cmac.c: optimize make_kn and move zero_iv to const segment.

ffontaine · ffontaine · commit 7aee873d6f6b · 2024-04-08T11:56:06.000+02:00
Backport openssl/openssl@03cf7e7 to fix the following k1 stringop-overflow: In function 'make_kn', inlined from 'make_kn' at crypto/cmac/cmac.c:81:13, inlined from 'CMAC_Init' at crypto/cmac/cmac.c:205:9: crypto/cmac/cmac.c:92:20: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=] 92 | k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b; | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~ crypto/cmac/cmac.c: In function 'CMAC_Init': crypto/cmac/cmac.c:69:19: note: at offset [-2147483649, -1] into destination object 'k1' of size 32 69 | unsigned char k1[EVP_MAX_BLOCK_LENGTH]; | ^~ Fixes: - http://autobuild.buildroot.org/results/97b6333cdc7bad24aba7af1b04890679e0058299 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
diff --git a/Cryptlib/OpenSSL/crypto/cmac/cmac.c b/Cryptlib/OpenSSL/crypto/cmac/cmac.c
@@ -78,18 +78,17 @@ struct CMAC_CTX_st {
 
 /* Make temporary keys K1 and K2 */
 
-static void make_kn(unsigned char *k1, unsigned char *l, int bl)
+static void make_kn(unsigned char *k1, const unsigned char *l, int bl)
 {
     int i;
+    unsigned char c = l[0], carry = c>>7, cnext;
+
     /* Shift block to left, including carry */
-    for (i = 0; i < bl; i++) {
-        k1[i] = l[i] << 1;
-        if (i < bl - 1 && l[i + 1] & 0x80)
-            k1[i] |= 1;
-    }
+    for (i = 0; i < bl-1; i++, c = cnext)
+        k1[i] = (c << 1) | ((cnext=l[i+1]) >> 7);
+
     /* If MSB set fixup with R */
-    if (l[0] & 0x80)
-        k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b;
+    k1[i] = (c << 1) ^ ((0-carry)&(bl==16?0x87:0x1b));
 }
 
 CMAC_CTX *CMAC_CTX_new(void)
@@ -151,7 +150,7 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
 int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
               const EVP_CIPHER *cipher, ENGINE *impl)
 {
-    static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
+    static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = {0};
 #ifdef OPENSSL_FIPS
     if (FIPS_mode()) {
         /* If we have an ENGINE need to allow non FIPS */
