Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sha2 error cleanup looks broken #13

Closed
avsm opened this issue Mar 18, 2014 · 5 comments
Closed

sha2 error cleanup looks broken #13

avsm opened this issue Mar 18, 2014 · 5 comments

Comments

@avsm
Copy link

avsm commented Mar 18, 2014

There are a number of cases in sha2.c where the sizeof a pointer is zeroed instead of the size of the underlying buffer. See all the cases of MEMSET_BZERO

e.g.

@@ -1111,7 +1111,7 @@ char *SHA256_End(SHA_CTX* context, char buffer[]) {
                }
                *buffer = (char)0;
        } else {
-               MEMSET_BZERO(context, sizeof(context));
+               MEMSET_BZERO(context, sizeof(SHA_CTX));
        }
        MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH);
        return buffer;
@pqwy
Copy link
Contributor

pqwy commented Mar 18, 2014

I'm trying to wrap my head around this... looks like such a rookie mistake.

I took this implementation without reading, because it seems to be often used in free software projects and just assumed that 10 years was enough for people to feast their eyes on the code.

Do you know of a better SHA1+2 public domain source?

@avsm
Copy link
Author

avsm commented Mar 18, 2014

It does look pretty bad; what is the source? Should bring this up upstream.

I notice there's a reference C implementation in RFC6234...

@hannesm
Copy link
Member

hannesm commented Mar 18, 2014

the sha2 implementation originates from https://web.archive.org/web/20070205153303/http://www.adg.us/computers/sha.html ... we were searching hard for a public domain one (thus not the OpenSSL one)

@pqwy
Copy link
Contributor

pqwy commented Mar 18, 2014

Yeah, the idea was to use public domain, old and known C kernels for block ciphers and hashes. This implementation was what a zillion open source projects included for their SHA2 needs (google it).

The logic being that if it's used all over and has been around for a while, it's also probably well-audited.

I'm still undecided. This happens when erasing the hash state, something I'm in general not sure about, and a pointer is certainly smaller than any of the components of the union. I just can't accept such widely used code has had such an error for so long...

@avsm
Copy link
Author

avsm commented Mar 19, 2014

This is a very common failure mode; I patched the OpenBSD gcc to find bugs of this nature a decade ago and it found hundreds. http://undeadly.org/cgi?action=article&sid=20030627104847

Don't worry about age when it comes to code correctness -- the bazaar can empty out remarkably quickly when it comes to reading other people's code :-)

pqwy added a commit that referenced this issue Mar 24, 2014
@pqwy
Merge pull request #14 from mirleft/fix-13
c76b3ea 
call memset with sizeof SHA_CTX, not a pointer to it; fixes #13
@pqwy pqwy mentioned this issue May 2, 2014
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@avsm @hannesm @pqwy