mirror of
https://github.com/qpdf/qpdf.git
synced 2025-01-13 11:15:36 +00:00
d71f05ca07
This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition.
347 lines
10 KiB
C
347 lines
10 KiB
C
/* $Id: md_helper.c 216 2010-06-08 09:46:57Z tp $ */
|
|
/*
|
|
* This file contains some functions which implement the external data
|
|
* handling and padding for Merkle-Damgard hash functions which follow
|
|
* the conventions set out by MD4 (little-endian) or SHA-1 (big-endian).
|
|
*
|
|
* API: this file is meant to be included, not compiled as a stand-alone
|
|
* file. Some macros must be defined:
|
|
* RFUN name for the round function
|
|
* HASH "short name" for the hash function
|
|
* BE32 defined for big-endian, 32-bit based (e.g. SHA-1)
|
|
* LE32 defined for little-endian, 32-bit based (e.g. MD5)
|
|
* BE64 defined for big-endian, 64-bit based (e.g. SHA-512)
|
|
* LE64 defined for little-endian, 64-bit based (no example yet)
|
|
* PW01 if defined, append 0x01 instead of 0x80 (for Tiger)
|
|
* BLEN if defined, length of a message block (in bytes)
|
|
* PLW1 if defined, length is defined on one 64-bit word only (for Tiger)
|
|
* PLW4 if defined, length is defined on four 64-bit words (for WHIRLPOOL)
|
|
* SVAL if defined, reference to the context state information
|
|
*
|
|
* BLEN is used when a message block is not 16 (32-bit or 64-bit) words:
|
|
* this is used for instance for Tiger, which works on 64-bit words but
|
|
* uses 512-bit message blocks (eight 64-bit words). PLW1 and PLW4 are
|
|
* ignored if 32-bit words are used; if 64-bit words are used and PLW1 is
|
|
* set, then only one word (64 bits) will be used to encode the input
|
|
* message length (in bits), otherwise two words will be used (as in
|
|
* SHA-384 and SHA-512). If 64-bit words are used and PLW4 is defined (but
|
|
* not PLW1), four 64-bit words will be used to encode the message length
|
|
* (in bits). Note that regardless of those settings, only 64-bit message
|
|
* lengths are supported (in bits): messages longer than 2 Exabytes will be
|
|
* improperly hashed (this is unlikely to happen soon: 2 Exabytes is about
|
|
* 2 millions Terabytes, which is huge).
|
|
*
|
|
* If CLOSE_ONLY is defined, then this file defines only the sph_XXX_close()
|
|
* function. This is used for Tiger2, which is identical to Tiger except
|
|
* when it comes to the padding (Tiger2 uses the standard 0x80 byte instead
|
|
* of the 0x01 from original Tiger).
|
|
*
|
|
* The RFUN function is invoked with two arguments, the first pointing to
|
|
* aligned data (as a "const void *"), the second being state information
|
|
* from the context structure. By default, this state information is the
|
|
* "val" field from the context, and this field is assumed to be an array
|
|
* of words ("sph_u32" or "sph_u64", depending on BE32/LE32/BE64/LE64).
|
|
* from the context structure. The "val" field can have any type, except
|
|
* for the output encoding which assumes that it is an array of "sph_u32"
|
|
* values. By defining NO_OUTPUT, this last step is deactivated; the
|
|
* includer code is then responsible for writing out the hash result. When
|
|
* NO_OUTPUT is defined, the third parameter to the "close()" function is
|
|
* ignored.
