{"id":2231454,"url":"http://patchwork.ozlabs.org/api/patches/2231454/?format=json","web_url":"http://patchwork.ozlabs.org/project/openvswitch/patch/20260430173002.43390-1-tiago.reis@luizalabs.com/","project":{"id":47,"url":"http://patchwork.ozlabs.org/api/projects/47/?format=json","name":"Open vSwitch","link_name":"openvswitch","list_id":"ovs-dev.openvswitch.org","list_email":"ovs-dev@openvswitch.org","web_url":"http://openvswitch.org/","scm_url":"git@github.com:openvswitch/ovs.git","webscm_url":"https://github.com/openvswitch/ovs","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260430173002.43390-1-tiago.reis@luizalabs.com>","list_archive_url":null,"date":"2026-04-30T17:30:02","name":"[ovs-dev] sha1: Use size_t for buffer lengths to support inputs >4GB","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"f2e3e4520e365b05a637f20073f174ba8b206692","submitter":{"id":92676,"url":"http://patchwork.ozlabs.org/api/people/92676/?format=json","name":"Tiago Matos","email":"tiago.reis@luizalabs.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/openvswitch/patch/20260430173002.43390-1-tiago.reis@luizalabs.com/mbox/","series":[{"id":502350,"url":"http://patchwork.ozlabs.org/api/series/502350/?format=json","web_url":"http://patchwork.ozlabs.org/project/openvswitch/list/?series=502350","date":"2026-04-30T17:30:02","name":"[ovs-dev] sha1: Use size_t for buffer lengths to support inputs >4GB","version":1,"mbox":"http://patchwork.ozlabs.org/series/502350/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231454/comments/","check":"warning","checks":"http://patchwork.ozlabs.org/api/patches/2231454/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","dev@openvswitch.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","ovs-dev@lists.linuxfoundation.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=luizalabs.com header.i=@luizalabs.com\n header.a=rsa-sha256 header.s=google header.b=mOi1mnKv;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=140.211.166.133; helo=smtp2.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)","smtp2.osuosl.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key,\n unprotected) header.d=luizalabs.com header.i=@luizalabs.com\n header.a=rsa-sha256 header.s=google header.b=mOi1mnKv","smtp4.osuosl.org; dmarc=pass (p=quarantine dis=none)\n header.from=luizalabs.com","smtp4.osuosl.org; dkim=pass (1024-bit key,\n unprotected) header.d=luizalabs.com header.i=@luizalabs.com\n header.a=rsa-sha256 header.s=google header.b=mOi1mnKv"],"Received":["from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g61Ql08SFz1yGq\n\tfor ; Fri, 01 May 2026 03:30:22 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp2.osuosl.org (Postfix) with ESMTP id CA90E40BC6;\n\tThu, 30 Apr 2026 17:30:18 +0000 (UTC)","from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id h8NFHDV8T4VL; Thu, 30 Apr 2026 17:30:17 +0000 (UTC)","from lists.linuxfoundation.org (lf-lists.osuosl.org\n [IPv6:2605:bc80:3010:104::8cd3:938])\n\tby smtp2.osuosl.org (Postfix) with ESMTPS id DA8F040566;\n\tThu, 30 Apr 