[Git][NTPsec/ntpsec][master] Re-sync libaes_siv with upstream to get ct_poison() fix

Matt Selsky gitlab at mg.gitlab.com
Thu Mar 21 13:23:27 UTC 2019 


Matt Selsky pushed to branch master at NTPsec / ntpsec


Commits:
12e409aa by Matt Selsky at 2019-03-21T13:19:42Z
Re-sync libaes_siv with upstream to get ct_poison() fix

Use
https://github.com/dfoxfranke/libaes_siv/commit/a58601b312ce4f50c8048cc5ec4f7ee71d83e0a8

Fixes GitLab #578

- - - - -


4 changed files:

- libaes_siv/README.md
- libaes_siv/aes_siv.c
- libaes_siv/demo.c
- libaes_siv/tests.c


Changes:

=====================================
libaes_siv/README.md
=====================================
@@ -84,9 +84,14 @@ To build and install on POSIX-like platforms:
     sudo make install
 ```
 
+NOTE:  Out-of-source builds are allowed, but out-of-source manpage builds
+require a2x's -D option, which may provoke an apparently bogus warning from a2x.
+
 If you want to build on an OS X machine, install the Xcode development
-environment and the command line tools, then use the Homebrew package
-manager https://brew.sh/ to install cmake and OpenSSL:
+environment and the command line tools, then use either the Homebrew package
+manager or the MacPorts package manager to install cmake and OpenSSL.
+
+Homebrew (https://brew.sh/):
 ```
     brew install cmake openssl &&
     cmake -DCMAKE_PREFIX_PATH=/usr/local/opt/openssl . &&
@@ -94,6 +99,14 @@ manager https://brew.sh/ to install cmake and OpenSSL:
     make test &&
     sudo make install
 ```
+MacPorts (https://www.macports.org/):
+```
+    sudo port install cmake openssl &&
+    cmake . &&
+    make &&
+    make test &&
+    sudo make install
+```
 
 To create a native Windows build, you will first need to build
 OpenSSL.  Install Visual Studio, CMake, ActiveState Perl, and NASM, and


=====================================
libaes_siv/aes_siv.c
=====================================
@@ -239,8 +239,13 @@ void AES_SIV_CTX_cleanup(AES_SIV_CTX *ctx) {
 void AES_SIV_CTX_free(AES_SIV_CTX *ctx) {
         if (ctx) {
                 EVP_CIPHER_CTX_free(ctx->cipher_ctx);
-                CMAC_CTX_free(ctx->cmac_ctx_init);
-                CMAC_CTX_free(ctx->cmac_ctx);
+                /* Prior to OpenSSL 1.0.2b, CMAC_CTX_free() crashes on NULL */
+                if (LIKELY(ctx->cmac_ctx_init != NULL)) {
+                        CMAC_CTX_free(ctx->cmac_ctx_init);
+                }
+                if (LIKELY(ctx->cmac_ctx != NULL)) {
+                        CMAC_CTX_free(ctx->cmac_ctx);
+                }
 		OPENSSL_cleanse(&ctx->d, sizeof ctx->d);
                 free(ctx);
         }
@@ -287,7 +292,7 @@ int AES_SIV_Init(AES_SIV_CTX *ctx, unsigned char const *key, size_t key_len) {
         size_t out_len;
         int ret = 0;
 
-        ct_poison(key, sizeof key);
+        ct_poison(key, key_len);
 
         switch (key_len) {
         case 32:


=====================================
libaes_siv/demo.c
=====================================
@@ -164,7 +164,7 @@ int main(int argc, char const* argv[])
     fprintf(stderr, "Invalid key length %zu bytes, must be one of 32, 48, or 64\n", key_len);
     goto fail;
   }
-
+  
   if(load_file(ad_file, &ad, &ad_len) < 0)
   {
     fprintf(stderr, "Could not load associated data file %s : %s\n", ad_file, strerror(errno));
@@ -245,7 +245,7 @@ int main(int argc, char const* argv[])
     perror("fwrite");
     goto fail;
   }
-
+  
   free(plaintext);
   free(key);
   free(ad);


=====================================
libaes_siv/tests.c
=====================================
@@ -70,14 +70,14 @@ static void test_malloc_failure(void) {
         int ret, i=0;
         AES_SIV_CTX *ctx;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L	
         ret = CRYPTO_set_mem_functions(mock_malloc, realloc, free);
 #else
 	ret = CRYPTO_set_mem_functions(mock_malloc_ex, mock_realloc_ex, mock_free_ex);
 #endif
         assert(ret == 1);
 
-        printf("Test allocation failure:\n" );
+        printf("Test allocation failure cases:\n" );
 
         do {
                 fail_allocation_counter = i++;
@@ -95,7 +95,7 @@ static void test_cleanup_before_free(void) {
 	AES_SIV_CTX_cleanup(ctx);
 	AES_SIV_CTX_free(ctx);
 	printf("OK\n");
-}
+}	
 
 static void test_vector_1(void) {
         const unsigned char key[] = {



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/12e409aa48d5266aadf2b2fea47b9dee89fda103

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/12e409aa48d5266aadf2b2fea47b9dee89fda103
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190321/c705ce63/attachment-0001.html>

More information about the vc mailing list