[PATCH 1/8] md: clear bctx.count at final function
Locked
[PATCH 1/8] md: clear bctx.count at final function
 
|
* cipher/md4.c (md4_final): Set bctx.count zero after
finalizing. * cipher/md5.c (md5_final): Ditto. * cipher/rmd160.c (rmd160_final): Ditto. * cipher/sha1.c (sha1_final): Ditto. * cipher/sha256.c (sha256_final): Ditto. * cipher/sha512.c (sha512_final): Ditto. * cipher/sm3.c (sm3_final): Ditto. * cipher/stribog.c (stribog_final): Ditto. * cipher/tiger.c (tiger_final): Ditto. -- Final functions used to use _gcry_md_block_write for passing final blocks to transform function and thus set bctx.count to zero in _gcry_md_block_write. Final functions were then changed to use transform functions directly, but bctx.count was not set zero after this change. Then later optimization to final functions to pass two blocks to transform functions in one call also changed values set to bctx.count, causing bctx.count getting value larger than block-size of digest algorithm. Signed-off-by: Jussi Kivilinna <[hidden email]> --- cipher/md4.c | 4 ++-- cipher/md5.c | 4 ++-- cipher/rmd160.c | 4 ++-- cipher/sha1.c | 4 ++-- cipher/sha256.c | 4 ++-- cipher/sha512.c | 3 ++- cipher/sm3.c | 4 ++-- cipher/stribog.c | 2 ++ cipher/tiger.c | 5 +++-- 9 files changed, 19 insertions(+), 15 deletions(-) diff --git a/cipher/md4.c b/cipher/md4.c index 24986c27..b55443a8 100644 --- a/cipher/md4.c +++ b/cipher/md4.c @@ -237,7 +237,6 @@ md4_final( void *context ) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */ if (hd->bctx.count < 56) memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count); - hd->bctx.count = 56; /* append the 64 bit count */ buf_put_le32(hd->bctx.buf + 56, lsb); @@ -249,7 +248,6 @@ md4_final( void *context ) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */ /* fill pad and next block with zeroes */ memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56); - hd->bctx.count = 64 + 56; /* append the 64 bit count */ buf_put_le32(hd->bctx.buf + 64 + 56, lsb); @@ -265,6 +263,8 @@ md4_final( void *context ) X(D); #undef X + hd->bctx.count = 0; + _gcry_burn_stack (burn); } diff --git a/cipher/md5.c b/cipher/md5.c index 6859d566..32cb535a 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -261,7 +261,6 @@ md5_final( void *context) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */ if (hd->bctx.count < 56) memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count); - hd->bctx.count = 56; /* append the 64 bit count */ buf_put_le32(hd->bctx.buf + 56, lsb); @@ -273,7 +272,6 @@ md5_final( void *context) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */ /* fill pad and next block with zeroes */ memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56); - hd->bctx.count = 64 + 56; /* append the 64 bit count */ buf_put_le32(hd->bctx.buf + 64 + 56, lsb); @@ -289,6 +287,8 @@ md5_final( void *context) X(D); #undef X + hd->bctx.count = 0; + _gcry_burn_stack (burn); } diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 0608f74c..e12ff017 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -434,7 +434,6 @@ rmd160_final( void *context ) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */ if (hd->bctx.count < 56) memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count); - hd->bctx.count = 56; /* append the 64 bit count */ buf_put_le32(hd->bctx.buf + 56, lsb); @@ -446,7 +445,6 @@ rmd160_final( void *context ) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */ /* fill pad and next block with zeroes */ memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56); - hd->bctx.count = 64 + 56; /* append the 64 bit count */ buf_put_le32(hd->bctx.buf + 