From: Paul Eggert Date: Fri, 18 May 2012 20:10:42 +0000 (-0700) Subject: crypto: fix bug in large buffer handling X-Git-Tag: v0.1~666 X-Git-Url: http://erislabs.net/gitweb/?a=commitdiff_plain;h=0403c76938c7f487d303818cd19a72a1b63eb94f;p=gnulib.git crypto: fix bug in large buffer handling Problem reported by Serge Belyshev for glibc in and for gnulib in . * lib/md4.c (md4_process_block): * lib/md5.c (md5_process_block): * lib/sha1.c (sha1_process_block): * lib/sha256.c (sha256_process_block): Don't assume the buffer length is less than 2**32. --- diff --git a/ChangeLog b/ChangeLog index aeb3cf8d6..fbe9c1d3a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2012-05-18 Paul Eggert + + crypto: fix bug in large buffer handling + Problem reported by Serge Belyshev for glibc in + and for gnulib in + . + * lib/md4.c (md4_process_block): + * lib/md5.c (md5_process_block): + * lib/sha1.c (sha1_process_block): + * lib/sha256.c (sha256_process_block): + Don't assume the buffer length is less than 2**32. + 2012-05-15 Pádraig Brady fsusage: fix block size returned on older Linux 2.6 diff --git a/lib/md4.c b/lib/md4.c index 6307b46bc..3d1c369ed 100644 --- a/lib/md4.c +++ b/lib/md4.c @@ -301,13 +301,13 @@ md4_process_block (const void *buffer, size_t len, struct md4_ctx *ctx) uint32_t B = ctx->B; uint32_t C = ctx->C; uint32_t D = ctx->D; + uint32_t lolen = len; /* First increment the byte count. RFC 1320 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); /* Process all bytes in the buffer with 64 bytes in each round of the loop. */ diff --git a/lib/md5.c b/lib/md5.c index 498ac9877..66ede23b5 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -312,13 +312,13 @@ md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx) uint32_t B = ctx->B; uint32_t C = ctx->C; uint32_t D = ctx->D; + uint32_t lolen = len; /* First increment the byte count. RFC 1321 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); /* Process all bytes in the buffer with 64 bytes in each round of the loop. */ diff --git a/lib/sha1.c b/lib/sha1.c index 35870ee13..db4ab42a6 100644 --- a/lib/sha1.c +++ b/lib/sha1.c @@ -305,13 +305,13 @@ sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx) uint32_t c = ctx->C; uint32_t d = ctx->D; uint32_t e = ctx->E; + uint32_t lolen = len; /* First increment the byte count. RFC 1321 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); #define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n)))) diff --git a/lib/sha256.c b/lib/sha256.c index c1482d3c6..a8d29da18 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -454,13 +454,13 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) uint32_t f = ctx->state[5]; uint32_t g = ctx->state[6]; uint32_t h = ctx->state[7]; + uint32_t lolen = len; /* First increment the byte count. FIPS PUB 180-2 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); #define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) #define S0(x) (rol(x,25)^rol(x,14)^(x>>3))