From c1e2ec16db05173afed1f625b9dfaedaa8a1b75a Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Fri, 24 Feb 2023 08:16:20 +0100 Subject: [PATCH] QMessageAuthenticationCode: statically assert HMAC works for all algorithms MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... by checking that for each algorithm, that the algorithm's result size is not larger than the algorithm's block size. Pick-to: 6.5 Change-Id: I4daf7900e72766d180954b15edb06687a57f939f Reviewed-by: MÃ¥rten Nordheim Reviewed-by: Qt CI Bot Reviewed-by: Thiago Macieira --- src/corelib/tools/qcryptographichash.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/corelib/tools/qcryptographichash.cpp b/src/corelib/tools/qcryptographichash.cpp index 78ab9836a1..09b53d4941 100644 --- a/src/corelib/tools/qcryptographichash.cpp +++ b/src/corelib/tools/qcryptographichash.cpp @@ -1150,7 +1150,14 @@ void QMessageAuthenticationCodePrivate::setKey(const QByteArray &newKey) if (newKey.size() > blockSize) { messageHash.addData(newKey); messageHash.finalizeUnchecked(); - static_assert(maxHashLength() <= maxHashBlockSize()); + static_assert([] { + using A = QCryptographicHash::Algorithm; + for (int i = 0; i < A::NumAlgorithms; ++i) { + if (hashLengthInternal(A(i)) > qt_hash_block_size(A(i))) + return false; + } + return true; + }(), "this code assumes that a hash's result always fits into that hash's block size"); key = messageHash.result; messageHash.reset(); } else {