64 + 56, lsb); @@ -463,6 +461,8 @@ rmd160_final( void *context ) X(4); #undef X + hd->bctx.count = 0; + _gcry_burn_stack (burn); } diff --git a/cipher/sha1.c b/cipher/sha1.c index 287bd826..35f7376c 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -591,7 +591,6 @@ sha1_final(void *context) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */ if (hd->bctx.count < 56) memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count); - hd->bctx.count = 56; /* append the 64 bit count */ buf_put_be32(hd->bctx.buf + 56, msb); @@ -603,7 +602,6 @@ sha1_final(void *context) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */ /* fill pad and next block with zeroes */ memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56); - hd->bctx.count = 64 + 56; /* append the 64 bit count */ buf_put_be32(hd->bctx.buf + 64 + 56, msb); @@ -620,6 +618,8 @@ sha1_final(void *context) X(4); #undef X + hd->bctx.count = 0; + _gcry_burn_stack (burn); } diff --git a/cipher/sha256.c b/cipher/sha256.c index 5c761b20..93505891 100644 --- a/cipher/sha256.c +++ b/cipher/sha256.c @@ -584,7 +584,6 @@ sha256_final(void *context) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */ if (hd->bctx.count < 56) memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count); - hd->bctx.count = 56; /* append the 64 bit count */ buf_put_be32(hd->bctx.buf + 56, msb); @@ -596,7 +595,6 @@ sha256_final(void *context) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */ /* fill pad and next block with zeroes */ memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56); - hd->bctx.count = 64 + 56; /* append the 64 bit count */ buf_put_be32(hd->bctx.buf + 64 + 56, msb); @@ -616,6 +614,8 @@ sha256_final(void *context) X(7); #undef X + hd->bctx.count = 0; + _gcry_burn_stack (burn); } diff --git a/cipher/sha512.c b/cipher/sha512.c index 0f4c304f..bc4657a8 100644 --- a/cipher/sha512.c +++ b/cipher/sha512.c @@ -818,7 +818,6 @@ sha512_final (void *context) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */ if (hd->bctx.count < 112) memset (&hd->bctx.buf[hd->bctx.count], 0, 112 - hd->bctx.count); - hd->bctx.count = 112; } else { @@ -850,6 +849,8 @@ sha512_final (void *context) X (7); #undef X + hd->bctx.count = 0; + _gcry_burn_stack (burn); } diff --git a/cipher/sm3.c b/cipher/sm3.c index aee94987..0f9bae3b 100644 --- a/cipher/sm3.c +++ b/cipher/sm3.c @@ -294,7 +294,6 @@ sm3_final(void *context) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */ if (hd->bctx.count < 56) memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count); - hd->bctx.count = 56; /* append the 64 bit count */ buf_put_be32(hd->bctx.buf + 56, msb); @@ -306,7 +305,6 @@ sm3_final(void *context) hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */ /* fill pad and next block with zeroes */ memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56); - hd->bctx.count = 64 + 56; /* append the 64 bit count */ buf_put_be32(hd->bctx.buf + 64 + 56, msb); @@ -326,6 +324,8 @@ sm3_final(void *context) X(7); #undef X + hd->bctx.count = 0; + _gcry_burn_stack (burn); } diff --git a/cipher/stribog.c b/cipher/stribog.c index c919182a..f8776a3e 100644 --- a/cipher/stribog.c +++ b/cipher/stribog.c @@ -1304,6 +1304,8 @@ stribog_final (void *context) for (i = 0; i < 8; i++) hd->h[i] = le_bswap64(hd->h[i]); + hd->bctx.count = 0; + _gcry_burn_stack (768); } diff --git a/cipher/tiger.c b/cipher/tiger.c index b2f16677..4039b22b 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -760,7 +760,7 @@ tiger_final( void *context ) hd->bctx.buf[hd->bctx.count++] = pad; if (hd->bctx.count < 56) memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count); - hd->bctx.count = 56; + /* append the 64 bit count */ buf_put_le32(hd->bctx.buf + 56, lsb); buf_put_le32(hd->bctx.buf + 60, msb); @@ -771,7 +771,6 @@ tiger_final( void *context ) hd->bctx.buf[hd->bctx.count++] = pad; /* pad character */ /* fill pad and next block with zeroes */ memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56); - hd->bctx.count = 64 + 56; /* append the 64 bit count */ buf_put_le32(hd->bctx.buf + 64 + 56, lsb); @@ -797,6 +796,8 @@ tiger_final( void *context ) #undef X #undef Y + hd->bctx.count = 0; + _gcry_burn_stack (burn); } -- 2.27.0 _______________________________________________ Gcrypt-devel mailing list [hidden email] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel |
[PATCH 2/8] Fix building with --disable-asm on x86
|
|
* cipher/keccak.c (USE_64BIT_BMI2, USE_64BIT_SHLD)
(USE_32BIT_BMI2): Depend also on HAVE_CPU_ARCH_X86. * random/rndjent.c [__i386__ || __x86_64__] (USE_JENT): Depend also on HAVE_CPU_ARCH_X86. -- Signed-off-by: Jussi Kivilinna <[hidden email]> --- cipher/keccak.c | 9 ++++++--- random/rndjent.c | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/cipher/keccak.c b/cipher/keccak.c index 87a47ac3..795a02e5 100644 --- a/cipher/keccak.c +++ b/cipher/keccak.c @@ -40,21 +40,24 @@ /* USE_64BIT_BMI2 indicates whether to compile with 64-bit Intel BMI2 code. */ #undef USE_64BIT_BMI2 -#if defined(USE_64BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2) +#if defined(USE_64BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \ + defined(HAVE_CPU_ARCH_X86) # define USE_64BIT_BMI2 1 #endif /* USE_64BIT_SHLD indicates whether to compile with 64-bit Intel SHLD code. */ #undef USE_64BIT_SHLD -#if defined(USE_64BIT) && defined (__GNUC__) && defined(__x86_64__) +#if defined(USE_64BIT) && defined (__GNUC__) && defined(__x86_64__) && \ + defined(HAVE_CPU_ARCH_X86) # define USE_64BIT_SHLD 1 #endif /* USE_32BIT_BMI2 indicates whether to compile with 32-bit Intel BMI2 code. */ #undef USE_32BIT_BMI2 -#if defined(USE_32BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2) +#if defined(USE_32BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \ + defined(HAVE_CPU_ARCH_X86) # define USE_32BIT_BMI2 1 #endif diff --git a/random/rndjent.c b/random/rndjent.c index 3d01290f..56648a87 100644 --- a/random/rndjent.c +++ b/random/rndjent.c @@ -57,7 +57,7 @@ #define JENT_USES_GETTIME 2 #define JENT_USES_READ_REAL_TIME 3 #ifdef ENABLE_JENT_SUPPORT -# if defined (__i386__) || defined(__x86_64__) +# if (defined (__i386__) || defined(__x86_64__)) && defined(HAVE_CPU_ARCH_X86) # define USE_JENT JENT_USES_RDTSC # elif defined (HAVE_CLOCK_GETTIME) # if _AIX -- 2.27.0 _______________________________________________ Gcrypt-devel mailing list [hidden email] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel |
[PATCH 3/8] Fix ubsan warnings for i386 build
|
|
In reply to this post by Jussi Kivilinna-2
* mpi/mpicoder.c (_gcry_mpi_set_buffer) [BYTES_PER_MPI_LIMB == 4]: Cast
"*p--" values to mpi_limb_t before left shifting. * tests/t-lock.c (main): Cast 'time(NULL)' to unsigned type. -- Signed-off-by: Jussi Kivilinna <[hidden email]> --- mpi/mpicoder.c | 16 ++++++++-------- tests/t-lock.c | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c index a133421e..f61f777f 100644 --- a/mpi/mpicoder.c +++ b/mpi/mpicoder.c @@ -354,10 +354,10 @@ _gcry_mpi_set_buffer (gcry_mpi_t a, const void *buffer_arg, for (i=0, p = buffer+nbytes-1; p >= buffer+BYTES_PER_MPI_LIMB; ) { #if BYTES_PER_MPI_LIMB == 4 - alimb = *p-- ; - alimb |= *p-- << 8 ; - alimb |= *p-- << 16 ; - alimb |= *p-- << 24 ; + alimb = (mpi_limb_t)*p-- ; + alimb |= (mpi_limb_t)*p-- << 