[PATCH 1/8] md: clear bctx.count at final function
Jussi Kivilinna
jussi.kivilinna at iki.fi
Sun Jan 31 17:01:33 CET 2021
* cipher/md4.c (md4_final): Set bctx.count zero after
finalizing.
* cipher/md5.c (md5_final): Ditto.
* cipher/rmd160.c (rmd160_final): Ditto.
* cipher/sha1.c (sha1_final): Ditto.
* cipher/sha256.c (sha256_final): Ditto.
* cipher/sha512.c (sha512_final): Ditto.
* cipher/sm3.c (sm3_final): Ditto.
* cipher/stribog.c (stribog_final): Ditto.
* cipher/tiger.c (tiger_final): Ditto.
--
Final functions used to use _gcry_md_block_write for passing
final blocks to transform function and thus set bctx.count
to zero in _gcry_md_block_write. Final functions were then
changed to use transform functions directly, but bctx.count
was not set zero after this change. Then later optimization
to final functions to pass two blocks to transform functions
in one call also changed values set to bctx.count, causing
bctx.count getting value larger than block-size of digest
algorithm.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
cipher/md4.c | 4 ++--
cipher/md5.c | 4 ++--
cipher/rmd160.c | 4 ++--
cipher/sha1.c | 4 ++--
cipher/sha256.c | 4 ++--
cipher/sha512.c | 3 ++-
cipher/sm3.c | 4 ++--
cipher/stribog.c | 2 ++
cipher/tiger.c | 5 +++--
9 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/cipher/md4.c b/cipher/md4.c
index 24986c27..b55443a8 100644
--- a/cipher/md4.c
+++ b/cipher/md4.c
@@ -237,7 +237,6 @@ md4_final( void *context )
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
if (hd->bctx.count < 56)
memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
- hd->bctx.count = 56;
/* append the 64 bit count */
buf_put_le32(hd->bctx.buf + 56, lsb);
@@ -249,7 +248,6 @@ md4_final( void *context )
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
/* fill pad and next block with zeroes */
memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
- hd->bctx.count = 64 + 56;
/* append the 64 bit count */
buf_put_le32(hd->bctx.buf + 64 + 56, lsb);
@@ -265,6 +263,8 @@ md4_final( void *context )
X(D);
#undef X
+ hd->bctx.count = 0;
+
_gcry_burn_stack (burn);
}
diff --git a/cipher/md5.c b/cipher/md5.c
index 6859d566..32cb535a 100644
--- a/cipher/md5.c
+++ b/cipher/md5.c
@@ -261,7 +261,6 @@ md5_final( void *context)
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
if (hd->bctx.count < 56)
memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
- hd->bctx.count = 56;
/* append the 64 bit count */
buf_put_le32(hd->bctx.buf + 56, lsb);
@@ -273,7 +272,6 @@ md5_final( void *context)
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
/* fill pad and next block with zeroes */
memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
- hd->bctx.count = 64 + 56;
/* append the 64 bit count */
buf_put_le32(hd->bctx.buf + 64 + 56, lsb);
@@ -289,6 +287,8 @@ md5_final( void *context)
X(D);
#undef X
+ hd->bctx.count = 0;
+
_gcry_burn_stack (burn);
}
diff --git a/cipher/rmd160.c b/cipher/rmd160.c
index 0608f74c..e12ff017 100644
--- a/cipher/rmd160.c
+++ b/cipher/rmd160.c
@@ -434,7 +434,6 @@ rmd160_final( void *context )
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
if (hd->bctx.count < 56)
memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
- hd->bctx.count = 56;
/* append the 64 bit count */
buf_put_le32(hd->bctx.buf + 56, lsb);
@@ -446,7 +445,6 @@ rmd160_final( void *context )
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
/* fill pad and next block with zeroes */
memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
- hd->bctx.count = 64 + 56;
/* append the 64 bit count */
buf_put_le32(hd->bctx.buf + 64 + 56, lsb);
@@ -463,6 +461,8 @@ rmd160_final( void *context )
X(4);
#undef X
+ hd->bctx.count = 0;
+
_gcry_burn_stack (burn);
}
diff --git a/cipher/sha1.c b/cipher/sha1.c
index 287bd826..35f7376c 100644
--- a/cipher/sha1.c
+++ b/cipher/sha1.c
@@ -591,7 +591,6 @@ sha1_final(void *context)
