diff options
| author | Mattias Andrée <m@maandree.se> | 2026-05-14 22:20:02 +0200 |
|---|---|---|
| committer | Mattias Andrée <m@maandree.se> | 2026-05-14 22:20:02 +0200 |
| commit | f07a9f80fb6f3099d75534c1e64f448d4b397931 (patch) | |
| tree | 30ebf4afafb0e66226fa7f642db083341c8c96e4 /librecrypt_hash.c | |
| parent | librecrypt.h: add @since (diff) | |
| download | librecrypt-f07a9f80fb6f3099d75534c1e64f448d4b397931.tar.gz librecrypt-f07a9f80fb6f3099d75534c1e64f448d4b397931.tar.bz2 librecrypt-f07a9f80fb6f3099d75534c1e64f448d4b397931.tar.xz | |
Fix minor errors in the test and check that we are not writing out of bounds
Signed-off-by: Mattias Andrée <m@maandree.se>
Diffstat (limited to '')
| -rw-r--r-- | librecrypt_hash.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/librecrypt_hash.c b/librecrypt_hash.c index 66784d4..69b8dcf 100644 --- a/librecrypt_hash.c +++ b/librecrypt_hash.c @@ -14,7 +14,7 @@ librecrypt_hash(char *restrict out_buffer, size_t size, const char *phrase, size static void -check(const char *phrase, const char *settings, const char *chain, const char *hash) +check(const char *phrase, const char *settings, const char *chain, const char *hash, size_t scratchsize) { size_t hashlen = strlen(hash); size_t len = strlen(phrase); @@ -26,29 +26,36 @@ check(const char *phrase, const char *settings, const char *chain, const char *h assert(hashlen <= sizeof(buf)); assert(hashlen < sizeof(expected)); - memset(buf, 0, sizeof(buf)); + CANARY_FILL(buf); EXPECT(librecrypt_hash(buf, sizeof(buf), phrase, len, settings, NULL) == (ssize_t)hashlen); EXPECT(!memcmp(hash, buf, hashlen + 1u)); + CANARY_X_CHECK(buf, hashlen + 1u, scratchsize); - memset(buf, 0, sizeof(buf)); + CANARY_FILL(buf); EXPECT(librecrypt_hash(buf, hashlen + 1u, phrase, len, settings, NULL) == (ssize_t)hashlen); EXPECT(!memcmp(hash, buf, hashlen + 1u)); + CANARY_X_CHECK(buf, hashlen + 1u, scratchsize); - memset(buf, 0, sizeof(buf)); + CANARY_FILL(buf); EXPECT(librecrypt_hash(buf, hashlen, phrase, len, settings, NULL) == (ssize_t)hashlen); EXPECT(!memcmp(hash, buf, hashlen - 1u)); - EXPECT(!buf[hashlen]); + EXPECT(!buf[hashlen - 1]); + CANARY_X_CHECK(buf, hashlen, scratchsize); - memset(buf, 0, sizeof(buf)); + CANARY_FILL(buf); EXPECT(librecrypt_hash(buf, 2u, phrase, len, settings, NULL) == (ssize_t)hashlen); EXPECT(!memcmp(hash, buf, 1u)); EXPECT(!buf[1u]); + CANARY_X_CHECK(buf, 2u, 2u); - memset(buf, 0, sizeof(buf)); + CANARY_FILL(buf); EXPECT(librecrypt_hash(buf, 1u, phrase, len, settings, NULL) == (ssize_t)hashlen); EXPECT(!buf[0u]); + CANARY_X_CHECK(buf, 1u, 1u); + CANARY_FILL(buf); EXPECT(librecrypt_hash(buf, 0u, phrase, len, settings, NULL) == (ssize_t)hashlen); + CANARY_X_CHECK(buf, 0u, 0u); EXPECT(librecrypt_hash(NULL, 0u, phrase, len, settings, NULL) == (ssize_t)hashlen); lut = librecrypt_get_encoding(settings, strlen(settings), &pad, &strict_pad, 1); @@ -56,19 +63,24 @@ check(const char *phrase, const char *settings, const char *chain, const char *h r = librecrypt_decode(expected, sizeof(expected), hash, strlen(hash), lut, pad, strict_pad); assert(r > 0 && (size_t)r <= sizeof(expected)); + CANARY_FILL(buf); + CANARY_FILL(buf2); EXPECT(librecrypt_hash(buf, sizeof(buf), expected, (size_t)r, settings, NULL) == (ssize_t)hashlen); errno = 0; EXPECT(librecrypt_hash(buf2, sizeof(buf2), phrase, len, chain, NULL) == (ssize_t)hashlen); EXPECT(!memcmp(buf, buf2, hashlen + 1u)); + CANARY_X_CHECK(buf, hashlen + 2, scratchsize); + CANARY_X_CHECK(buf2, hashlen + 2, scratchsize); } #define CHECK(PHRASE, CONF, HASHLEN, IS_DEFAULT_HASHLEN, HASH)\ do {\ - check(PHRASE, CONF HASH, CONF "*" #HASHLEN ">" CONF HASH, HASH);\ - check(PHRASE, CONF "*" #HASHLEN, CONF "*" #HASHLEN ">" CONF "*" #HASHLEN, HASH);\ + size_t scratchsize = GET_SCRATCH_SIZE(HASHLEN);\ + check(PHRASE, CONF HASH, CONF "*" #HASHLEN ">" CONF HASH, HASH, scratchsize);\ + check(PHRASE, CONF "*" #HASHLEN, CONF "*" #HASHLEN ">" CONF "*" #HASHLEN, HASH, scratchsize);\ if (IS_DEFAULT_HASHLEN)\ - check(PHRASE, CONF, CONF ">" CONF, HASH);\ + check(PHRASE, CONF, CONF ">" CONF, HASH, scratchsize);\ } while (0) @@ -110,6 +122,7 @@ main(void) SET_UP_ALARM(); INIT_RESOURCE_TEST(); +#define GET_SCRATCH_SIZE(HASHLEN) ((HASHLEN) > 64u ? ((HASHLEN) + 63u) & ~31u : (HASHLEN)) #if defined(SUPPORT_ARGON2I) CHECK("password", "$argon2i$" "m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "/U3YPXYsSb3q9XxHvc0MLxur+GP960kN9j7emXX8zwY"); CHECK("password", "$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8"); @@ -129,6 +142,7 @@ main(void) "yLKZMg+DIOXVc9z1po9ZlZG8+Gp4g5brqfza3lvkR9vw"); CHECK_BAD("$argon2d$"); #endif +#undef GET_SCRATCH_SIZE STOP_RESOURCE_TEST(); return 0; |