8 ; + alimb |= (mpi_limb_t)*p-- << 16 ; + alimb |= (mpi_limb_t)*p-- << 24 ; #elif BYTES_PER_MPI_LIMB == 8 alimb = (mpi_limb_t)*p-- ; alimb |= (mpi_limb_t)*p-- << 8 ; @@ -375,13 +375,13 @@ _gcry_mpi_set_buffer (gcry_mpi_t a, const void *buffer_arg, if ( p >= buffer ) { #if BYTES_PER_MPI_LIMB == 4 - alimb = *p--; + alimb = (mpi_limb_t)*p--; if (p >= buffer) - alimb |= *p-- << 8; + alimb |= (mpi_limb_t)*p-- << 8; if (p >= buffer) - alimb |= *p-- << 16; + alimb |= (mpi_limb_t)*p-- << 16; if (p >= buffer) - alimb |= *p-- << 24; + alimb |= (mpi_limb_t)*p-- << 24; #elif BYTES_PER_MPI_LIMB == 8 alimb = (mpi_limb_t)*p--; if (p >= buffer) diff --git a/tests/t-lock.c b/tests/t-lock.c index e263aff2..cacc3835 100644 --- a/tests/t-lock.c +++ b/tests/t-lock.c @@ -433,7 +433,7 @@ main (int argc, char **argv) } } - srand (time(NULL)*getpid()); + srand ((unsigned int)time(NULL)*getpid()); if (debug) xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0)); -- 2.27.0 _______________________________________________ Gcrypt-devel mailing list [hidden email] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel |
[PATCH 4/8] jent: silence ubsan warning about signed overflow
|
|
In reply to this post by Jussi Kivilinna-2
* random/jitterentropy-base.c (jent_stuck): Cast 'delta2' values to
'uint64_t' for calculation. -- Signed-off-by: Jussi Kivilinna <[hidden email]> --- random/jitterentropy-base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/random/jitterentropy-base.c b/random/jitterentropy-base.c index 32fdea46..ba435e1b 100644 --- a/random/jitterentropy-base.c +++ b/random/jitterentropy-base.c @@ -306,7 +306,7 @@ static unsigned int jent_memaccess(struct rand_data *ec, uint64_t loop_cnt) static int jent_stuck(struct rand_data *ec, uint64_t current_delta) { int64_t delta2 = ec->last_delta - current_delta; - int64_t delta3 = delta2 - ec->last_delta2; + int64_t delta3 = (uint64_t)delta2 - (uint64_t)ec->last_delta2; ec->last_delta = current_delta; ec->last_delta2 = delta2; -- 2.27.0 _______________________________________________ Gcrypt-devel mailing list [hidden email] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel |
[PATCH 5/8] Add handling for -Og with O-flag munging
|
|
In reply to this post by Jussi Kivilinna-2
* cipher/Makefile.am (o_flag_munging): Add handling for '-Og'.
* random/Makefile.am (o_flag_munging): Add handling for '-Og'. -- Signed-off-by: Jussi Kivilinna <[hidden email]> --- cipher/Makefile.am | 2 +- random/Makefile.am | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 6d3ec35e..d6440056 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -147,7 +147,7 @@ gost-s-box: gost-s-box.c if ENABLE_O_FLAG_MUNGING -o_flag_munging = sed -e 's/-O\([2-9s][2-9s]*\)/-O1/' -e 's/-Ofast/-O1/g' +o_flag_munging = sed -e 's/-O\([2-9sg][2-9sg]*\)/-O1/' -e 's/-Ofast/-O1/g' else o_flag_munging = cat endif diff --git a/random/Makefile.am b/random/Makefile.am index 60af5b4a..7e6e6f03 100644 --- a/random/Makefile.am +++ b/random/Makefile.am @@ -55,7 +55,7 @@ jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h # The rndjent module needs to be compiled without optimization. */ if ENABLE_O_FLAG_MUNGING -o_flag_munging = sed -e 's/-O\([1-9s][1-9s]*\)/-O0/g' -e 's/-Ofast/-O0/g' +o_flag_munging = sed -e 's/-O\([1-9sg][1-9sg]*\)/-O0/g' -e 's/-Ofast/-O0/g' else o_flag_munging = cat endif -- 2.27.0 _______________________________________________ Gcrypt-devel mailing list [hidden email] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel |
[PATCH 6/8] global: make sure that bulk config string is null-terminated
|
|
In reply to this post by Jussi Kivilinna-2