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
if (hd->bctx.count < 56)
memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
- hd->bctx.count = 56;
/* append the 64 bit count */
buf_put_be32(hd->bctx.buf + 56, msb);
@@ -603,7 +602,6 @@ sha1_final(void *context)
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
/* fill pad and next block with zeroes */
memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
- hd->bctx.count = 64 + 56;
/* append the 64 bit count */
buf_put_be32(hd->bctx.buf + 64 + 56, msb);
@@ -620,6 +618,8 @@ sha1_final(void *context)
X(4);
#undef X
+ hd->bctx.count = 0;
+
_gcry_burn_stack (burn);
}
diff --git a/cipher/sha256.c b/cipher/sha256.c
index 5c761b20..93505891 100644
--- a/cipher/sha256.c
+++ b/cipher/sha256.c
@@ -584,7 +584,6 @@ sha256_final(void *context)
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
if (hd->bctx.count < 56)
memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
- hd->bctx.count = 56;
/* append the 64 bit count */
buf_put_be32(hd->bctx.buf + 56, msb);
@@ -596,7 +595,6 @@ sha256_final(void *context)
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
/* fill pad and next block with zeroes */
memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
- hd->bctx.count = 64 + 56;
/* append the 64 bit count */
buf_put_be32(hd->bctx.buf + 64 + 56, msb);
@@ -616,6 +614,8 @@ sha256_final(void *context)
X(7);
#undef X
+ hd->bctx.count = 0;
+
_gcry_burn_stack (burn);
}
diff --git a/cipher/sha512.c b/cipher/sha512.c
index 0f4c304f..bc4657a8 100644
--- a/cipher/sha512.c
+++ b/cipher/sha512.c
@@ -818,7 +818,6 @@ sha512_final (void *context)
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
if (hd->bctx.count < 112)
memset (&hd->bctx.buf[hd->bctx.count], 0, 112 - hd->bctx.count);
- hd->bctx.count = 112;
}
else
{
@@ -850,6 +849,8 @@ sha512_final (void *context)
X (7);
#undef X
+ hd->bctx.count = 0;
+
_gcry_burn_stack (burn);
}
diff --git a/cipher/sm3.c b/cipher/sm3.c
index aee94987..0f9bae3b 100644
--- a/cipher/sm3.c
+++ b/cipher/sm3.c
@@ -294,7 +294,6 @@ sm3_final(void *context)
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
if (hd->bctx.count < 56)
memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
- hd->bctx.count = 56;
/* append the 64 bit count */
buf_put_be32(hd->bctx.buf + 56, msb);
@@ -306,7 +305,6 @@ sm3_final(void *context)
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
/* fill pad and next block with zeroes */
memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
- hd->bctx.count = 64 + 56;
/* append the 64 bit count */
buf_put_be32(hd->bctx.buf + 64 + 56, msb);
@@ -326,6 +324,8 @@ sm3_final(void *context)
X(7);
#undef X
+ hd->bctx.count = 0;
+
_gcry_burn_stack (burn);
}
diff --git a/cipher/stribog.c b/cipher/stribog.c
index c919182a..f8776a3e 100644
--- a/cipher/stribog.c
+++ b/cipher/stribog.c
@@ -1304,6 +1304,8 @@ stribog_final (void *context)
for (i = 0; i < 8; i++)
hd->h[i] = le_bswap64(hd->h[i]);
+ hd->bctx.count = 0;
+
_gcry_burn_stack (768);
}
diff --git a/cipher/tiger.c b/cipher/tiger.c
index b2f16677..4039b22b 100644
--- a/cipher/tiger.c
+++ b/cipher/tiger.c
@@ -760,7 +760,7 @@ tiger_final( void *context )
hd->bctx.buf[hd->bctx.count++] = pad;
if (hd->bctx.count < 56)
memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
- hd->bctx.count = 56;
+
/* append the 64 bit count */
buf_put_le32(hd->bctx.buf + 56, lsb);
buf_put_le32(hd->bctx.buf + 60, msb);
@@ -771,7 +771,6 @@ tiger_final( void *context )
hd->bctx.buf[hd->bctx.count++] = pad; /* pad character */
/* fill pad and next block with zeroes */
memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
- hd->bctx.count = 64 + 56;
/* append the 64 bit count */
buf_put_le32(hd->bctx.buf + 64 + 56, lsb);
@@ -797,6 +796,8 @@ tiger_final( void *context )
#undef X
#undef Y
+ hd->bctx.count = 0;
+
_gcry_burn_stack (burn);
}
--
2.27.0
More information about the Gcrypt-devel
mailing list