From af20283d945d0607c2245e7f5871ee09c9024bc0 Mon Sep 17 00:00:00 2001 From: Vitaly Chikunov Date: Wed, 14 Jun 2023 17:12:51 +0300 Subject: [PATCH] Fix gcc13 error: writing 1 byte into a region of size 0 gcc-13 thinks `bl` can take negative value (when returned from EVP_CIPHER_CTX_block_size). Do simple sanity checking to workaround this. Also, add error propagation up to EVP_DigestFinal_ex, so this sanity checking is not in vain. Error message: In function 'make_kn', inlined from 'CMAC_ACPKM_Final' at /builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c:274:5, inlined from 'omac_acpkm_imit_final' at /builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c:354:5: /builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c:55:20: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=] 55 | k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b; | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~ /builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c: In function 'omac_acpkm_imit_final': /builddir/build/BUILD/engine-3.0.0/gost_omac_acpkm.c:260:24: note: at offset [-2147483649, -1] into destination object 'k2' of size 32 260 | unsigned char *k1, k2[EVP_MAX_BLOCK_LENGTH]; | ^~ Fixes: https://github.com/gost-engine/engine/issues/436 Signed-off-by: Vitaly Chikunov --- gost_omac_acpkm.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/gost_omac_acpkm.c b/gost_omac_acpkm.c index 8e2c4df..8a3c841 100644 --- a/gost_omac_acpkm.c +++ b/gost_omac_acpkm.c @@ -249,6 +249,7 @@ static int CMAC_ACPKM_Update(CMAC_ACPKM_CTX *ctx, const void *in, size_t dlen) } +/* Return value is propagated to EVP_DigestFinal_ex */ static int CMAC_ACPKM_Final(CMAC_ACPKM_CTX *ctx, unsigned char *out, size_t *poutlen) { @@ -257,6 +258,10 @@ static int CMAC_ACPKM_Final(CMAC_ACPKM_CTX *ctx, unsigned char *out, if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(ctx->cctx); + if (bl != 8 && bl != 16) { + GOSTerr(GOST_F_OMAC_ACPKM_IMIT_FINAL, GOST_R_INVALID_MAC_PARAMS); + return 0; + } *poutlen = (size_t) bl; if (!out) return 1; @@ -341,16 +346,17 @@ int omac_acpkm_imit_final(EVP_MD_CTX *ctx, unsigned char *md) OMAC_ACPKM_CTX *c = EVP_MD_CTX_md_data(ctx); unsigned char mac[MAX_GOST_OMAC_ACPKM_SIZE]; size_t mac_size = sizeof(mac); + int ret; if (!c->key_set) { GOSTerr(GOST_F_OMAC_ACPKM_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET); return 0; } - CMAC_ACPKM_Final(c->cmac_ctx, mac, &mac_size); + ret = CMAC_ACPKM_Final(c->cmac_ctx, mac, &mac_size); memcpy(md, mac, c->dgst_size); - return 1; + return ret; } static int omac_acpkm_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) -- 2.39.5