[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: incorrect large buffer handling in md5.c/sha1.c/sha256.c/sha512.c
From: |
Paul Eggert |
Subject: |
Re: incorrect large buffer handling in md5.c/sha1.c/sha256.c/sha512.c |
Date: |
Fri, 18 May 2012 13:17:13 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1 |
On 05/18/2012 08:47 AM, Serge Belyshev wrote:
> http://sourceware.org/bugzilla/show_bug.cgi?id=14090
Thanks for the heads-up. For gnulib I see the bug in
md4.c, md5.c, sha1.c, and sha256.c, so I installed the
following patch. I don't see a bug in sha512.c, though;
could you please elaborate? Thanks.
---
ChangeLog | 12 ++++++++++++
lib/md4.c | 6 +++---
lib/md5.c | 6 +++---
lib/sha1.c | 6 +++---
lib/sha256.c | 6 +++---
5 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index aeb3cf8..fbe9c1d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2012-05-18 Paul Eggert <address@hidden>
+
+ crypto: fix bug in large buffer handling
+ Problem reported by Serge Belyshev for glibc in
+ <http://sourceware.org/bugzilla/show_bug.cgi?id=14090> and for gnulib in
+ <http://lists.gnu.org/archive/html/bug-gnulib/2012-05/msg00226.html>.
+ * lib/md4.c (md4_process_block):
+ * lib/md5.c (md5_process_block):
+ * lib/sha1.c (sha1_process_block):
+ * lib/sha256.c (sha256_process_block):
+ Don't assume the buffer length is less than 2**32.
+
2012-05-15 Pádraig Brady <address@hidden>
fsusage: fix block size returned on older Linux 2.6
diff --git a/lib/md4.c b/lib/md4.c
index 6307b46..3d1c369 100644
--- a/lib/md4.c
+++ b/lib/md4.c
@@ -301,13 +301,13 @@ md4_process_block (const void *buffer, size_t len, struct
md4_ctx *ctx)
uint32_t B = ctx->B;
uint32_t C = ctx->C;
uint32_t D = ctx->D;
+ uint32_t lolen = len;
/* First increment the byte count. RFC 1320 specifies the possible
length of the file up to 2^64 bits. Here we only compute the
number of bytes. Do a double word increment. */
- ctx->total[0] += len;
- if (ctx->total[0] < len)
- ++ctx->total[1];
+ ctx->total[0] += lolen;
+ ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen);
/* Process all bytes in the buffer with 64 bytes in each round of
the loop. */
diff --git a/lib/md5.c b/lib/md5.c
index 498ac98..66ede23 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -312,13 +312,13 @@ md5_process_block (const void *buffer, size_t len, struct
md5_ctx *ctx)
uint32_t B = ctx->B;
uint32_t C = ctx->C;
uint32_t D = ctx->D;
+ uint32_t lolen = len;
/* First increment the byte count. RFC 1321 specifies the possible
length of the file up to 2^64 bits. Here we only compute the
number of bytes. Do a double word increment. */
- ctx->total[0] += len;
- if (ctx->total[0] < len)
- ++ctx->total[1];
+ ctx->total[0] += lolen;
+ ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen);
/* Process all bytes in the buffer with 64 bytes in each round of
the loop. */
diff --git a/lib/sha1.c b/lib/sha1.c
index 35870ee..db4ab42 100644
--- a/lib/sha1.c
+++ b/lib/sha1.c
@@ -305,13 +305,13 @@ sha1_process_block (const void *buffer, size_t len,
struct sha1_ctx *ctx)
uint32_t c = ctx->C;
uint32_t d = ctx->D;
uint32_t e = ctx->E;
+ uint32_t lolen = len;
/* First increment the byte count. RFC 1321 specifies the possible
length of the file up to 2^64 bits. Here we only compute the
number of bytes. Do a double word increment. */
- ctx->total[0] += len;
- if (ctx->total[0] < len)
- ++ctx->total[1];
+ ctx->total[0] += lolen;
+ ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen);
#define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n))))
diff --git a/lib/sha256.c b/lib/sha256.c
index c1482d3..a8d29da 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -454,13 +454,13 @@ sha256_process_block (const void *buffer, size_t len,
struct sha256_ctx *ctx)
uint32_t f = ctx->state[5];
uint32_t g = ctx->state[6];
uint32_t h = ctx->state[7];
+ uint32_t lolen = len;
/* First increment the byte count. FIPS PUB 180-2 specifies the possible
length of the file up to 2^64 bits. Here we only compute the
number of bytes. Do a double word increment. */
- ctx->total[0] += len;
- if (ctx->total[0] < len)
- ++ctx->total[1];
+ ctx->total[0] += lolen;
+ ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen);
#define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
#define S0(x) (rol(x,25)^rol(x,14)^(x>>3))
--
1.7.6.5