Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Pull up following revision(s) (requested by riastradh in ticket #1819): 

crypto/external/bsd/openssl/dist/providers/implementations/digests/sha2_prov.c: revision 1.2
	  (applied to crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c)
	tests/crypto/libcrypto/t_sha512trunc.c: revision 1.1
	tests/crypto/libcrypto/t_sha512trunc.c: revision 1.2
	tests/crypto/libcrypto/Makefile: revision 1.16
	distrib/sets/lists/tests/mi: revision 1.1311
	distrib/sets/lists/debug/mi: revision 1.430
	crypto/external/bsd/openssl/dist/include/crypto/sha.h: revision 1.2
	crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c: revision 1.4
	(all via patch)

libcrypto: Add some trivial tests for truncated SHA-512 variants.
These should use more of the test vectors from
https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing#Testing
but this will do for now to detect the buffer overrun rake we left
lying around for ourselves.
PR lib/58039

libcrypto: Fix buffer overrun in truncated SHA-512 functions.
Further fallout from the libc/openssl sha2 symbol collision.
PR lib/58039
This commit is contained in:
martin 2024-03-25 14:26:15 +00:00
parent d11a6b6970
commit 120a124a0e
7 changed files with 216 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c vendored
View File

@ -179,11 +179,21 @@ static int init512_224(EVP_MD_CTX *ctx)
return sha512_224_init(EVP_MD_CTX_md_data(ctx));
}
static int final512_224(EVP_MD_CTX *ctx, unsigned char *md)
{
return sha512_224_final(md, EVP_MD_CTX_md_data(ctx));
}
static int init512_256(EVP_MD_CTX *ctx)
{
return sha512_256_init(EVP_MD_CTX_md_data(ctx));
}
static int final512_256(EVP_MD_CTX *ctx, unsigned char *md)
{
return sha512_256_final(md, EVP_MD_CTX_md_data(ctx));
}
static int init384(EVP_MD_CTX *ctx)
{
return SHA384_Init(EVP_MD_CTX_md_data(ctx));
@ -222,7 +232,7 @@ static const EVP_MD sha512_224_md = {
EVP_MD_FLAG_DIGALGID_ABSENT,
init512_224,
update512,
final512,
final512_224,
NULL,
NULL,
SHA512_CBLOCK,
@ -241,7 +251,7 @@ static const EVP_MD sha512_256_md = {
EVP_MD_FLAG_DIGALGID_ABSENT,
init512_256,
update512,
final512,
final512_256,
NULL,
NULL,
SHA512_CBLOCK,

2
crypto/external/bsd/openssl/dist/include/crypto/sha.h vendored
View File

@ -15,5 +15,7 @@
int sha512_224_init(SHA512_CTX *);
int sha512_256_init(SHA512_CTX *);
int sha512_224_final(unsigned char *, SHA512_CTX *); /* XXX NetBSD libc sha2 */
int sha512_256_final(unsigned char *, SHA512_CTX *); /* XXX NetBSD libc sha2 */
#endif

23
crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c vendored
View File

@ -45,6 +45,18 @@ sha512_224_init(SHA512_CTX *context)
}
int
sha512_224_final(unsigned char *md, SHA512_CTX *context)
{
unsigned char tmp[64];
SHA512_Final(tmp, context);
memcpy(md, tmp, 28);
explicit_memset(tmp, 0, sizeof(tmp));
return 1;
}
int
sha512_256_init(SHA512_CTX *context)
{
@ -58,3 +70,14 @@ sha512_256_init(SHA512_CTX *context)
return 1;
}
int
sha512_256_final(unsigned char *md, SHA512_CTX *context)
{
unsigned char tmp[64];
SHA512_Final(tmp, context);
memcpy(md, tmp, 32);
explicit_memset(tmp, 0, sizeof(tmp));
return 1;
}

