[git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-51-g885f031

by Jussi Kivilinna cvs at cvs.gnupg.org
Thu Mar 22 21:24:03 CET 2018


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  885f031fbd17abc1c0fedbb98df22823b647fc11 (commit)
       via  330ec66e0babdabb658dc7d6db78f37b2a1b996e (commit)
      from  617f5e746f8295cc36d1002c8c53edc95d04d0f6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 885f031fbd17abc1c0fedbb98df22823b647fc11
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Thu Mar 22 21:54:20 2018 +0200

    tests/aeswrap: add in-place encryption/decryption testing
    
    * tests/aeswrap.c (check): Rename to...
    (check_one): ...this and add in-place testing.
    (check): New.
    --
    
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>

diff --git a/tests/aeswrap.c b/tests/aeswrap.c
index 90add11..dbbd7dd 100644
--- a/tests/aeswrap.c
+++ b/tests/aeswrap.c
@@ -31,10 +31,11 @@
 
 
 static void
-check (int algo,
-       const void *kek, size_t keklen,
-       const void *data, size_t datalen,
-       const void *expected, size_t expectedlen)
+check_one (int algo,
+           const void *kek, size_t keklen,
+           const void *data, size_t datalen,
+           const void *expected, size_t expectedlen,
+           int inplace)
 {
   gcry_error_t err;
   gcry_cipher_hd_t hd;
@@ -57,9 +58,19 @@ check (int algo,
 
   outbuflen = datalen + 8;
   if (outbuflen > sizeof outbuf)
-    err = gpg_error (GPG_ERR_INTERNAL);
+    {
+      err = gpg_error (GPG_ERR_INTERNAL);
+    }
+  else if (inplace)
+    {
+      memcpy (outbuf, data, datalen);
+      err = gcry_cipher_encrypt (hd, outbuf, outbuflen, outbuf, datalen);
+    }
   else
-    err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, datalen);
+    {
+      err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, datalen);
+    }
+
   if (err)
     {
       fail ("gcry_cipher_encrypt failed: %s\n", gpg_strerror (err));
@@ -71,7 +82,7 @@ check (int algo,
       const unsigned char *s;
       int i;
 
-      fail ("mismatch at encryption!\n");
+      fail ("mismatch at encryption!%s\n", inplace ? " (inplace)" : "");
       fprintf (stderr, "computed: ");
       for (i = 0; i < outbuflen; i++)
 	fprintf (stderr, "%02x ", outbuf[i]);
@@ -84,9 +95,19 @@ check (int algo,
 
   outbuflen = expectedlen - 8;
   if (outbuflen > sizeof outbuf)
-    err = gpg_error (GPG_ERR_INTERNAL);
+    {
+      err = gpg_error (GPG_ERR_INTERNAL);
+    }
+  else if (inplace)
+    {
+      memcpy (outbuf, expected, expectedlen);
+      err = gcry_cipher_decrypt (hd, outbuf, outbuflen, outbuf, expectedlen);
+    }
   else
-    err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+    {
+      err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+    }
+
   if (err)
     {
       fail ("gcry_cipher_decrypt failed: %s\n", gpg_strerror (err));
@@ -98,7 +119,7 @@ check (int algo,
       const unsigned char *s;
       int i;
 
-      fail ("mismatch at decryption!\n");
+      fail ("mismatch at decryption!%s\n", inplace ? " (inplace)" : "");
       fprintf (stderr, "computed: ");
       for (i = 0; i < outbuflen; i++)
 	fprintf (stderr, "%02x ", outbuf[i]);
@@ -113,9 +134,19 @@ check (int algo,
 
   outbuflen = expectedlen - 8;
   if (outbuflen > sizeof outbuf)
-    err = gpg_error (GPG_ERR_INTERNAL);
+    {
+      err = gpg_error (GPG_ERR_INTERNAL);
+    }
+  else if (inplace)
+    {
+      memcpy (outbuf, expected, expectedlen);
+      err = gcry_cipher_decrypt (hd, outbuf, outbuflen, outbuf, expectedlen);
+    }
   else
-    err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+    {
+      err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+    }
+
   if (err)
     {
       fail ("gcry_cipher_decrypt(2) failed: %s\n", gpg_strerror (err));
@@ -123,14 +154,24 @@ check (int algo,
     }
 
   if (outbuflen != datalen || memcmp (outbuf, data, datalen))
-    fail ("mismatch at decryption(2)!\n");
+    fail ("mismatch at decryption(2)!%s\n", inplace ? " (inplace)" : "");
 
