1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
From 13b5454d2620701863f6e89221f5f4c98d2aba8e Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 29 Mar 2022 16:17:17 +0900
Subject: [PATCH 2/3] kdf:argon2: Fix for the case output > 64.
* cipher/blake2.c (blake2b_vl_hash): Fix the last step.
* cipher/kdf.c (argon2_open): Check the value.
--
Cherry-picked master commit of:
564739a58426d89db2f0c9334659949e503d2c59
Reported-by: Guido Vranken <guidovranken@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
cipher/blake2.c | 12 +++++++++---
cipher/kdf.c | 3 +++
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/cipher/blake2.c b/cipher/blake2.c
index a5926b95..d7f9a7e4 100644
--- a/cipher/blake2.c
+++ b/cipher/blake2.c
@@ -496,7 +496,7 @@ blake2b_vl_hash (const void *in, size_t inlen, size_t outputlen, void *output)
memcpy (output, ctx.buf, outputlen);
else
{
- int r = (outputlen-1)/32;
+ int r = (outputlen-1)/32 - 1;
unsigned int remained = outputlen - 32*r;
int i;
unsigned char d[64];
@@ -518,8 +518,14 @@ blake2b_vl_hash (const void *in, size_t inlen, size_t outputlen, void *output)
blake2b_final (&ctx);
}
- if (remained)
- memcpy ((unsigned char *)output+r*32, d+32, remained);
+ ec = blake2b_init_ctx (&ctx, 0, NULL, 0, remained*8);
+ if (ec)
+ return ec;
+
+ blake2b_write (&ctx, d, 64);
+ blake2b_final (&ctx);
+
+ memcpy ((unsigned char *)output+r*32, ctx.buf, remained);
}
wipememory (buf, sizeof (buf));
diff --git a/cipher/kdf.c b/cipher/kdf.c
index b207be60..377ea7b7 100644
--- a/cipher/kdf.c
+++ b/cipher/kdf.c
@@ -843,6 +843,9 @@ argon2_open (gcry_kdf_hd_t *hd, int subalgo,
parallelism = (unsigned int)param[3];
}
+ if (parallelism == 0)
+ return GPG_ERR_INV_VALUE;
+
n = offsetof (struct argon2_context, out) + taglen;
a = xtrymalloc (n);
if (!a)
--
2.35.1
|
