rpms / munge

Clone
Source Code
GIT

Files

el4 el5 el6 epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f34
  2.   0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch
Blob Blame History Raw 
From 2ad81007d2371f536af9e231490357c928eca53a Mon Sep 17 00:00:00 2001
From: Chris Dunlap <cdunlap@llnl.gov>
Date: Wed, 2 Dec 2020 09:50:27 -0800
Subject: [PATCH 4/4] HKDF: Fix big-endian bug caused by size_t ptr cast

When Fedora updated to 0.5.14 and added the new test suite to their
rpm spec's %check, munge successfully built but its test suite failed
on s390x for hkdf_test:

> FAIL: hkdf_test
> ===============
> Failed to finalize HKDF MAC ctx for extraction

This is caused by the cast of prklenp from a size_t * to an int *
in _hkdf_extract().

On s390x, memory ordering is big-endian and size_t is an alias for
unsigned long.  Thus, a ptr to an 8-byte size_t was being cast to a
ptr to a 4-byte int.

This worked on little-endian systems (of which all my test systems
had been) since the least-significant byte is stored at the smallest
memory address (the little end), and the stored value always fit
within 4 bytes.  But on big-endian systems, the least-significant
byte is stored at the largest memory address (the big end) which
differs for 4-byte and 8-byte values.

Remove the cast by using an int variable as an intermediary.

Reference:
- https://fedoraproject.org/wiki/Architectures/s390x#Notes_for_application_developers_and_package_maintainers
- https://bugzilla.redhat.com/show_bug.cgi?id=1923337
- https://bugs.launchpad.net/bugs/1915457
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982564

Tested:
- Arch Linux
- CentOS Stream 8, 8.3.2011, 7.9.2009, 6.10
- Debian sid, 10.8, 9.13, 8.11, 7.11, 6.0.10, 5.0.10, 4.0
- Fedora 33 [s390x, x86_64], 32, 31
- FreeBSD 12.2, 11.4
- NetBSD 9.1, 9.0, 8.1
- OpenBSD 6.8, 6.7, 6.6
- openSUSE 15.2, 15.1
- Raspberry Pi OS (Raspbian 10) [armv7l]
- Ubuntu 20.10, 20.04.2 LTS, 18.04.5 LTS, 16.04.7 LTS, 14.04.6 LTS, 12.04.5 LTS

Closes #91
---
 src/common/hkdf.c | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/src/common/hkdf.c b/src/common/hkdf.c
index ac7ab6f..364f3e0 100644
--- a/src/common/hkdf.c
+++ b/src/common/hkdf.c
@@ -32,6 +32,7 @@
 
 #include <assert.h>
 #include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -316,6 +317,7 @@ _hkdf_extract (hkdf_ctx_t *ctxp, void *prk, size_t *prklenp)
 {
     mac_ctx mac_ctx;
     int     mac_ctx_is_initialized = 0;
+    int     prklen;
     int     rv = 0;
 
     assert (ctxp != NULL);
@@ -325,6 +327,14 @@ _hkdf_extract (hkdf_ctx_t *ctxp, void *prk, size_t *prklenp)
     assert (prklenp != NULL);
     assert (*prklenp > 0);
 
+    /*  Convert prklen size_t to int for the call to mac_final() since the parm
+     *    is being passed as a ptr, and size of size_t and int may differ.
+     *  *prklenp must be representable as an int because it was assigned
+     *    (via ctxp->mdlen) by mac_size() which returns an int.
+     */
+    assert (*prklenp <= INT_MAX);
+    prklen = (int) *prklenp;
+
     /*  Compute the pseudorandom key.
      *    prk = HMAC (salt, ikm)
      */
@@ -340,7 +350,7 @@ _hkdf_extract (hkdf_ctx_t *ctxp, void *prk, size_t *prklenp)
         log_msg (LOG_ERR, "Failed to update HKDF MAC ctx for extraction");
         goto err;
     }
-    rv = mac_final (&mac_ctx, prk, (int *) prklenp);
+    rv = mac_final (&mac_ctx, prk, &prklen);
     if (rv == -1) {
         log_msg (LOG_ERR, "Failed to finalize HKDF MAC ctx for extraction");
         goto err;
@@ -352,6 +362,12 @@ err:
             return -1;
         }
     }
+    /*  Update [prklenp] on success.
+     */
+    if (rv >= 0) {
+        assert (prklen >= 0);
+        *prklenp = (size_t) prklen;
+    }
     return rv;
 }
 
@@ -371,7 +387,7 @@ _hkdf_expand (hkdf_ctx_t *ctxp, const void *prk, size_t prklen,
     unsigned char *dstptr;
     size_t         dstlen;
     unsigned char *okm = NULL;
-    size_t         okmlen;
+    int            okmlen;
     int            num_rounds;
     const int      max_rounds = 255;
     unsigned char  round;
@@ -390,8 +406,14 @@ _hkdf_expand (hkdf_ctx_t *ctxp, const void *prk, size_t prklen,
 
     /*  Allocate buffer for output keying material.
      *  The buffer size is equal to the size of the hash function output.
+     *  Note that okmlen must be an int (and not size_t) for the call to
+     *    mac_final() since the parm is being passed as a ptr, and size of
+     *    size_t and int may differ.
+     *  ctxp->mdlen must be representable as an int because it was assigned
+     *    by mac_size() which returns an int.
      */
-    okmlen = ctxp->mdlen;
+    assert (ctxp->mdlen <= INT_MAX);
+    okmlen = (int) ctxp->mdlen;
     okm = calloc (1, okmlen);
     if (okm == NULL) {
         rv = -1;
@@ -448,7 +470,7 @@ _hkdf_expand (hkdf_ctx_t *ctxp, const void *prk, size_t prklen,
                     "for expansion round #%u", round);
             goto err;
         }
-        rv = mac_final (&mac_ctx, okm, (int *) &okmlen);
+        rv = mac_final (&mac_ctx, okm, &okmlen);
         if (rv == -1) {
             log_msg (LOG_ERR,
                     "Failed to finalize HKDF MAC ctx "
-- 
2.30.0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.