Module Name: src
Committed By: riastradh
Date: Fri Mar 15 18:10:37 UTC 2024
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/evp: legacy_sha.c
src/crypto/external/bsd/openssl/dist/include/crypto: sha.h
src/crypto/external/bsd/openssl/dist/providers/implementations/digests:
sha2_prov.c
src/crypto/external/bsd/openssl/lib/libcrypto: libc-sha2xx.c
src/tests/crypto/libcrypto: t_sha512trunc.c
Log Message:
libcrypto: Fix buffer overrun in truncated SHA-512 functions.
Further fallout from the libc/openssl sha2 symbol collision.
PR lib/58039
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/crypto/external/bsd/openssl/dist/crypto/evp/legacy_sha.c
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/crypto/external/bsd/openssl/dist/include/crypto/sha.h
cvs rdiff -u -r1.1.1.1 -r1.2 \
src/crypto/external/bsd/openssl/dist/providers/implementations/digests/sha2_prov.c
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c
cvs rdiff -u -r1.1 -r1.2 src/tests/crypto/libcrypto/t_sha512trunc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/crypto/evp/legacy_sha.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/legacy_sha.c:1.1.1.2 src/crypto/external/bsd/openssl/dist/crypto/evp/legacy_sha.c:1.2
--- src/crypto/external/bsd/openssl/dist/crypto/evp/legacy_sha.c:1.1.1.2 Wed Oct 25 17:13:53 2023
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/legacy_sha.c Fri Mar 15 18:10:37 2024
@@ -49,9 +49,9 @@ static int nm##_init(EVP_MD_CTX *ctx)
#define sha512_256_Init sha512_256_init
#define sha512_224_Update SHA512_Update
-#define sha512_224_Final SHA512_Final
+#define sha512_224_Final sha512_224_final /* XXX NetBSD libc sha2 */
#define sha512_256_Update SHA512_Update
-#define sha512_256_Final SHA512_Final
+#define sha512_256_Final sha512_256_final /* XXX NetBSD libc sha2 */
IMPLEMENT_LEGACY_EVP_MD_METH(sha1, SHA1)
IMPLEMENT_LEGACY_EVP_MD_METH(sha224, SHA224)
Index: src/crypto/external/bsd/openssl/dist/include/crypto/sha.h
diff -u src/crypto/external/bsd/openssl/dist/include/crypto/sha.h:1.1.1.2 src/crypto/external/bsd/openssl/dist/include/crypto/sha.h:1.2
--- src/crypto/external/bsd/openssl/dist/include/crypto/sha.h:1.1.1.2 Sun May 7 18:29:28 2023
+++ src/crypto/external/bsd/openssl/dist/include/crypto/sha.h Fri Mar 15 18:10:37 2024
@@ -16,6 +16,8 @@
int sha512_224_init(SHA512_CTX *);
int sha512_256_init(SHA512_CTX *);
+int sha512_224_final(unsigned char *, SHA512_CTX *); /* XXX NetBSD libc sha2 */
+int sha512_256_final(unsigned char *, SHA512_CTX *); /* XXX NetBSD libc sha2 */
int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms);
unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md);
Index: src/crypto/external/bsd/openssl/dist/providers/implementations/digests/sha2_prov.c
diff -u src/crypto/external/bsd/openssl/dist/providers/implementations/digests/sha2_prov.c:1.1.1.1 src/crypto/external/bsd/openssl/dist/providers/implementations/digests/sha2_prov.c:1.2
--- src/crypto/external/bsd/openssl/dist/providers/implementations/digests/sha2_prov.c:1.1.1.1 Sun May 7 18:29:30 2023
+++ src/crypto/external/bsd/openssl/dist/providers/implementations/digests/sha2_prov.c Fri Mar 15 18:10:37 2024
@@ -86,10 +86,12 @@ IMPLEMENT_digest_functions(sha512, SHA51
/* ossl_sha512_224_functions */
IMPLEMENT_digest_functions(sha512_224, SHA512_CTX,
SHA512_CBLOCK, SHA224_DIGEST_LENGTH, SHA2_FLAGS,
- sha512_224_init, SHA512_Update, SHA512_Final)
+ sha512_224_init, SHA512_Update,
+ /* XXX NetBSD libc sha2 */sha512_224_final)
/* ossl_sha512_256_functions */
IMPLEMENT_digest_functions(sha512_256, SHA512_CTX,
SHA512_CBLOCK, SHA256_DIGEST_LENGTH, SHA2_FLAGS,
- sha512_256_init, SHA512_Update, SHA512_Final)
+ sha512_256_init, SHA512_Update,
+ /* XXX NetBSD libc sha2 */sha512_256_final)
Index: src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c
diff -u src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c:1.3 src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c:1.4
--- src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c:1.3 Sat May 6 17:07:23 2023
+++ src/crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c Fri Mar 15 18:10:37 2024
@@ -47,6 +47,20 @@ sha512_224_init(SHA512_CTX *context)
}
extern int
+sha512_224_final(unsigned char *md, SHA512_CTX *context);
+int
+sha512_224_final(unsigned char *md, SHA512_CTX *context)
+{
+ unsigned char tmp[64];
+
+ SHA512_Final(tmp, context);
+ memcpy(md, tmp, 28);
+ explicit_memset(tmp, 0, sizeof(tmp));
+ return 1;
+
+}
+
+extern int
sha512_256_init(SHA512_CTX *context);
int
sha512_256_init(SHA512_CTX *context)
@@ -61,3 +75,16 @@ sha512_256_init(SHA512_CTX *context)
return 1;
}
+
+extern int
+sha512_256_final(unsigned char *md, SHA512_CTX *context);
+int
+sha512_256_final(unsigned char *md, SHA512_CTX *context)
+{
+ unsigned char tmp[64];
+
+ SHA512_Final(tmp, context);
+ memcpy(md, tmp, 32);
+ explicit_memset(tmp, 0, sizeof(tmp));
+ return 1;
+}
Index: src/tests/crypto/libcrypto/t_sha512trunc.c
diff -u src/tests/crypto/libcrypto/t_sha512trunc.c:1.1 src/tests/crypto/libcrypto/t_sha512trunc.c:1.2
--- src/tests/crypto/libcrypto/t_sha512trunc.c:1.1 Fri Mar 15 15:32:07 2024
+++ src/tests/crypto/libcrypto/t_sha512trunc.c Fri Mar 15 18:10:37 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: t_sha512trunc.c,v 1.1 2024/03/15 15:32:07 riastradh Exp $ */
+/* $NetBSD: t_sha512trunc.c,v 1.2 2024/03/15 18:10:37 riastradh Exp $ */
/*-
* Copyright (c) 2024 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: t_sha512trunc.c,v 1.1 2024/03/15 15:32:07 riastradh Exp $");
+__RCSID("$NetBSD: t_sha512trunc.c,v 1.2 2024/03/15 18:10:37 riastradh Exp $");
#include <stddef.h>
@@ -123,8 +123,6 @@ ATF_TC_BODY(sha512_224, tc)
},
};
- atf_tc_expect_fail("PR lib/58039:"
- " Buffer overflow when writing a SHA512_224 or SHA512_256 digest");
check(C, __arraycount(C), 28, EVP_sha512_224());
}
@@ -159,8 +157,6 @@ ATF_TC_BODY(sha512_256, tc)
},
};
- atf_tc_expect_fail("PR lib/58039:"
- " Buffer overflow when writing a SHA512_224 or SHA512_256 digest");
check(C, __arraycount(C), 32, EVP_sha512_256());
}
