MD5_context *context,
--- a/lib/curl_sha256.h
+++ b/lib/curl_sha256.h
@ -38,7 +38,7 @@ extern const struct HMAC_params Curl_HMAC_SHA256;
 #endif

 CURLcode Curl_sha256it(unsigned char *output, const unsigned char *input,
-                       const size_t len);
+                       size_t len);

 #endif

--- a/lib/curl_sha512_256.c
+++ b/lib/curl_sha512_256.c
@ -202,8 +202,13 @@ static CURLcode Curl_sha512_256_update(void *ctx,
                                       const unsigned char *data,
                                       size_t length)
 {
-  if(wc_Sha512_256Update(ctx, data, (word32)length))
-    return CURLE_SSL_CIPHER;
+  do {
+    word32 ilen = (word32) CURLMIN(length, UINT_MAX);
+    if(wc_Sha512_256Update(ctx, data, ilen))
+      return CURLE_SSL_CIPHER;
+    length -= ilen;
+    data += ilen;
+  } while(length);
  return CURLE_OK;
 }

--- a/lib/hmac.c
+++ b/lib/hmac.c
@ -98,13 +98,12 @@ fail:
  return NULL;
 }

-int Curl_HMAC_update(struct HMAC_context *ctxt,
-                     const unsigned char *data,
-                     unsigned int len)
+void Curl_HMAC_update(struct HMAC_context *ctxt,
+                      const unsigned char *data,
+                      unsigned int len)
 {
  /* Update first hash calculation. */
  ctxt->hash->hupdate(ctxt->hashctxt1, data, len);
-  return 0;
 }

 int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *output)
@ -143,17 +142,24 @@ int Curl_HMAC_final(struct HMAC_context *ctxt, unsigned char *output)
 */
 CURLcode Curl_hmacit(const struct HMAC_params *hashparams,
                     const unsigned char *key, const size_t keylen,
-                     const unsigned char *data, const size_t datalen,
+                     const unsigned char *data, size_t datalen,
                     unsigned char *output)
 {
-  struct HMAC_context *ctxt =
-    Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));
+  struct HMAC_context *ctxt;
+  if(keylen > UINT_MAX) /* unlikely to ever happen */
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  ctxt = Curl_HMAC_init(hashparams, key, curlx_uztoui(keylen));

  if(!ctxt)
    return CURLE_OUT_OF_MEMORY;

  /* Update the digest with the given challenge */
-  Curl_HMAC_update(ctxt, data, curlx_uztoui(datalen));
+  do {
+    unsigned int ilen = (unsigned int) CURLMIN(datalen, UINT_MAX);
+    Curl_HMAC_update(ctxt, data, ilen);
+    datalen -= ilen;
+    data += ilen;
+  } while(datalen);

  /* Finalise the digest */
  Curl_HMAC_final(ctxt, output);
--- a/lib/md5.c
+++ b/lib/md5.c
@ -540,14 +540,19 @@ const struct MD5_params Curl_DIGEST_MD5 = {
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_md5it(unsigned char *output,
-                    const unsigned char *input, const size_t len)
+                    const unsigned char *input, size_t len)
 {
  CURLcode result;
  my_md5_ctx ctx;

  result = my_md5_init(&ctx);
  if(!result) {
-    my_md5_update(&ctx, input, curlx_uztoui(len));
+    do {
+      unsigned int ilen = (unsigned int) CURLMIN(len, UINT_MAX);
+      my_md5_update(&ctx, input, ilen);
+      input += ilen;
+      len -= len;
+    } while(len);
    my_md5_final(output, &ctx);
  }
  return result;
--- a/lib/sha256.c
+++ b/lib/sha256.c
@ -478,14 +478,19 @@ static void my_sha256_final(unsigned char *out, void *ctx)
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_sha256it(unsigned char *output, const unsigned char *input,
-                       const size_t len)
+                       size_t len)
 {
  CURLcode result;
  my_sha256_ctx ctx;

  result = my_sha256_init(&ctx);
  if(!result) {
-    my_sha256_update(&ctx, input, curlx_uztoui(len));
+    do {
+      unsigned int ilen = (unsigned int) CURLMIN(len, UINT_MAX);
+      my_sha256_update(&ctx, input, ilen);
+      len -= ilen;
+      input += ilen;
+    } while(len);
    my_sha256_final(output, &ctx);
  }
  return result;