3
distrib/sets/lists/debug/mi
View File

@ -1,4 +1,4 @@
# $NetBSD: mi,v 1.285.2.6 2024/03/03 07:11:43 martin Exp $
# $NetBSD: mi,v 1.285.2.7 2024/03/25 14:26:15 martin Exp $
./etc/mtree/set.debug comp-sys-root
./usr/lib comp-sys-usr compatdir
./usr/lib/i18n/libBIG5_g.a comp-c-debuglib debuglib,compatfile
@ -1605,6 +1605,7 @@
./usr/libdata/debug/usr/tests/crypto/libcrypto/h_srptest.debug tests-crypto-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/crypto/libcrypto/h_threadstest.debug tests-crypto-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/crypto/libcrypto/h_x509v3test.debug tests-crypto-debug debug,atf,compattestfile,openssl=10
./usr/libdata/debug/usr/tests/crypto/libcrypto/t_sha512trunc.debug tests-crypto-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/crypto/opencrypto/h_aescbc.debug tests-crypto-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/crypto/opencrypto/h_aesctr1.debug tests-crypto-debug debug,atf,compattestfile
./usr/libdata/debug/usr/tests/crypto/opencrypto/h_aesctr2.debug tests-crypto-debug debug,atf,compattestfile

3
distrib/sets/lists/tests/mi
View File

@ -1,4 +1,4 @@
# $NetBSD: mi,v 1.818.2.4 2023/12/09 13:24:24 martin Exp $
# $NetBSD: mi,v 1.818.2.5 2024/03/25 14:26:15 martin Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@ -1360,6 +1360,7 @@
./usr/tests/crypto/libcrypto/t_hashes tests-crypto-tests compattestfile,atf
./usr/tests/crypto/libcrypto/t_libcrypto tests-crypto-tests compattestfile,atf
./usr/tests/crypto/libcrypto/t_pubkey tests-crypto-tests compattestfile,atf
./usr/tests/crypto/libcrypto/t_sha512trunc tests-crypto-tests compattestfile,atf
./usr/tests/crypto/opencrypto tests-crypto-tests compattestfile,atf
./usr/tests/crypto/opencrypto/Atffile tests-crypto-tests compattestfile,atf
./usr/tests/crypto/opencrypto/Kyuafile tests-crypto-tests compattestfile,atf,kyua

6
tests/crypto/libcrypto/Makefile
View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.14 2018/09/23 13:34:57 christos Exp $
# $NetBSD: Makefile,v 1.14.2.1 2024/03/25 14:26:15 martin Exp $
.include <bsd.own.mk>
@ -14,6 +14,10 @@ SUBDIR += lhash sha x509v3
TESTSDIR= ${TESTSBASE}/crypto/libcrypto
TESTS_C+= t_sha512trunc
DPADD.t_sha512trunc+= ${LIBCRYPTO}
LDADD.t_sha512trunc+= -lcrypto
.if ${HAVE_OPENSSL} == 10
TESTS_SH= t_certs
.endif

