# HG changeset patch # User Paul Eggert # Date 1337371842 25200 # Node ID a3feab8961124fbf7c31abbec701965e57d69b80 # Parent 42fb5cba93e20832f50c53d94b9e2dacaefec889 crypto: fix bug in large buffer handling Problem reported by Serge Belyshev for glibc in and for gnulib in . * lib/md4.c (md4_process_block): * lib/md5.c (md5_process_block): * lib/sha1.c (sha1_process_block): * lib/sha256.c (sha256_process_block): Don't assume the buffer length is less than 2**32. diff --git a/ChangeLog b/ChangeLog --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2012-05-18 Paul Eggert + + crypto: fix bug in large buffer handling + Problem reported by Serge Belyshev for glibc in + and for gnulib in + . + * lib/md4.c (md4_process_block): + * lib/md5.c (md5_process_block): + * lib/sha1.c (sha1_process_block): + * lib/sha256.c (sha256_process_block): + Don't assume the buffer length is less than 2**32. + 2012-05-15 Pádraig Brady fsusage: fix block size returned on older Linux 2.6 diff --git a/lib/md4.c b/lib/md4.c --- a/lib/md4.c +++ b/lib/md4.c @@ -301,13 +301,13 @@ uint32_t B = ctx->B; uint32_t C = ctx->C; uint32_t D = ctx->D; + uint32_t lolen = len; /* First increment the byte count. RFC 1320 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); /* Process all bytes in the buffer with 64 bytes in each round of the loop. */ diff --git a/lib/md5.c b/lib/md5.c --- a/lib/md5.c +++ b/lib/md5.c @@ -312,13 +312,13 @@ uint32_t B = ctx->B; uint32_t C = ctx->C; uint32_t D = ctx->D; + uint32_t lolen = len; /* First increment the byte count. RFC 1321 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); /* Process all bytes in the buffer with 64 bytes in each round of the loop. */ diff --git a/lib/sha1.c b/lib/sha1.c --- a/lib/sha1.c +++ b/lib/sha1.c @@ -305,13 +305,13 @@ uint32_t c = ctx->C; uint32_t d = ctx->D; uint32_t e = ctx->E; + uint32_t lolen = len; /* First increment the byte count. RFC 1321 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); #define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n)))) diff --git a/lib/sha256.c b/lib/sha256.c --- a/lib/sha256.c +++ b/lib/sha256.c @@ -454,13 +454,13 @@ uint32_t f = ctx->state[5]; uint32_t g = ctx->state[6]; uint32_t h = ctx->state[7]; + uint32_t lolen = len; /* First increment the byte count. FIPS PUB 180-2 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); #define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) #define S0(x) (rol(x,25)^rol(x,14)^(x>>3))