diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2021-02-03 18:11:46 +0200 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2021-02-03 18:30:03 +0200 |
commit | 24af2a55d862d45fe3aef6b5626a52d9bb0fb17e (patch) | |
tree | eabb994c5860bc9bf2ae3d0d9bad7035eb0831cb /cipher/sha256-avx2-bmi2-amd64.S | |
parent | 289543544e41cd5fe90352c5c7548ac09da533cc (diff) | |
download | libgcrypt-24af2a55d862d45fe3aef6b5626a52d9bb0fb17e.tar.gz |
sha256-avx2: fix reading beyond end of input buffer
* cipher/sha256-avx2-bmi2-amd64.S
(_gcry_sha256_transform_amd64_avx2): Use 'last block' code path if
input length is only one block.
* tests/basic.c (check_one_md_final): Use dynamic allocated buffer
so that in future similar access errors get detected by
tests/basic + valgrind.
--
Reported-by: Guido Vranken <guidovranken@gmail.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/sha256-avx2-bmi2-amd64.S')
-rw-r--r-- | cipher/sha256-avx2-bmi2-amd64.S | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/cipher/sha256-avx2-bmi2-amd64.S b/cipher/sha256-avx2-bmi2-amd64.S index faefba17..d130dd4a 100644 --- a/cipher/sha256-avx2-bmi2-amd64.S +++ b/cipher/sha256-avx2-bmi2-amd64.S @@ -285,6 +285,11 @@ _gcry_sha256_transform_amd64_avx2: lea NUM_BLKS, [NUM_BLKS + INP - 64] /* pointer to last block */ mov [rsp + _INP_END], NUM_BLKS + /* Check if only one block of input. Note: Loading initial digest + * only uses 'mov' instruction and does not change condition + * flags. */ + cmp NUM_BLKS, INP + /* ; load initial digest */ mov a,[4*0 + CTX] mov b,[4*1 + CTX] @@ -297,6 +302,8 @@ _gcry_sha256_transform_amd64_avx2: mov [rsp + _CTX], CTX + je .Ldo_last_block + .Loop0: lea TBL, [.LK256 ADD_RIP] |