170
tests/crypto/libcrypto/t_sha512trunc.c Normal file
View File

@ -0,0 +1,170 @@
/* $NetBSD: t_sha512trunc.c,v 1.2.4.2 2024/03/25 14:26:15 martin Exp $ */
/*-
* Copyright (c) 2024 The NetBSD Foundation, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__RCSID("$NetBSD: t_sha512trunc.c,v 1.2.4.2 2024/03/25 14:26:15 martin Exp $");
#include <stddef.h>
#include <atf-c.h>
#include <openssl/evp.h>
#include "h_macros.h"
struct testcase {
const unsigned char in[128];
size_t inlen;
const unsigned char out[32];
};
static void
check(const struct testcase *C, size_t n, size_t digestlen, const EVP_MD *md)
{
enum { C0 = 0xc0, C1 = 0xc1 };
unsigned char *buf, *digest, *p0, *p1;
size_t i;
ATF_REQUIRE_MSG(digestlen <= INT_MAX, "digestlen=%zu", digestlen);
ATF_REQUIRE_EQ_MSG((int)digestlen, EVP_MD_size(md),
"expected %d, got %d", (int)digestlen, EVP_MD_size(md));
ATF_REQUIRE_MSG(digestlen < SIZE_MAX - 2048,
"digestlen=%zu", digestlen);
REQUIRE_LIBC(buf = malloc(digestlen + 2048), NULL);
p0 = buf;
digest = buf + 1;
p1 = buf + 1 + digestlen;
for (i = 0; i < n; i++) {
EVP_MD_CTX *ctx;
unsigned digestlen1;
*p0 = C0;
*p1 = C1;
#define REQUIRE(x) ATF_REQUIRE_MSG((x), "i=%zu", i)
REQUIRE(ctx = EVP_MD_CTX_new());
REQUIRE(EVP_DigestInit_ex(ctx, md, NULL));
REQUIRE(EVP_DigestUpdate(ctx, C->in, C->inlen));
REQUIRE(EVP_DigestFinal_ex(ctx, digest, &digestlen1));
#undef REQUIRE
ATF_CHECK_MSG(digestlen == digestlen1,
"i=%zu: expected %zu got %u", i, digestlen, digestlen1);
EVP_MD_CTX_free(ctx);
ATF_CHECK_MSG(memcmp(digest, C->out, digestlen) == 0,
"i=%zu", i);
ATF_CHECK_EQ_MSG(*p0, C0, "expected 0x%x got 0x%hhx", C0, *p0);
ATF_CHECK_EQ_MSG(*p1, C1, "expected 0x%x got 0x%hhx", C1, *p1);
}
}
/*
* Test vectors from:
*
* https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing#Testing
*/
ATF_TC(sha512_224);
ATF_TC_HEAD(sha512_224, tc)
{
atf_tc_set_md_var(tc, "descr", "Test SHA512-224");
}
ATF_TC_BODY(sha512_224, tc)
{
static const struct testcase C[] = {
[0] = {
.inlen = 0,
.out = {
0x6e,0xd0,0xdd,0x02, 0x80,0x6f,0xa8,0x9e,
0x25,0xde,0x06,0x0c, 0x19,0xd3,0xac,0x86,
0xca,0xbb,0x87,0xd6, 0xa0,0xdd,0xd0,0x5c,
0x33,0x3b,0x84,0xf4,
},
},
[1] = {
.inlen = 1,
.in = {
0xcf,
},
.out = {
0x41,0x99,0x23,0x9e, 0x87,0xd4,0x7b,0x6f,
0xed,0xa0,0x16,0x80, 0x2b,0xf3,0x67,0xfb,
0x6e,0x8b,0x56,0x55, 0xef,0xf6,0x22,0x5c,
0xb2,0x66,0x8f,0x4a,
},
},
};
check(C, __arraycount(C), 28, EVP_sha512_224());
}
ATF_TC(sha512_256);
ATF_TC_HEAD(sha512_256, tc)
{
atf_tc_set_md_var(tc, "descr", "Test SHA512-256");
}
ATF_TC_BODY(sha512_256, tc)
{
static const struct testcase C[] = {
[0] = {
.inlen = 0,
.out = {
0xc6,0x72,0xb8,0xd1, 0xef,0x56,0xed,0x28,
0xab,0x87,0xc3,0x62, 0x2c,0x51,0x14,0x06,
0x9b,0xdd,0x3a,0xd7, 0xb8,0xf9,0x73,0x74,
0x98,0xd0,0xc0,0x1e, 0xce,0xf0,0x96,0x7a,
},
},
[1] = {
.inlen = 1,
.in = {
0xfa,
},
.out = {
0xc4,0xef,0x36,0x92, 0x3c,0x64,0xe5,0x1e,
0x87,0x57,0x20,0xe5, 0x50,0x29,0x8a,0x5a,
0xb8,0xa3,0xf2,0xf8, 0x75,0xb1,0xe1,0xa4,
0xc9,0xb9,0x5b,0xab, 0xf7,0x34,0x4f,0xef,
},
},
};
check(C, __arraycount(C), 32, EVP_sha512_256());
}
ATF_TP_ADD_TCS(tp)
{
ATF_TP_ADD_TC(tp, sha512_224);
ATF_TP_ADD_TC(tp, sha512_256);
return atf_no_error();
}