Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mozilla-nss.1743
nss-CC-ctr.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-CC-ctr.patch of Package mozilla-nss.1743
# HG changeset patch # Parent a3d232b48740f32b2ef23f382625b84b1df45228 # Parent 51e9d34183bcbf06b497f6e7234d24b7da91d412 Handle counter rollovers while incrementing in CTR modes. diff --git a/lib/freebl/ctr.c b/lib/freebl/ctr.c --- a/lib/freebl/ctr.c +++ b/lib/freebl/ctr.c @@ -73,40 +73,53 @@ CTR_DestroyContext(CTRContext *ctr, PRBo } /* * Used by counter mode. Increment the counter block. Not all bits in the * counter block are part of the counter, counterBits tells how many bits * are part of the counter. The counter block is blocksize long. It's a * big endian value. * - * XXX Does not handle counter rollover. + * Returns SECFailure when rollover of the counter happens, SECSuccess + * otherwise. */ -static void +static SECStatus ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits, unsigned int blocksize) { unsigned char *counterPtr = counter + blocksize - 1; unsigned char mask, count; + SECStatus rv = SECSuccess; PORT_Assert(counterBits <= blocksize*PR_BITS_PER_BYTE); while (counterBits >= PR_BITS_PER_BYTE) { if (++(*(counterPtr--))) { - return; + goto check_rv; } counterBits -= PR_BITS_PER_BYTE; } if (counterBits == 0) { - return; + /* If we got here, it means that the last char processed overflowed + * while containing exactly the last PR_BITS_PER_BYTE bits of the + * counter. That in turn means that the counter as a whole overflowed + * and we are thus in error mode */ + rv = SECFailure; + goto check_rv; } /* increment the final partial byte */ mask = (1 << counterBits)-1; count = ++(*counterPtr) & mask; + if (count == 0) { + /* the last counter bits overfloved */ + rv = SECFailure; + goto check_rv; + } *counterPtr = ((*counterPtr) & ~mask) | count; - return; +check_rv: + return rv; } static void ctr_xor(unsigned char *target, const unsigned char *x, const unsigned char *y, unsigned int count) { unsigned int i; for (i=0; i < count; i++) { @@ -141,32 +154,38 @@ CTR_Update(CTRContext *ctr, unsigned cha return SECSuccess; } PORT_Assert(ctr->bufPtr == blocksize); } while (inlen >= blocksize) { rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, ctr->counter, blocksize, blocksize); - ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); + if (rv != SECSuccess) { + return SECFailure; + } + rv = ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); if (rv != SECSuccess) { return SECFailure; } ctr_xor(outbuf, inbuf, ctr->buffer, blocksize); outbuf += blocksize; inbuf += blocksize; *outlen += blocksize; inlen -= blocksize; } if (inlen == 0) { return SECSuccess; } rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, ctr->counter, blocksize, blocksize); - ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); + if (rv != SECSuccess) { + return SECFailure; + } + rv = ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); if (rv != SECSuccess) { return SECFailure; } ctr_xor(outbuf, inbuf, ctr->buffer, inlen); ctr->bufPtr = inlen; *outlen += inlen; return SECSuccess; } @@ -212,17 +231,20 @@ CTR_Update_HW_AES(CTRContext *ctr, unsig inbuf += fullblocks; inlen -= fullblocks; if (inlen == 0) { return SECSuccess; } rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, ctr->counter, blocksize, blocksize); - ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); + if (rv != SECSuccess) { + return SECFailure; + } + rv = ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); if (rv != SECSuccess) { return SECFailure; } ctr_xor(outbuf, inbuf, ctr->buffer, inlen); ctr->bufPtr = inlen; *outlen += inlen; return SECSuccess; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor