sha256-avx2: fix reading beyond end of input buffer

* cipher/sha256-avx2-bmi2-amd64.S (_gcry_sha256_transform_amd64_avx2): Use 'last block' code path if input length is only one block. * tests/basic.c (check_one_md_final): Use dynamic allocated buffer so that in future similar access errors get detected by tests/basic + valgrind. -- Reported-by: Guido Vranken <guidovranken@gmail.com> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
author: Jussi Kivilinna <jussi.kivilinna@iki.fi> 2021-02-03 18:11:46 +0200
committer: Jussi Kivilinna <jussi.kivilinna@iki.fi> 2021-02-03 18:30:03 +0200
commit: 24af2a55d862d45fe3aef6b5626a52d9bb0fb17e (patch)
tree: eabb994c5860bc9bf2ae3d0d9bad7035eb0831cb /cipher/sha256-avx2-bmi2-amd64.S
parent: 289543544e41cd5fe90352c5c7548ac09da533cc (diff)
download: libgcrypt-24af2a55d862d45fe3aef6b5626a52d9bb0fb17e.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/cipher/sha256-avx2-bmi2-amd64.S b/cipher/sha256-avx2-bmi2-amd64.S
index faefba17..d130dd4a 100644
--- a/cipher/sha256-avx2-bmi2-amd64.S
+++ b/cipher/sha256-avx2-bmi2-amd64.S
@@ -285,6 +285,11 @@ _gcry_sha256_transform_amd64_avx2:
 	lea	NUM_BLKS, [NUM_BLKS + INP - 64] /*  pointer to last block */
 	mov	[rsp + _INP_END], NUM_BLKS
 
+	/* Check if only one block of input. Note: Loading initial digest
+	 * only uses 'mov' instruction and does not change condition
+	 * flags. */
+	cmp	NUM_BLKS, INP
+
 	/* ; load initial digest */
 	mov	a,[4*0 + CTX]
 	mov	b,[4*1 + CTX]
@@ -297,6 +302,8 @@ _gcry_sha256_transform_amd64_avx2:
 
 	mov	[rsp + _CTX], CTX
 
+	je	.Ldo_last_block
+
 .Loop0:
 	lea	TBL, [.LK256 ADD_RIP]
author	Jussi Kivilinna <jussi.kivilinna@iki.fi>	2021-02-03 18:11:46 +0200
committer	Jussi Kivilinna <jussi.kivilinna@iki.fi>	2021-02-03 18:30:03 +0200
commit	24af2a55d862d45fe3aef6b5626a52d9bb0fb17e (patch)
tree	eabb994c5860bc9bf2ae3d0d9bad7035eb0831cb /cipher/sha256-avx2-bmi2-amd64.S
parent	289543544e41cd5fe90352c5c7548ac09da533cc (diff)
download	libgcrypt-24af2a55d862d45fe3aef6b5626a52d9bb0fb17e.tar.gz