|
|
*
|
|
* ==========================(LICENSE BEGIN)============================
|
|
*
|
|
* Copyright (c) 2007-2010 Projet RNRT SAPHIR
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
* a copy of this software and associated documentation files (the
|
|
* "Software"), to deal in the Software without restriction, including
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
* the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be
|
|
* included in all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
|
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
|
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
|
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
|
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
*
|
|
* ===========================(LICENSE END)=============================
|
|
*
|
|
* @author Thomas Pornin <thomas.pornin@cryptolog.com>
|
|
*/
|
|
|
|
#ifdef _MSC_VER
|
|
#pragma warning (disable: 4146)
|
|
#endif
|
|
|
|
#undef SPH_XCAT
|
|
#define SPH_XCAT(a, b) SPH_XCAT_(a, b)
|
|
#undef SPH_XCAT_
|
|
#define SPH_XCAT_(a, b) a ## b
|
|
|
|
#undef SPH_BLEN
|
|
#undef SPH_WLEN
|
|
#if defined BE64 || defined LE64
|
|
#define SPH_BLEN 128U
|
|
#define SPH_WLEN 8U
|
|
#else
|
|
#define SPH_BLEN 64U
|
|
#define SPH_WLEN 4U
|
|
#endif
|
|
|
|
#ifdef BLEN
|
|
#undef SPH_BLEN
|
|
#define SPH_BLEN BLEN
|
|
#endif
|
|
|
|
#undef SPH_MAXPAD
|
|
#if defined PLW1
|
|
#define SPH_MAXPAD (SPH_BLEN - SPH_WLEN)
|
|
#elif defined PLW4
|
|
#define SPH_MAXPAD (SPH_BLEN - (SPH_WLEN << 2))
|
|
#else
|
|
#define SPH_MAXPAD (SPH_BLEN - (SPH_WLEN << 1))
|
|
#endif
|
|
|
|
#undef SPH_VAL
|
|
#undef SPH_NO_OUTPUT
|
|
#ifdef SVAL
|
|
#define SPH_VAL SVAL
|
|
#define SPH_NO_OUTPUT 1
|
|
#else
|
|
#define SPH_VAL sc->val
|
|
#endif
|
|
|
|
#ifndef CLOSE_ONLY
|
|
|
|
#ifdef SPH_UPTR
|
|
static void
|
|
SPH_XCAT(HASH, _short)(void *cc, const void *data, size_t len)
|
|
#else
|
|
void
|
|
SPH_XCAT(sph_, HASH)(void *cc, const void *data, size_t len)
|
|
#endif
|
|
{
|
|
SPH_XCAT(sph_, SPH_XCAT(HASH, _context)) *sc;
|
|
unsigned current;
|
|
|
|
sc = cc;
|
|
#if SPH_64
|
|
current = (unsigned)sc->count & (SPH_BLEN - 1U);
|
|
#else
|
|
current = (unsigned)sc->count_low & (SPH_BLEN - 1U);
|
|
#endif
|
|
while (len > 0) {
|
|
unsigned clen;
|
|
#if !SPH_64
|
|
sph_u32 clow, clow2;
|
|
#endif
|
|
|
|
clen = SPH_BLEN - current;
|
|
if (clen > len)
|
|
clen = (unsigned)len;
|
|
memcpy(sc->buf + current, data, clen);
|
|
data = (const unsigned char *)data + clen;
|
|
current += clen;
|
|
len -= clen;
|
|
if (current == SPH_BLEN) {