2026 17:30:16 +0000 (UTC)","from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id AE170C04E8;\n\tThu, 30 Apr 2026 17:30:16 +0000 (UTC)","from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n by lists.linuxfoundation.org (Postfix) with ESMTP id 73B84C04E7\n for ; Thu, 30 Apr 2026 17:30:15 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 5451641070\n for ; Thu, 30 Apr 2026 17:30:15 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id Y_79l4bOrKU6 for ;\n Thu, 30 Apr 2026 17:30:14 +0000 (UTC)","from mail-dl1-x122d.google.com (mail-dl1-x122d.google.com\n [IPv6:2607:f8b0:4864:20::122d])\n by smtp4.osuosl.org (Postfix) with ESMTPS id 4308840F6C\n for ; Thu, 30 Apr 2026 17:30:13 +0000 (UTC)","by mail-dl1-x122d.google.com with SMTP id\n a92af1059eb24-12c45281a06so1896903c88.1\n for ; Thu, 30 Apr 2026 10:30:13 -0700 (PDT)","from state ([2804:10dc:d3c3:6e00:3256:fff:fe0d:5e27])\n by smtp.gmail.com with ESMTPSA id\n a92af1059eb24-12de32173acsm10650262c88.5.2026.04.30.10.30.10\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 30 Apr 2026 10:30:12 -0700 (PDT)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections -\n client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver= ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp2.osuosl.org DA8F040566","OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4308840F6C"],"Received-SPF":"Pass (mailfrom) identity=mailfrom;\n client-ip=2607:f8b0:4864:20::122d; helo=mail-dl1-x122d.google.com;\n envelope-from=tiago.reis@luizalabs.com; receiver=","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp4.osuosl.org 4308840F6C","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=luizalabs.com; s=google; t=1777570213; x=1778175013; darn=openvswitch.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=Eu+D8f2d6EL2aEi6mOoVwLdbRUMcDwT6zuU3/55G138=;\n b=mOi1mnKvzrnXOMaJsytr+B85dSSLKvuqSQY2CfdAnZcz1PH1xNWrK6lE8/kLIVfPsf\n bKtW+O5GVBh6gSZf5vdlfYUsGJOaXDS6zJJh0amymnlDACxesb1mtmUD0i8Oj31falJs\n evzsXBxSnVwGM7n4DwEMowRx5co4KLNFZQV+c=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777570213; x=1778175013;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=Eu+D8f2d6EL2aEi6mOoVwLdbRUMcDwT6zuU3/55G138=;\n b=Wzd5CL3wTR4nZ+qt79GtNqdj/1KTFe5WGHiOaWYjqS9ADN+Viz5fBZiojuou+ncXjw\n wzfCwThdJpFFZV4p4QwoHV2Bf6aDz849ZauKOSjPRvbvhh9cav0GWTZNQw2ioefy90uw\n 8XaOP4LTzSyJU2E9vnANN9pGc+3fF+hZexEGEyk/Io0PlnXTiG2RcM9U/xtOCytcHQtI\n 03PRplnWjcQcaBgMtXUHMDgTqnCQKuZP/f5C4W6SVzgP2Ta5FDX5R8gVY6yrThNtJT23\n nnOFfJ+hPo0q1pxbiXrvenFrgfpoAVo/XgJUAzVYWkw8ztbEYYkWBbfkWqbBLu/fa/qP\n D0pw==","X-Gm-Message-State":"AOJu0Ywz/g6YG7RQLJPF9jQLDwZyhOxkAwFJS9TYQWt5xXg/64Pu0+eI\n XQnoMVyxlKuhWtciAKO+5zMOVeLnxpqPoxJBQGy/94wjv57YAb365iezy5dsrUA2yVj3CRTtb/M\n +K00z7ZZfcSg3PnvBilDq+nCDxCy6KKeo4TzmhxZnwGiNGhLVstuav3i/QQ/V2mQ=","X-Gm-Gg":"AeBDieuWBtrborvASvwnvkTN8hTkSzOL1HBArs8th71H6jIfStOH4ZS+1b3rYxEPlgT\n 7VuS1AgwKSieLysD2tAVZ/Bg3vXUmqy+1K4cVLwezn2fjIHJljgtlLsP+Hnp15emuUob9hbDO7C\n C40qTwa8lkVDP1F5aaIytvHgd/ABgEfDkKapLOOYo8cDnKnojJ5ZenHM2mHV/Y+fceFint7vlUP\n