CVS commit: [netbsd-9] src

Martin Husemann Mon, 25 Mar 2024 07:26:26 -0700

Module Name:    src
Committed By:   martin
Date:           Mon Mar 25 14:26:16 UTC 2024


Modified Files:
        src/crypto/external/bsd/openssl/dist/crypto/evp [netbsd-9]: m_sha1.c
        src/crypto/external/bsd/openssl/dist/include/crypto [netbsd-9]: sha.h
        src/crypto/external/bsd/openssl/lib/libcrypto [netbsd-9]: libc-sha2xx.c
        src/distrib/sets/lists/debug [netbsd-9]: mi
        src/distrib/sets/lists/tests [netbsd-9]: mi
        src/tests/crypto/libcrypto [netbsd-9]: Makefile
Added Files:
        src/tests/crypto/libcrypto [netbsd-9]: t_sha512trunc.c

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1819):

        
crypto/external/bsd/openssl/dist/providers/implementations/digests/sha2_prov.c: 
revision 1.2
          (applied to crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c)
        tests/crypto/libcrypto/t_sha512trunc.c: revision 1.1
        tests/crypto/libcrypto/t_sha512trunc.c: revision 1.2
        tests/crypto/libcrypto/Makefile: revision 1.16
        distrib/sets/lists/tests/mi: revision 1.1311
        distrib/sets/lists/debug/mi: revision 1.430
        crypto/external/bsd/openssl/dist/include/crypto/sha.h: revision 1.2
        crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c: revision 1.4
        (all via patch)

libcrypto: Add some trivial tests for truncated SHA-512 variants.
These should use more of the test vectors from
https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing#Testing
but this will do for now to detect the buffer overrun rake we left
lying around for ourselves.
PR lib/58039

libcrypto: Fix buffer overrun in truncated SHA-512 functions.
Further fallout from the libc/openssl sha2 symbol collision.
PR lib/58039


To generate a diff of this commit:
cvs rdiff -u -r1.11.2.1 -r1.11.2.2 \
    src/crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c
cvs rdiff -u -r1.1.1.1.4.2 -r1.1.1.1.4.3 \
    src/crypto/external/bsd/openssl/dist/include/crypto/sha.h
cvs rdiff -u -r1.1.6.1 -r1.1.6.2 \
    src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c
cvs rdiff -u -r1.285.2.6 -r1.285.2.7 src/distrib/sets/lists/debug/mi
cvs rdiff -u -r1.818.2.4 -r1.818.2.5 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.14 -r1.14.2.1 src/tests/crypto/libcrypto/Makefile
cvs rdiff -u -r0 -r1.2.4.2 src/tests/crypto/libcrypto/t_sha512trunc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c:1.11.2.1 src/crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c:1.11.2.2
--- src/crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c:1.11.2.1	Mon Apr 27 14:47:22 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c	Mon Mar 25 14:26:15 2024
@@ -179,11 +179,21 @@ static int init512_224(EVP_MD_CTX *ctx)
     return sha512_224_init(EVP_MD_CTX_md_data(ctx));
 }
 
+static int final512_224(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return sha512_224_final(md, EVP_MD_CTX_md_data(ctx));
+}
+
 static int init512_256(EVP_MD_CTX *ctx)
 {
     return sha512_256_init(EVP_MD_CTX_md_data(ctx));
 }
 
+static int final512_256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return sha512_256_final(md, EVP_MD_CTX_md_data(ctx));
+}
+
 static int init384(EVP_MD_CTX *ctx)
 {
     return SHA384_Init(EVP_MD_CTX_md_data(ctx));
@@ -222,7 +232,7 @@ static const EVP_MD sha512_224_md = {
     EVP_MD_FLAG_DIGALGID_ABSENT,
     init512_224,
     update512,
-    final512,
+    final512_224,
     NULL,
     NULL,
     SHA512_CBLOCK,
@@ -241,7 +251,7 @@ static const EVP_MD sha512_256_md = {
     EVP_MD_FLAG_DIGALGID_ABSENT,
     init512_256,
     update512,
-    final512,
+    final512_256,
     NULL,
     NULL,
     SHA512_CBLOCK,