|
|
RFUN(sc->buf, SPH_VAL);
|
|
current = 0;
|
|
}
|
|
#if SPH_64
|
|
sc->count += clen;
|
|
#else
|
|
clow = sc->count_low;
|
|
clow2 = SPH_T32(clow + clen);
|
|
sc->count_low = clow2;
|
|
if (clow2 < clow)
|
|
sc->count_high ++;
|
|
#endif
|
|
}
|
|
}
|
|
|
|
#ifdef SPH_UPTR
|
|
void
|
|
SPH_XCAT(sph_, HASH)(void *cc, const void *data, size_t len)
|
|
{
|
|
SPH_XCAT(sph_, SPH_XCAT(HASH, _context)) *sc;
|
|
unsigned current;
|
|
size_t orig_len;
|
|
#if !SPH_64
|
|
sph_u32 clow, clow2;
|
|
#endif
|
|
|
|
if (len < (2 * SPH_BLEN)) {
|
|
SPH_XCAT(HASH, _short)(cc, data, len);
|
|
return;
|
|
}
|
|
sc = cc;
|
|
#if SPH_64
|
|
current = (unsigned)sc->count & (SPH_BLEN - 1U);
|
|
#else
|
|
current = (unsigned)sc->count_low & (SPH_BLEN - 1U);
|
|
#endif
|
|
if (current > 0) {
|
|
unsigned t;
|
|
|
|
t = SPH_BLEN - current;
|
|
SPH_XCAT(HASH, _short)(cc, data, t);
|
|
data = (const unsigned char *)data + t;
|
|
len -= t;
|
|
}
|
|
#if !SPH_UNALIGNED
|
|
if (((SPH_UPTR)data & (SPH_WLEN - 1U)) != 0) {
|
|
SPH_XCAT(HASH, _short)(cc, data, len);
|
|
return;
|
|
}
|
|
#endif
|
|
orig_len = len;
|
|
while (len >= SPH_BLEN) {
|
|
RFUN(data, SPH_VAL);
|
|
len -= SPH_BLEN;
|
|
data = (const unsigned char *)data + SPH_BLEN;
|
|
}
|
|
if (len > 0)
|
|
memcpy(sc->buf, data, len);
|
|
#if SPH_64
|
|
sc->count += (sph_u64)orig_len;
|
|
#else
|
|
clow = sc->count_low;
|
|
clow2 = SPH_T32(clow + orig_len);
|
|
sc->count_low = clow2;
|
|
if (clow2 < clow)
|
|
sc->count_high ++;
|
|
/*
|
|
* This code handles the improbable situation where "size_t" is
|
|
* greater than 32 bits, and yet we do not have a 64-bit type.
|
|
*/
|
|
orig_len >>= 12;
|
|
orig_len >>= 10;
|
|
orig_len >>= 10;
|
|
sc->count_high += orig_len;
|
|
#endif
|
|
}
|
|
#endif
|
|
|
|
#endif
|
|
|
|
/*
|
|
* Perform padding and produce result. The context is NOT reinitialized
|
|
* by this function.
|
|
*/
|
|
static void
|
|
SPH_XCAT(HASH, _addbits_and_close)(void *cc,
|
|
unsigned ub, unsigned n, void *dst, unsigned rnum)
|
|
{
|
|
SPH_XCAT(sph_, SPH_XCAT(HASH, _context)) *sc;
|
|
unsigned current, u;
|
|
#if !SPH_64
|
|
sph_u32 low, high;
|
|
#endif
|
|
|
|
sc = cc;
|
|
#if SPH_64
|
|
current = (unsigned)sc->count & (SPH_BLEN - 1U);
|
|
#else
|
|
current = (unsigned)sc->count_low & (SPH_BLEN - 1U);
|
|
#endif
|
|
#ifdef PW01
|
|
sc->buf[current ++] = (0x100 | (ub & 0xFF)) >> (8 - n);
|
|
#else
|
|
{
|
|
unsigned z;
|
|
|
|
z = 0x80U >> n;
|
|
sc->buf[current ++] = ((ub & -z) | z) & 0xFF;
|
|
}
|
|
#endif
|
|
if (current > SPH_MAXPAD) {
|
|
memset(sc->buf + current, 0, SPH_BLEN - current);
|
|
RFUN(sc->buf, SPH_VAL);
|
|
memset(sc->buf, 0, SPH_MAXPAD);
|
|
} else {
|
|
memset(sc->buf + current, 0, SPH_MAXPAD - current);
|
|
}
|
|
#if defined BE64
|
|
#if defined PLW1
|
|
sph_enc64be_aligned(sc->buf + SPH_MAXPAD,
|
|
SPH_T64(sc->count << 3) + (sph_u64)n);
|
|
#elif defined PLW4
|
|
memset(sc->buf + SPH_MAXPAD, 0, 2 * SPH_WLEN);
|
|
sph_enc64be_aligned(sc->buf + SPH_MAXPAD + 2 * SPH_WLEN,
|
|
sc->count >> 61);
|
|
sph_enc64be_aligned(sc->buf + SPH_MAXPAD + 3 * SPH_WLEN,
|
|
SPH_T64(sc->count << 3) + (sph_u64)n);
|
|
#else
|
|
sph_enc64be_aligned(sc->buf + SPH_MAXPAD, sc->count >> 61);
|
|
sph_enc64be_aligned(sc->buf + SPH_MAXPAD + SPH_WLEN,
|
|
SPH_T64(sc->count << 3) + (sph_u64)n);
|
|
#endif
|
|
#elif defined LE64
|
|
#if defined PLW1
|
|
sph_enc64le_aligned(sc->buf + SPH_MAXPAD,
|
|
SPH_T64(sc->count << 3) + (sph_u64)n);
|
|
#elif defined PLW1
|
|
sph_enc64le_aligned(sc->buf + SPH_MAXPAD,
|
|
SPH_T64(sc->count << 3) + (sph_u64)n);
|
|
sph_enc64le_aligned(sc->buf + SPH_MAXPAD + SPH_WLEN, sc->count >> 61);
|
|
memset(sc->buf + SPH_MAXPAD + 2 * SPH_WLEN, 0, 2 * SPH_WLEN);
|
|
#else
|
|
sph_enc64le_aligned(sc->buf + SPH_MAXPAD,
|
|
SPH_T64(sc->count << 3) + (sph_u64)n);
|
|
sph_enc64le_aligned(sc->buf + SPH_MAXPAD + SPH_WLEN, sc->count >> 61);
|
|
#endif
|
|
#else
|
|
#if SPH_64
|
|
#ifdef BE32
|
|
sph_enc64be_aligned(sc->buf + SPH_MAXPAD,
|
|
SPH_T64(sc->count << 3) + (sph_u64)n);
|
|
#else
|
|
sph_enc64le_aligned(sc->buf + SPH_MAXPAD,
|
|
SPH_T64(sc->count << 3) + (sph_u64)n);
|
|
#endif
|
|
#else
|
|
low = sc->count_low;
|
|
high = SPH_T32((sc->count_high << 3) | (low >> 29));
|
|
low = SPH_T32(low << 3) + (sph_u32)n;
|
|
#ifdef BE32
|
|
sph_enc32be(sc->buf + SPH_MAXPAD, high);
|
|
sph_enc32be(sc->buf + SPH_MAXPAD + SPH_WLEN, low);
|
|
#else
|
|
sph_enc32le(sc->buf + SPH_MAXPAD, low);
|
|
sph_enc32le(sc->buf + SPH_MAXPAD + SPH_WLEN, high);
|
|
#endif
|
|
#endif
|
|
#endif
|
|
RFUN(sc->buf, SPH_VAL);
|
|
#ifdef SPH_NO_OUTPUT
|
|
(void)dst;
|
|
(void)rnum;
|
|
(void)u;
|
|
#else
|
|
for (u = 0; u < rnum; u ++) {
|
|
#if defined BE64
|
|
sph_enc64be((unsigned char *)dst + 8 * u, sc->val[u]);
|
|
#elif defined LE64
|
|
sph_enc64le((unsigned char *)dst + 8 * u, sc->val[u]);
|
|
#elif defined BE32
|
|
sph_enc32be((unsigned char *)dst + 4 * u, sc->val[u]);
|
|
#else
|
|
sph_enc32le((unsigned char *)dst + 4 * u, sc->val[u]);
|
|
#endif
|
|
}
|
|
#endif
|
|
}
|
|
|
|
static void
|
|
SPH_XCAT(HASH, _close)(void *cc, void *dst, unsigned rnum)
|
|
{
|
|
SPH_XCAT(HASH, _addbits_and_close)(cc, 0, 0, dst, rnum);
|
|
}
|