d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
23f6784297
freebsd-nq/lib/libmd
History
Colin Percival 23f6784297 Use unsigned comparisons. Prior to this commit, SHA1_Update and 
RIPEMD160_Update were broken when all of the following conditions
applied:
(1) The platform is i386.
(2) The program calling *_Update is statically linked to libmd.
(3) The buffer provided to *_Update is aligned modulo 4 bytes.
(4) The buffer extends beyond 2GB.

Due to the design of this code, SHA1_Update and RIPEMD160_Update will
still be broken if conditions (1)-(3) apply AND the buffer extends
beyond 4GB (i.e., there is an integer overflow in computing "data + len").
Since this remaining bug simply replaces SIGSEGV with a bogus hash (and
non-broken programs should never provide such operands) I don't consider
it to be a serious problem.

MFC After:      1 week
PR:             kern/102795
2007-05-14 05:00:37 +00:00
..
i386 Use unsigned comparisons. Prior to this commit, SHA1_Update and 2007-05-14 05:00:37 +00:00
Makefile In light of the recent 2^69 operation collision-finding attack on SHA1, 2005-03-09 19:23:04 +00:00
md2.copyright
md2.h Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
md2c.c Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
md4.copyright
md4.h Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
md4c.c Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
md5.copyright
md5.h
md5c.c Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
mddriver.c
mdX.3 Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
mdXhl.c Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
ripemd.3 Expand *n't contractions. 2005-02-13 22:25:33 +00:00
ripemd.h Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
rmd160c.c Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
rmd_locl.h
rmdconst.h
rmddriver.c
sha0c.c Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
sha1c.c Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
sha256.3 -mdoc sweep. 2005-11-17 13:00:00 +00:00
sha256.h Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
sha256c.c Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
sha_locl.h
sha.3 Markup fixes. 2005-06-16 19:01:07 +00:00
sha.h Fix an 11 year old mistake: Let the hash functions take a void* instead 2006-01-17 15:35:57 +00:00
shadriver.c In light of the recent 2^69 operation collision-finding attack on SHA1, 2005-03-09 19:23:04 +00:00