JPE14bpDQy1IaFWMOmsE0bhdDnoJS4NAlpA+Aiu7sFlChbgIRTJi6KWI0spisacGSYSgAwIs2GN\n 47JyGp5ujkDAcM88L+PifjaI27II0jdxiL+6YYiMfZ+1gYVPlB4dcxI+dXg0iMtE//6V/y96a80\n QtkyqF5lhHM+e+d9TZMhetaJaDKAWYA5QTTAK5Ltya+k7Py+yf438V62Nfc8TfdZ6G0rQea7Hfc\n hKwPS4gXmBLPIfpgF81DxIhBugWEBvRCpu45E=","X-Received":"by 2002:a05:7022:258f:b0:128:bae0:e044 with SMTP id\n a92af1059eb24-12dead0acfemr1656636c88.30.1777570212624;\n Thu, 30 Apr 2026 10:30:12 -0700 (PDT)","To":"dev@openvswitch.org","Date":"Thu, 30 Apr 2026 14:30:02 -0300","Message-ID":"<20260430173002.43390-1-tiago.reis@luizalabs.com>","X-Mailer":"git-send-email 2.54.0","MIME-Version":"1.0","Subject":"[ovs-dev] [PATCH] sha1: Use size_t for buffer lengths to support\n inputs >4GB","X-BeenThere":"ovs-dev@openvswitch.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","From":"Tiago Matos via dev ","Reply-To":"Tiago Matos ","Content-Type":"text/plain; charset=\"iso-8859-1\"","Content-Transfer-Encoding":"quoted-printable","Errors-To":"ovs-dev-bounces@openvswitch.org","Sender":"\"dev\" "},"content":"The sha1_update() and sha1_bytes() functions previously accepted\nbuffer lengths as uint32_t, which silently truncated larger size_t\nvalues passed by callers. This manifested as incorrect SHA1 hashes\nwhen compacting an OVSDB database larger than 4GB: the truncated\nlength was forwarded to OpenSSL's EVP_DigestUpdate(), causing it to\nhash only the low 32 bits' worth of bytes.\n\nChange the length parameter of sha1_update() and sha1_bytes() from\nuint32_t to size_t so the full buffer length is preserved.\n\nSigned-off-by: Tiago Matos \n---\n lib/sha1.c | 21 ++++++++++++---------\n lib/sha1.h | 8 ++++----\n tests/test-sha1.c | 5 +++--\n 3 files changed, 19 insertions(+), 15 deletions(-)","diff":"diff --git a/lib/sha1.c b/lib/sha1.c\nindex 871ff55ed..fa4bd278c 100644\n--- a/lib/sha1.c\n+++ b/lib/sha1.c\n@@ -30,6 +30,7 @@\n */\n \n #include \n+#include \n #include \"sha1.h\"\n \n #ifdef HAVE_OPENSSL\n@@ -80,7 +81,7 @@ sha1_init(struct sha1_ctx *sha_info)\n * inputLen: The length of the input buffer.\n */\n void\n-sha1_update(struct sha1_ctx *ctx, const void *buffer_, uint32_t count)\n+sha1_update(struct sha1_ctx *ctx, const void *buffer_, size_t count)\n {\n #ifdef HAVE_OPENSSL\n if (!EVP_DigestUpdate(ctx->ctx, buffer_, count)) {\n@@ -114,7 +115,7 @@ sha1_final(struct sha1_ctx *ctx, uint8_t digest[SHA1_DIGEST_SIZE])\n \n /* Computes the hash of 'n' bytes in 'data' into 'digest'. */\n void\n-sha1_bytes(const void *data, uint32_t n, uint8_t digest[SHA1_DIGEST_SIZE])\n+sha1_bytes(const void *data, size_t n, uint8_t digest[SHA1_DIGEST_SIZE])\n {\n struct sha1_ctx ctx;\n \n@@ -316,20 +317,22 @@ ovs_sha1_init(struct sha1_ctx *sha_info)\n * inputLen: The length of the input buffer.