-  /* And once ore without a key reset. */
+  /* And once more without a key reset. */
   outbuflen = expectedlen - 8;
   if (outbuflen > sizeof outbuf)
-    err = gpg_error (GPG_ERR_INTERNAL);
+    {
+      err = gpg_error (GPG_ERR_INTERNAL);
+    }
+  else if (inplace)
+    {
+      memcpy (outbuf, expected, expectedlen);
+      err = gcry_cipher_decrypt (hd, outbuf, outbuflen, outbuf, expectedlen);
+    }
   else
-    err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+    {
+      err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+    }
+
   if (err)
     {
       fail ("gcry_cipher_decrypt(3) failed: %s\n", gpg_strerror (err));
@@ -138,13 +179,24 @@ check (int algo,
     }
 
   if (outbuflen != datalen || memcmp (outbuf, data, datalen))
-    fail ("mismatch at decryption(3)!\n");
+    fail ("mismatch at decryption(3)!%s\n", inplace ? " (inplace)" : "");
 
   gcry_cipher_close (hd);
 }
 
 
 static void
+check (int algo,
+       const void *kek, size_t keklen,
+       const void *data, size_t datalen,
+       const void *expected, size_t expectedlen)
+{
+  check_one (algo, kek, keklen, data, datalen, expected, expectedlen, 0);
+  check_one (algo, kek, keklen, data, datalen, expected, expectedlen, 1);
+}
+
+
+static void
 check_all (void)
 {
   if (verbose)

commit 330ec66e0babdabb658dc7d6db78f37b2a1b996e
Author: Stephan Mueller <smueller at chronox.de>
Date:   Mon Mar 12 22:24:37 2018 +0100

    AES-KW: fix in-place encryption
    
    * cipher/cipher-aeswrap.c: move memmove call before KW IV setting
    --
    
    In case AES-KW in-place encryption is performed, the plaintext must be
    moved to the correct destination location before the first semiblock of
    the destination buffer is modified. Without the patch, the first
    semiblock of the plaintext is overwritten with a6a6a6a6a6a6a6a6.
    
    Signed-off-by: Stephan Mueller <smueller at chronox.de>

diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c
index 698742d..a8d0e03 100644
--- a/cipher/cipher-aeswrap.c
+++ b/cipher/cipher-aeswrap.c
@@ -70,6 +70,9 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
   a = outbuf;  /* We store A directly in OUTBUF.  */
   b = c->u_ctr.ctr;  /* B is also used to concatenate stuff.  */
 
+  /* Copy the inbuf to the outbuf. */
+  memmove (r+8, inbuf, inbuflen);
+
   /* If an IV has been set we use that IV as the Alternative Initial
      Value; if it has not been set we use the standard value.  */
   if (c->marks.iv)
@@ -77,9 +80,6 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
   else
     memset (a, 0xa6, 8);
 
-  /* Copy the inbuf to the outbuf. */
-  memmove (r+8, inbuf, inbuflen);
-
   memset (t, 0, sizeof t); /* t := 0.  */
 
   for (j = 0; j <= 5; j++)

-----------------------------------------------------------------------

Summary of changes:
 cipher/cipher-aeswrap.c |  6 ++--
 tests/aeswrap.c         | 86 +++++++++++++++++++++++++++++++++++++++----------
 2 files changed, 72 insertions(+), 20 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org


_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits




More information about the Gcrypt-devel mailing list