Signed Integer Overflow in HMAC #20
Description
Hello.
It seems that there is a signed integer overflow in bitops.h:54 :
static inline uint32_t read32_be(const uint8_t buf[4])
{
* return (buf[0] << 24) |
(buf[1] << 16) |
(buf[2] << 8) |
(buf[3]);
}
It could be triggered by:
const uint8_t key[] = {0xd9, 0x63, 0xca, 0xf9} ;
const uint8_t msg[] = {0xb8, 0x02, 0x6b, 0xa9};
cf_hmac_init(&ctx, &cf_sha256, key, sizeof(key));
cf_hmac_update(&ctx, msg, sizeof(msg));