Index: src/crypto/external/bsd/openssl/dist/include/crypto/sha.h
diff -u src/crypto/external/bsd/openssl/dist/include/crypto/sha.h:1.1.1.1.4.2 src/crypto/external/bsd/openssl/dist/include/crypto/sha.h:1.1.1.1.4.3
--- src/crypto/external/bsd/openssl/dist/include/crypto/sha.h:1.1.1.1.4.2	Mon Apr 27 14:47:32 2020
+++ src/crypto/external/bsd/openssl/dist/include/crypto/sha.h	Mon Mar 25 14:26:15 2024
@@ -15,5 +15,7 @@
 
 int sha512_224_init(SHA512_CTX *);
 int sha512_256_init(SHA512_CTX *);
+int sha512_224_final(unsigned char *, SHA512_CTX *); /* XXX NetBSD libc sha2 */
+int sha512_256_final(unsigned char *, SHA512_CTX *); /* XXX NetBSD libc sha2 */
 
 #endif

Index: src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c
diff -u src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c:1.1.6.1 src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c:1.1.6.2
--- src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c:1.1.6.1	Mon Apr 27 14:47:36 2020
+++ src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c	Mon Mar 25 14:26:15 2024
@@ -46,6 +46,18 @@ sha512_224_init(SHA512_CTX *context)
 }
 
 int
+sha512_224_final(unsigned char *md, SHA512_CTX *context)
+{
+	unsigned char tmp[64];
+
+	SHA512_Final(tmp, context);
+	memcpy(md, tmp, 28);
+	explicit_memset(tmp, 0, sizeof(tmp));
+	return 1;
+
+}
+
+int
 sha512_256_init(SHA512_CTX *context)
 {
 	if (context == NULL)
@@ -58,3 +70,14 @@ sha512_256_init(SHA512_CTX *context)
 
 	return 1;
 }
+
+int
+sha512_256_final(unsigned char *md, SHA512_CTX *context)
+{
+	unsigned char tmp[64];
+
+	SHA512_Final(tmp, context);
+	memcpy(md, tmp, 32);
+	explicit_memset(tmp, 0, sizeof(tmp));
+	return 1;
+}

Index: src/distrib/sets/lists/debug/mi
diff -u src/distrib/sets/lists/debug/mi:1.285.2.6 src/distrib/sets/lists/debug/mi:1.285.2.7
--- src/distrib/sets/lists/debug/mi:1.285.2.6	Sun Mar  3 07:11:43 2024
+++ src/distrib/sets/lists/debug/mi	Mon Mar 25 14:26:15 2024
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.285.2.6 2024/03/03 07:11:43 martin Exp $
+# $NetBSD: mi,v 1.285.2.7 2024/03/25 14:26:15 martin Exp $
 ./etc/mtree/set.debug                           comp-sys-root
 ./usr/lib					comp-sys-usr		compatdir
 ./usr/lib/i18n/libBIG5_g.a			comp-c-debuglib		debuglib,compatfile
@@ -1605,6 +1605,7 @@
 ./usr/libdata/debug/usr/tests/crypto/libcrypto/h_srptest.debug		tests-crypto-debug	debug,atf,compattestfile
 ./usr/libdata/debug/usr/tests/crypto/libcrypto/h_threadstest.debug	tests-crypto-debug	debug,atf,compattestfile
 ./usr/libdata/debug/usr/tests/crypto/libcrypto/h_x509v3test.debug	tests-crypto-debug	debug,atf,compattestfile,openssl=10
+./usr/libdata/debug/usr/tests/crypto/libcrypto/t_sha512trunc.debug	tests-crypto-debug	debug,atf,compattestfile
 ./usr/libdata/debug/usr/tests/crypto/opencrypto/h_aescbc.debug		tests-crypto-debug	debug,atf,compattestfile
 ./usr/libdata/debug/usr/tests/crypto/opencrypto/h_aesctr1.debug		tests-crypto-debug	debug,atf,compattestfile
 ./usr/libdata/debug/usr/tests/crypto/opencrypto/h_aesctr2.debug		tests-crypto-debug	debug,atf,compattestfile

Index: src/distrib/sets/lists/tests/mi
diff -u src/distrib/sets/lists/tests/mi:1.818.2.4 src/distrib/sets/lists/tests/mi:1.818.2.5
--- src/distrib/sets/lists/tests/mi:1.818.2.4	Sat Dec  9 13:24:24 2023
+++ src/distrib/sets/lists/tests/mi	Mon Mar 25 14:26:15 2024
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.818.2.4 2023/12/09 13:24:24 martin Exp $
+# $NetBSD: mi,v 1.818.2.5 2024/03/25 14:26:15 martin Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -1360,6 +1360,7 @@
 ./usr/tests/crypto/libcrypto/t_hashes		tests-crypto-tests	compattestfile,atf
 ./usr/tests/crypto/libcrypto/t_libcrypto	tests-crypto-tests	compattestfile,atf
 ./usr/tests/crypto/libcrypto/t_pubkey		tests-crypto-tests	compattestfile,atf
+./usr/tests/crypto/libcrypto/t_sha512trunc	tests-crypto-tests	compattestfile,atf
 ./usr/tests/crypto/opencrypto			tests-crypto-tests	compattestfile,atf
 ./usr/tests/crypto/opencrypto/Atffile		tests-crypto-tests	compattestfile,atf
 ./usr/tests/crypto/opencrypto/Kyuafile		tests-crypto-tests	compattestfile,atf,kyua

Index: src/tests/crypto/libcrypto/Makefile
diff -u src/tests/crypto/libcrypto/Makefile:1.14 src/tests/crypto/libcrypto/Makefile:1.14.2.1
--- src/tests/crypto/libcrypto/Makefile:1.14	Sun Sep 23 13:34:57 2018
+++ src/tests/crypto/libcrypto/Makefile	Mon Mar 25 14:26:15 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.14 2018/09/23 13:34:57 christos Exp $
+# $NetBSD: Makefile,v 1.14.2.1 2024/03/25 14:26:15 martin Exp $
 
 .include <bsd.own.mk>
 
@@ -14,6 +14,10 @@ SUBDIR += lhash sha x509v3
 
 TESTSDIR=	${TESTSBASE}/crypto/libcrypto
 
+TESTS_C+=		t_sha512trunc
+DPADD.t_sha512trunc+=	${LIBCRYPTO}
+LDADD.t_sha512trunc+=	-lcrypto
+
 .if ${HAVE_OPENSSL} == 10
 TESTS_SH=	t_certs
 .endif

Added files:

