Merge bitcoin#19931: Change CSipHasher's count variable to uint8_t

fanquake · fanquake · commit 06dbbe76dd02 · 2020-09-14T16:30:17.000+08:00
812037c Change CSipHasher's count variable to uint8_t (Pieter Wuille) Pull request description: SipHash technically supports arbitrarily long inputs (at least, I couldn't find a limit in the [paper](https://eprint.iacr.org/2012/351.pdf)), but only the low 8 bits of the length matter. Because of that we should use an unsigned type to track the length (as any signed type could overflow, which is UB). `uint8_t` is sufficient, however. Fixes bitcoin#19930. ACKs for top commit: laanwj: anyhow re-ACK 812037c elichai: utACK 812037c practicalswift: ACK 812037c theStack: ACK 812037c Tree-SHA512: 5b1440c9e4591460da198991fb421ad47d2d96def2014e761726ce361aa9575752f2c4085656e7e9badee3660ff005cc76fbd1afe4848faefe4502f3412bd896
diff --git a/src/crypto/siphash.cpp b/src/crypto/siphash.cpp
@@ -49,7 +49,7 @@ CSipHasher& CSipHasher::Write(const unsigned char* data, size_t size)
 {
     uint64_t v0 = v[0], v1 = v[1], v2 = v[2], v3 = v[3];
     uint64_t t = tmp;
-    int c = count;
+    uint8_t c = count;
 
     while (size--) {
         t |= ((uint64_t)(*(data++))) << (8 * (c % 8));
diff --git a/src/crypto/siphash.h b/src/crypto/siphash.h
@@ -15,7 +15,7 @@ class CSipHasher
 private:
     uint64_t v[4];
     uint64_t tmp;
-    int count;
+    uint8_t count; // Only the low 8 bits of the input size matter.
 
 public:
     /** Construct a SipHash calculator initialized with 128-bit key (k0, k1) */

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ CSipHasher& CSipHasher::Write(const unsigned char* data, size_t size)`
`49`	`49`	`{`
`50`	`50`	`uint64_t v0 = v[0], v1 = v[1], v2 = v[2], v3 = v[3];`
`51`	`51`	`uint64_t t = tmp;`
`52`		`- int c = count;`
	`52`	`+ uint8_t c = count;`
`53`	`53`
`54`	`54`	`while (size--) {`
`55`	`55`	`t \|= ((uint64_t)((data++))) << (8 (c % 8));`