[git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-51-g885f031
by Jussi Kivilinna
cvs at cvs.gnupg.org
Thu Mar 22 21:24:03 CET 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 885f031fbd17abc1c0fedbb98df22823b647fc11 (commit)
via 330ec66e0babdabb658dc7d6db78f37b2a1b996e (commit)
from 617f5e746f8295cc36d1002c8c53edc95d04d0f6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 885f031fbd17abc1c0fedbb98df22823b647fc11
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date: Thu Mar 22 21:54:20 2018 +0200
tests/aeswrap: add in-place encryption/decryption testing
* tests/aeswrap.c (check): Rename to...
(check_one): ...this and add in-place testing.
(check): New.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
diff --git a/tests/aeswrap.c b/tests/aeswrap.c
index 90add11..dbbd7dd 100644
--- a/tests/aeswrap.c
+++ b/tests/aeswrap.c
@@ -31,10 +31,11 @@
static void
-check (int algo,
- const void *kek, size_t keklen,
- const void *data, size_t datalen,
- const void *expected, size_t expectedlen)
+check_one (int algo,
+ const void *kek, size_t keklen,
+ const void *data, size_t datalen,
+ const void *expected, size_t expectedlen,
+ int inplace)
{
gcry_error_t err;
gcry_cipher_hd_t hd;
@@ -57,9 +58,19 @@ check (int algo,
outbuflen = datalen + 8;
if (outbuflen > sizeof outbuf)
- err = gpg_error (GPG_ERR_INTERNAL);
+ {
+ err = gpg_error (GPG_ERR_INTERNAL);
+ }
+ else if (inplace)
+ {
+ memcpy (outbuf, data, datalen);
+ err = gcry_cipher_encrypt (hd, outbuf, outbuflen, outbuf, datalen);
+ }
else
- err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, datalen);
+ {
+ err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, datalen);
+ }
+
if (err)
{
fail ("gcry_cipher_encrypt failed: %s\n", gpg_strerror (err));
@@ -71,7 +82,7 @@ check (int algo,
const unsigned char *s;
int i;
- fail ("mismatch at encryption!\n");
+ fail ("mismatch at encryption!%s\n", inplace ? " (inplace)" : "");
fprintf (stderr, "computed: ");
for (i = 0; i < outbuflen; i++)
fprintf (stderr, "%02x ", outbuf[i]);
@@ -84,9 +95,19 @@ check (int algo,
outbuflen = expectedlen - 8;
if (outbuflen > sizeof outbuf)
- err = gpg_error (GPG_ERR_INTERNAL);
+ {
+ err = gpg_error (GPG_ERR_INTERNAL);
+ }
+ else if (inplace)
+ {
+ memcpy (outbuf, expected, expectedlen);
+ err = gcry_cipher_decrypt (hd, outbuf, outbuflen, outbuf, expectedlen);
+ }
else
- err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+ {
+ err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+ }
+
if (err)
{
fail ("gcry_cipher_decrypt failed: %s\n", gpg_strerror (err));
@@ -98,7 +119,7 @@ check (int algo,
const unsigned char *s;
int i;
- fail ("mismatch at decryption!\n");
+ fail ("mismatch at decryption!%s\n", inplace ? " (inplace)" : "");
fprintf (stderr, "computed: ");
for (i = 0; i < outbuflen; i++)
fprintf (stderr, "%02x ", outbuf[i]);
@@ -113,9 +134,19 @@ check (int algo,
outbuflen = expectedlen - 8;
if (outbuflen > sizeof outbuf)
- err = gpg_error (GPG_ERR_INTERNAL);
+ {
+ err = gpg_error (GPG_ERR_INTERNAL);
+ }
+ else if (inplace)
+ {
+ memcpy (outbuf, expected, expectedlen);
+ err = gcry_cipher_decrypt (hd, outbuf, outbuflen, outbuf, expectedlen);
+ }
else
- err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+ {
+ err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+ }
+
if (err)
{
fail ("gcry_cipher_decrypt(2) failed: %s\n", gpg_strerror (err));
@@ -123,14 +154,24 @@ check (int algo,
}
if (outbuflen != datalen || memcmp (outbuf, data, datalen))
- fail ("mismatch at decryption(2)!\n");
+ fail ("mismatch at decryption(2)!%s\n", inplace ? " (inplace)" : "");
- /* And once ore without a key reset. */
+ /* And once more without a key reset. */
outbuflen = expectedlen - 8;
if (outbuflen > sizeof outbuf)
- err = gpg_error (GPG_ERR_INTERNAL);
+ {
+ err = gpg_error (GPG_ERR_INTERNAL);
+ }
+ else if (inplace)
+ {
+ memcpy (outbuf, expected, expectedlen);
+ err = gcry_cipher_decrypt (hd, outbuf, outbuflen, outbuf, expectedlen);
+ }
else
- err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+ {
+ err = gcry_cipher_decrypt (hd, outbuf, outbuflen, expected, expectedlen);
+ }
+
if (err)
{
fail ("gcry_cipher_decrypt(3) failed: %s\n", gpg_strerror (err));
@@ -138,13 +179,24 @@ check (int algo,
}
if (outbuflen != datalen || memcmp (outbuf, data, datalen))
- fail ("mismatch at decryption(3)!\n");
+ fail ("mismatch at decryption(3)!%s\n", inplace ? " (inplace)" : "");
gcry_cipher_close (hd);
}
static void
+check (int algo,
+ const void *kek, size_t keklen,
+ const void *data, size_t datalen,
+ const void *expected, size_t expectedlen)
+{
+ check_one (algo, kek, keklen, data, datalen, expected, expectedlen, 0);
+ check_one (algo, kek, keklen, data, datalen, expected, expectedlen, 1);
+}
+
+
+static void
check_all (void)
{
if (verbose)
commit 330ec66e0babdabb658dc7d6db78f37b2a1b996e
Author: Stephan Mueller <smueller at chronox.de>
Date: Mon Mar 12 22:24:37 2018 +0100
AES-KW: fix in-place encryption
* cipher/cipher-aeswrap.c: move memmove call before KW IV setting
--
In case AES-KW in-place encryption is performed, the plaintext must be
moved to the correct destination location before the first semiblock of
the destination buffer is modified. Without the patch, the first
semiblock of the plaintext is overwritten with a6a6a6a6a6a6a6a6.
Signed-off-by: Stephan Mueller <smueller at chronox.de>
diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c
index 698742d..a8d0e03 100644
--- a/cipher/cipher-aeswrap.c
+++ b/cipher/cipher-aeswrap.c
@@ -70,6 +70,9 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
a = outbuf; /* We store A directly in OUTBUF. */
b = c->u_ctr.ctr; /* B is also used to concatenate stuff. */
+ /* Copy the inbuf to the outbuf. */
+ memmove (r+8, inbuf, inbuflen);
+
/* If an IV has been set we use that IV as the Alternative Initial
Value; if it has not been set we use the standard value. */
if (c->marks.iv)
@@ -77,9 +80,6 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
else
memset (a, 0xa6, 8);
- /* Copy the inbuf to the outbuf. */
- memmove (r+8, inbuf, inbuflen);
-
memset (t, 0, sizeof t); /* t := 0. */
for (j = 0; j <= 5; j++)
-----------------------------------------------------------------------
Summary of changes:
cipher/cipher-aeswrap.c | 6 ++--
tests/aeswrap.c | 86 +++++++++++++++++++++++++++++++++++++++----------
2 files changed, 72 insertions(+), 20 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list