\n */\n void\n-ovs_sha1_update(struct sha1_ctx *ctx, const void *buffer_, uint32_t count)\n+ovs_sha1_update(struct sha1_ctx *ctx, const void *buffer_, size_t count)\n {\n const uint8_t *buffer = buffer_;\n unsigned int i;\n+ uint32_t lo_add = (uint32_t)((uint64_t)count << 3);\n+ uint32_t hi_add = (uint32_t)((uint64_t)count >> 29);\n \n- if ((ctx->count_lo + (count << 3)) < ctx->count_lo) {\n+ if (ctx->count_lo + lo_add < ctx->count_lo) {\n ctx->count_hi++;\n }\n- ctx->count_lo += count << 3;\n- ctx->count_hi += count >> 29;\n+ ctx->count_lo += lo_add;\n+ ctx->count_hi += hi_add;\n if (ctx->local) {\n i = SHA_BLOCK_SIZE - ctx->local;\n if (i > count) {\n- i = count;\n+ i = (unsigned int)count;\n }\n memcpy(((uint8_t *) ctx->data) + ctx->local, buffer, i);\n count -= i;\n@@ -350,7 +353,7 @@ ovs_sha1_update(struct sha1_ctx *ctx, const void *buffer_, uint32_t count)\n sha_transform(ctx);\n }\n memcpy(ctx->data, buffer, count);\n- ctx->local = count;\n+ ctx->local = (int)count;\n }\n \n /*\n@@ -393,7 +396,7 @@ ovs_sha1_final(struct sha1_ctx *ctx, uint8_t digest[SHA1_DIGEST_SIZE])\n \n /* Computes the hash of 'n' bytes in 'data' into 'digest'. */\n void\n-ovs_sha1_bytes(const void *data, uint32_t n, uint8_t digest[SHA1_DIGEST_SIZE])\n+ovs_sha1_bytes(const void *data, size_t n, uint8_t digest[SHA1_DIGEST_SIZE])\n {\n struct sha1_ctx ctx;\n \ndiff --git a/lib/sha1.h b/lib/sha1.h\nindex 710e5751c..fdf523302 100644\n--- a/lib/sha1.h\n+++ b/lib/sha1.h\n@@ -56,9 +56,9 @@ struct sha1_ctx {\n };\n \n void sha1_init(struct sha1_ctx *);\n-void sha1_update(struct sha1_ctx *, const void *, uint32_t size);\n+void sha1_update(struct sha1_ctx *, const void *, size_t size);\n void sha1_final(struct sha1_ctx *, uint8_t digest[SHA1_DIGEST_SIZE]);\n-void sha1_bytes(const void *, uint32_t size, uint8_t digest[SHA1_DIGEST_SIZE]);\n+void sha1_bytes(const void *, size_t size, uint8_t digest[SHA1_DIGEST_SIZE]);\n \n #define SHA1_FMT \\\n \"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\" \\\n@@ -77,9 +77,9 @@ bool sha1_from_hex(uint8_t digest[SHA1_DIGEST_SIZE], const char *hex);\n /* Generic implementation for the case where OpenSSL is not available.\n * This API should not be used directly. Exposed for unit testing. */\n void ovs_sha1_init(struct sha1_ctx *);\n-void ovs_sha1_update(struct sha1_ctx *, const void *, uint32_t size);\n+void ovs_sha1_update(struct sha1_ctx *, const void *, size_t size);\n void ovs_sha1_final(struct sha1_ctx *, uint8_t digest[SHA1_DIGEST_SIZE]);\n-void ovs_sha1_bytes(const void *, uint32_t size,\n+void ovs_sha1_bytes(const void *, size_t size,\n uint8_t digest[SHA1_DIGEST_SIZE]);\n \n #endif /* sha1.h */\ndiff --git a/tests/test-sha1.c b/tests/test-sha1.c\nindex f5a310bc9..bd3fa7bbb 100644\n--- a/tests/test-sha1.c\n+++ b/tests/test-sha1.c\n@@ -15,6 +15,7 @@\n */\n \n #include \n+#include \n #undef NDEBUG\n #include \"sha1.h\"\n #include \n@@ -34,9 +35,9 @@ struct test_vector {\n \n struct test_api {\n void (*sha1_init)(struct sha1_ctx *);\n- void (*sha1_update)(struct sha1_ctx *, const void *, uint32_t size);\n+ void (*sha1_update)(struct sha1_ctx *, const void *, size_t size);\n void (*sha1_final)(struct sha1_ctx *, uint8_t digest[SHA1_DIGEST_SIZE]);\n- void (*sha1_bytes)(const void *, uint32_t size,\n+ void (*sha1_bytes)(const void *, size_t size,\n uint8_t digest[SHA1_DIGEST_SIZE]);\n };\n \n","prefixes":["ovs-dev"]}