* src/global.c (_gcry_get_config): Append null-terminator to output
in the 'what == NULL' case. -- Config string was not being explicitly null-terminated which resulted garbage output from tests/version with ASAN enabled builds. Signed-off-by: Jussi Kivilinna <[hidden email]> --- src/global.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/global.c b/src/global.c index 57f7329b..8940cea0 100644 --- a/src/global.c +++ b/src/global.c @@ -434,6 +434,13 @@ _gcry_get_config (int mode, const char *what) return NULL; print_config (what, fp); + + if (!what) + { + /* Null-terminate bulk output. */ + gpgrt_fwrite ("\0", 1, 1, fp); + } + if (gpgrt_ferror (fp)) { save_errno = errno; -- 2.27.0 _______________________________________________ Gcrypt-devel mailing list [hidden email] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel |
[PATCH 7/8] tests: allow running 'make check' with ASAN
|
|
In reply to this post by Jussi Kivilinna-2
* tests/t-secmem.c (main): Skip test if environment variable
GCRYPT_IN_ASAN_TEST is defined. * tests/t-sexp.c (main): Do not initialize secmem if environment variable GCRYPT_IN_ASAN_TEST is defined. -- ASAN and mlock are incompatible, so add GCRYPT_IN_ASAN_TEST environment variant for skipping tests failing as result. This allows easier automation of ASAN checks. Signed-off-by: Jussi Kivilinna <[hidden email]> --- tests/t-secmem.c | 8 ++++++++ tests/t-sexp.c | 9 ++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/tests/t-secmem.c b/tests/t-secmem.c index c4d8c66d..2b769134 100644 --- a/tests/t-secmem.c +++ b/tests/t-secmem.c @@ -120,6 +120,14 @@ main (int argc, char **argv) long int pgsize_val = -1; size_t pgsize; + if (getenv ("GCRYPT_IN_ASAN_TEST")) + { + /* 'mlock' is not available when build with address sanitizer, + * so skip test. */ + fputs ("Note: " PGM " skipped because running with ASAN.\n", stdout); + return 0; + } + #if HAVE_MMAP # if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) pgsize_val = sysconf (_SC_PAGESIZE); diff --git a/tests/t-sexp.c b/tests/t-sexp.c index 4285ffd8..96d5f97e 100644 --- a/tests/t-sexp.c +++ b/tests/t-sexp.c @@ -1312,7 +1312,14 @@ main (int argc, char **argv) if (debug) xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0)); xgcry_control ((GCRYCTL_DISABLE_SECMEM_WARN)); - xgcry_control ((GCRYCTL_INIT_SECMEM, 16384, 0)); + if (getenv ("GCRYPT_IN_ASAN_TEST")) + { + fputs ("Note: " PGM " not using secmem as running with ASAN.\n", stdout); + } + else + { + xgcry_control ((GCRYCTL_INIT_SECMEM, 16384, 0)); + } if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch"); /* #include "../src/gcrypt-int.h" indicates that internal interfaces -- 2.27.0 _______________________________________________ Gcrypt-devel mailing list [hidden email] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel |
[PATCH 8/8] ecc-ecdh: fix memory leak
|
|
In reply to this post by Jussi Kivilinna-2
* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Free 'ec' at function exit.
-- Signed-off-by: Jussi Kivilinna <[hidden email]> --- cipher/ecc-ecdh.c | 1 + 1 file changed, 1 insertion(+) diff --git a/cipher/ecc-ecdh.c b/cipher/ecc-ecdh.c index 43eb731a..d6b8991a 100644 --- a/cipher/ecc-ecdh.c +++ b/cipher/ecc-ecdh.c @@ -122,5 +122,6 @@ _gcry_ecc_mul_point (int curveid, unsigned char *result, _gcry_mpi_release (x); point_free (&Q); _gcry_mpi_release (mpi_k); + _gcry_mpi_ec_free (ec); return err; } -- 2.27.0 _______________________________________________ Gcrypt-devel mailing list [hidden email] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel |
«
Return to GnuPG - Libgcrypt - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |