Hello,
I made some small changes.
- removed fail variable in tests
- added Red Hat copyright
- added condition before calling hash update() function where the input
can be NULL or length can be 0
I will be working on the documentation for the balloon function now.
Kind regards,
Zoltan
On Mon, Sep 19, 2022 at 10:21 AM Zoltan Fridrich <[email protected]>
wrote:
> Hi Niels,
>
> I wasn't responding because I was on a vacation. I will take a look at it
> now.
>
> On Thu, Sep 15, 2022 at 8:02 PM Niels Möller <[email protected]> wrote:
>
>> [email protected] (Niels Möller) writes:
>>
>> > Thanks, merged to a new branch, "balloon", for testing.
>>
>> The ubsan test failed (built with CFLAGS="-fsanitize=undefined
>> -fno-sanitize-recover -g -O2"). See
>> https://gitlab.com/gnutls/nettle/-/jobs/3029478202, could e.g, be a call
>>
>> sha256_update(ctx, 0, NULL)
>>
>> which results in a call to memcpy(..., NULL, 0). Mostly harmless in
>> itself, but violates the non-null annotation on glibc memcpy, shouldn't
>> happen, and might be a sign of additional problems.
>>
>> Can you investigate, and post a patch relative to the balloon branch? If
>> you do another patch, please also consider simplifying the tests by
>> eliminating the "fail" variable.
>>
>> Regards,
>> /Niels
>>
>> --
>> Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
>> Internet email is subject to wholesale government surveillance.
>>
>>
diff --color -ruNp a/balloon.c b/balloon.c
--- a/balloon.c 2022-09-19 11:55:22.689914309 +0200
+++ b/balloon.c 2022-09-19 12:47:25.288523982 +0200
@@ -3,6 +3,7 @@
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
+ Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
@@ -61,8 +62,10 @@ hash(void *ctx,
uint8_t tmp[8];
LE_WRITE_UINT64(tmp, cnt);
update(ctx, sizeof(tmp), tmp);
- update(ctx, a_len, a);
- update(ctx, b_len, b);
+ if (a && a_len)
+ update(ctx, a_len, a);
+ if (b && b_len)
+ update(ctx, b_len, b);
digest(ctx, digest_size, dst);
}
diff --color -ruNp a/balloon.h b/balloon.h
--- a/balloon.h 2022-09-19 11:55:22.690914329 +0200
+++ b/balloon.h 2022-09-19 12:11:50.366571696 +0200
@@ -3,6 +3,7 @@
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
+ Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
diff --color -ruNp a/balloon-sha1.c b/balloon-sha1.c
--- a/balloon-sha1.c 2022-09-19 11:55:22.689914309 +0200
+++ b/balloon-sha1.c 2022-09-19 12:12:03.681837077 +0200
@@ -3,6 +3,7 @@
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
+ Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
diff --color -ruNp a/balloon-sha256.c b/balloon-sha256.c
--- a/balloon-sha256.c 2022-09-19 11:55:22.689914309 +0200
+++ b/balloon-sha256.c 2022-09-19 12:12:15.059063831 +0200
@@ -3,6 +3,7 @@
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
+ Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
diff --color -ruNp a/balloon-sha384.c b/balloon-sha384.c
--- a/balloon-sha384.c 2022-09-19 11:55:22.689914309 +0200
+++ b/balloon-sha384.c 2022-09-19 12:12:25.975281398 +0200
@@ -3,6 +3,7 @@
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
+ Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
diff --color -ruNp a/balloon-sha512.c b/balloon-sha512.c
--- a/balloon-sha512.c 2022-09-19 11:55:22.689914309 +0200
+++ b/balloon-sha512.c 2022-09-19 12:12:35.575472733 +0200
@@ -3,6 +3,7 @@
Balloon password-hashing algorithm.
Copyright (C) 2022 Zoltan Fridrich
+ Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
diff --color -ruNp a/testsuite/balloon-test.c b/testsuite/balloon-test.c
--- a/testsuite/balloon-test.c 2022-09-19 11:55:22.691914349 +0200
+++ b/testsuite/balloon-test.c 2022-09-19 12:25:51.974345449 +0200
@@ -1,6 +1,7 @@
/* balloon-test.c
Copyright (C) 2022 Zoltan Fridrich
+ Copyright (C) 2022 Red Hat, Inc.
This file is part of GNU Nettle.
@@ -39,7 +40,6 @@ test_balloon(const struct nettle_hash *a
unsigned s_cost, unsigned t_cost,
const struct tstring *expected)
{
- int fail = 0;
void *ctx = xalloc(alg->context_size);
uint8_t *buf = xalloc(balloon_itch(alg->digest_size, s_cost));
@@ -56,14 +56,11 @@ test_balloon(const struct nettle_hash *a
fprintf(stderr, "\nExpected:");
tstring_print_hex(expected);
fprintf(stderr, "\n");
- fail = 1;
+ FAIL();
}
free(ctx);
free(buf);
-
- if (fail)
- FAIL();
}
static void
@@ -73,7 +70,6 @@ test_balloon_sha(const struct nettle_has
unsigned s_cost, unsigned t_cost,
const struct tstring *expected)
{
- int fail = 0;
uint8_t *buf = xalloc(balloon_itch(alg->digest_size, s_cost));
if (alg == &nettle_sha1)
@@ -91,10 +87,10 @@ test_balloon_sha(const struct nettle_has
else
{
fprintf(stderr, "test_balloon_sha: bad test\n");
- fail = 1;
+ FAIL();
}
- if (!fail && !MEMEQ(alg->digest_size, buf, expected->data))
+ if (!MEMEQ(alg->digest_size, buf, expected->data))
{
fprintf(stderr, "test_balloon_sha: result doesn't match the expectation:");
fprintf(stderr, "\nOutput: ");
@@ -102,13 +98,10 @@ test_balloon_sha(const struct nettle_has
fprintf(stderr, "\nExpected:");
tstring_print_hex(expected);
fprintf(stderr, "\n");
- fail = 1;
+ FAIL();
}
free(buf);
-
- if (fail)
- FAIL();
}
/* Test vectors are taken from:
_______________________________________________
nettle-bugs mailing list -- [email protected]
To unsubscribe send an email to [email protected]