[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-361-ge709d86

by Werner Koch cvs at cvs.gnupg.org
Wed Mar 23 14:16:56 CET 2016


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  e709d86fe596a4bcf235799468947c13ae657d78 (commit)
      from  7c9c82feecf94a455c66d9c38576f36c9c4b484c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e709d86fe596a4bcf235799468947c13ae657d78
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Mar 23 14:13:18 2016 +0100

    cipher: Avoid NULL-segv in GCM mode if a key has not been set.
    
    * cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt): Check that GHASH_FN
    has been initialized.
    (_gcry_cipher_gcm_decrypt): Ditto.
    (_gcry_cipher_gcm_authenticate): Ditto.
    (_gcry_cipher_gcm_initiv): Ditto.
    (_gcry_cipher_gcm_tag): Ditto.
    --
    
    Avoid a crash if certain functions are used before setkey.
    
    Reported-by: Peter Wu <peter at lekensteyn.nl>
    
      One crash is not fixed, that is the crash when setkey is not invoked
      before using the GCM ciphers (introduced in the 1.7.0 cycle). Either
      these functions should check that the key is present, or they should
      initialize the ghash table earlier. Affected functions:
    
        _gcry_cipher_gcm_encrypt
        _gcry_cipher_gcm_decrypt
        _gcry_cipher_gcm_authenticate
        _gcry_cipher_gcm_initiv
        (via _gcry_cipher_gcm_setiv)
        _gcry_cipher_gcm_tag
        (via _gcry_cipher_gcm_get_tag, _gcry_cipher_gcm_check_tag)
    
    Regression-due-to: 4a0795af021305f9240f23626a3796157db46bd7
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
index 5e9dec4..712641e 100644
--- a/cipher/cipher-gcm.c
+++ b/cipher/cipher-gcm.c
@@ -535,7 +535,9 @@ _gcry_cipher_gcm_encrypt (gcry_cipher_hd_t c,
     return GPG_ERR_BUFFER_TOO_SHORT;
   if (c->u_mode.gcm.datalen_over_limits)
     return GPG_ERR_INV_LENGTH;
-  if (c->marks.tag || c->u_mode.gcm.ghash_data_finalized)
+  if (c->marks.tag
+      || c->u_mode.gcm.ghash_data_finalized
+      || !c->u_mode.gcm.ghash_fn)
     return GPG_ERR_INV_STATE;
 
   if (!c->marks.iv)
@@ -581,7 +583,9 @@ _gcry_cipher_gcm_decrypt (gcry_cipher_hd_t c,
     return GPG_ERR_BUFFER_TOO_SHORT;
   if (c->u_mode.gcm.datalen_over_limits)
     return GPG_ERR_INV_LENGTH;
-  if (c->marks.tag || c->u_mode.gcm.ghash_data_finalized)
+  if (c->marks.tag
+      || c->u_mode.gcm.ghash_data_finalized
+      || !c->u_mode.gcm.ghash_fn)
     return GPG_ERR_INV_STATE;
 
   if (!c->marks.iv)
@@ -617,8 +621,10 @@ _gcry_cipher_gcm_authenticate (gcry_cipher_hd_t c,
     return GPG_ERR_CIPHER_ALGO;
   if (c->u_mode.gcm.datalen_over_limits)
     return GPG_ERR_INV_LENGTH;
-  if (c->marks.tag || c->u_mode.gcm.ghash_aad_finalized ||
-      c->u_mode.gcm.ghash_data_finalized)
+  if (c->marks.tag
+      || c->u_mode.gcm.ghash_aad_finalized
+      || c->u_mode.gcm.ghash_data_finalized
+      || !c->u_mode.gcm.ghash_fn)
     return GPG_ERR_INV_STATE;
 
   if (!c->marks.iv)
@@ -666,6 +672,9 @@ _gcry_cipher_gcm_initiv (gcry_cipher_hd_t c, const byte *iv, size_t ivlen)
       u32 iv_bytes[2] = {0, 0};
       u32 bitlengths[2][2];
 
+      if (!c->u_mode.gcm.ghash_fn)
+        return GPG_ERR_INV_STATE;
+
       memset(c->u_ctr.ctr, 0, GCRY_GCM_BLOCK_LEN);
 
       gcm_bytecounter_add(iv_bytes, ivlen);
@@ -773,6 +782,9 @@ _gcry_cipher_gcm_tag (gcry_cipher_hd_t c,
     {
       u32 bitlengths[2][2];
 
+      if (!c->u_mode.gcm.ghash_fn)
+        return GPG_ERR_INV_STATE;
+
       /* aad length */
       bitlengths[0][1] = be_bswap32(c->u_mode.gcm.aadlen[0] << 3);
       bitlengths[0][0] = be_bswap32((c->u_mode.gcm.aadlen[0] >> 29) |

-----------------------------------------------------------------------

Summary of changes:
 cipher/cipher-gcm.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org


_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits




More information about the Gcrypt-devel mailing list