Index: src/tests/crypto/libcrypto/t_sha512trunc.c
diff -u /dev/null src/tests/crypto/libcrypto/t_sha512trunc.c:1.2.4.2
--- /dev/null	Mon Mar 25 14:26:16 2024
+++ src/tests/crypto/libcrypto/t_sha512trunc.c	Mon Mar 25 14:26:15 2024
@@ -0,0 +1,170 @@
+/*	$NetBSD: t_sha512trunc.c,v 1.2.4.2 2024/03/25 14:26:15 martin Exp $	*/
+
+/*-
+ * Copyright (c) 2024 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: t_sha512trunc.c,v 1.2.4.2 2024/03/25 14:26:15 martin Exp $");
+
+#include <stddef.h>
+
+#include <atf-c.h>
+
+#include <openssl/evp.h>
+
+#include "h_macros.h"
+
+struct testcase {
+	const unsigned char in[128];
+	size_t inlen;
+	const unsigned char out[32];
+};
+
+static void
+check(const struct testcase *C, size_t n, size_t digestlen, const EVP_MD *md)
+{
+	enum { C0 = 0xc0, C1 = 0xc1 };
+	unsigned char *buf, *digest, *p0, *p1;
+	size_t i;
+
+	ATF_REQUIRE_MSG(digestlen <= INT_MAX, "digestlen=%zu", digestlen);
+	ATF_REQUIRE_EQ_MSG((int)digestlen, EVP_MD_size(md),
+	    "expected %d, got %d", (int)digestlen, EVP_MD_size(md));
+
+	ATF_REQUIRE_MSG(digestlen < SIZE_MAX - 2048,
+	    "digestlen=%zu", digestlen);
+	REQUIRE_LIBC(buf = malloc(digestlen + 2048), NULL);
+	p0 = buf;
+	digest = buf + 1;
+	p1 = buf + 1 + digestlen;
+
+	for (i = 0; i < n; i++) {
+		EVP_MD_CTX *ctx;
+		unsigned digestlen1;
+
+		*p0 = C0;
+		*p1 = C1;
+
+#define	REQUIRE(x)	ATF_REQUIRE_MSG((x), "i=%zu", i)
+		REQUIRE(ctx = EVP_MD_CTX_new());
+		REQUIRE(EVP_DigestInit_ex(ctx, md, NULL));
+		REQUIRE(EVP_DigestUpdate(ctx, C->in, C->inlen));
+		REQUIRE(EVP_DigestFinal_ex(ctx, digest, &digestlen1));
+#undef	REQUIRE
+		ATF_CHECK_MSG(digestlen == digestlen1,
+		    "i=%zu: expected %zu got %u", i, digestlen, digestlen1);
+		EVP_MD_CTX_free(ctx);
+
+		ATF_CHECK_MSG(memcmp(digest, C->out, digestlen) == 0,
+		    "i=%zu", i);
+
+		ATF_CHECK_EQ_MSG(*p0, C0, "expected 0x%x got 0x%hhx", C0, *p0);
+		ATF_CHECK_EQ_MSG(*p1, C1, "expected 0x%x got 0x%hhx", C1, *p1);
+	}
+}
+
+/*
+ * Test vectors from:
+ *
+ * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing#Testing
+ */
+
+ATF_TC(sha512_224);
+ATF_TC_HEAD(sha512_224, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test SHA512-224");
+}
+ATF_TC_BODY(sha512_224, tc)
+{
+	static const struct testcase C[] = {
+		[0] = {
+			.inlen = 0,
+			.out = {
+				0x6e,0xd0,0xdd,0x02, 0x80,0x6f,0xa8,0x9e,
+				0x25,0xde,0x06,0x0c, 0x19,0xd3,0xac,0x86,
+				0xca,0xbb,0x87,0xd6, 0xa0,0xdd,0xd0,0x5c,
+				0x33,0x3b,0x84,0xf4,
+			},
+		},
+		[1] = {
+			.inlen = 1,
+			.in = {
+				0xcf,
+			},
+			.out = {
+				0x41,0x99,0x23,0x9e, 0x87,0xd4,0x7b,0x6f,
+				0xed,0xa0,0x16,0x80, 0x2b,0xf3,0x67,0xfb,
+				0x6e,0x8b,0x56,0x55, 0xef,0xf6,0x22,0x5c,
+				0xb2,0x66,0x8f,0x4a,
+			},
+		},
+	};
+
+	check(C, __arraycount(C), 28, EVP_sha512_224());
+}
+
+ATF_TC(sha512_256);
+ATF_TC_HEAD(sha512_256, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "Test SHA512-256");
+}
+ATF_TC_BODY(sha512_256, tc)
+{
+	static const struct testcase C[] = {
+		[0] = {
+			.inlen = 0,
+			.out = {
+				0xc6,0x72,0xb8,0xd1, 0xef,0x56,0xed,0x28,
+				0xab,0x87,0xc3,0x62, 0x2c,0x51,0x14,0x06,
+				0x9b,0xdd,0x3a,0xd7, 0xb8,0xf9,0x73,0x74,
+				0x98,0xd0,0xc0,0x1e, 0xce,0xf0,0x96,0x7a,
+			},
+		},
+		[1] = {
+			.inlen = 1,
+			.in = {
+				0xfa,
+			},
+			.out = {
+				0xc4,0xef,0x36,0x92, 0x3c,0x64,0xe5,0x1e,
+				0x87,0x57,0x20,0xe5, 0x50,0x29,0x8a,0x5a,
+				0xb8,0xa3,0xf2,0xf8, 0x75,0xb1,0xe1,0xa4,
+				0xc9,0xb9,0x5b,0xab, 0xf7,0x34,0x4f,0xef,
+			},
+		},
+	};
+
+	check(C, __arraycount(C), 32, EVP_sha512_256());
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+
+	ATF_TP_ADD_TC(tp, sha512_224);
+	ATF_TP_ADD_TC(tp, sha512_256);
+
+	return atf_no_error();
+}

CVS commit: [netbsd-9] src

Reply via email to