Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 880030 Details for
Bug 1079042
MD5 makes ruby interpreter crash in FIPS mode (again)
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh92 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patches Ruby 1.8.7-p352 to check for MD5 digest init failure in ext/digest.
ruby-1.8.7-p352-digest-init-fail.patch (text/plain), 12.96 KB, created by
jared jennings
on 2014-03-28 21:47:25 UTC
(
hide
)
Description:
Patches Ruby 1.8.7-p352 to check for MD5 digest init failure in ext/digest.
Filename:
MIME Type:
Creator:
jared jennings
Created:
2014-03-28 21:47:25 UTC
Size:
12.96 KB
patch
obsolete
>diff --git a/ruby-1.8.7-p352/ext/digest/digest.c b/ruby-1.8.7-p352/ext/digest/digest.c >index 25ba76d..f6811d4 100644 >--- a/ruby-1.8.7-p352/ext/digest/digest.c >+++ b/ruby-1.8.7-p352/ext/digest/digest.c >@@ -448,7 +448,7 @@ get_digest_base_metadata(VALUE klass) > Data_Get_Struct(obj, rb_digest_metadata_t, algo); > > switch (algo->api_version) { >- case 2: >+ case 3: > break; > > /* >@@ -476,7 +476,9 @@ rb_digest_base_alloc(VALUE klass) > algo = get_digest_base_metadata(klass); > > pctx = xmalloc(algo->ctx_size); >- algo->init_func(pctx); >+ if (algo->init_func(pctx) != 1) { >+ rb_raise(rb_eRuntimeError, "Digest initialization failed."); >+ } > > obj = Data_Wrap_Struct(klass, 0, free, pctx); > >@@ -514,7 +516,9 @@ rb_digest_base_reset(VALUE self) > > Data_Get_Struct(self, void, pctx); > >- algo->init_func(pctx); >+ if (algo->init_func(pctx) != 1) { >+ rb_raise(rb_eRuntimeError, "Digest initialization failed."); >+ } > > return self; > } >@@ -552,7 +556,9 @@ rb_digest_base_finish(VALUE self) > algo->finish_func(pctx, (unsigned char *)RSTRING_PTR(str)); > > /* avoid potential coredump caused by use of a finished context */ >- algo->init_func(pctx); >+ if (algo->init_func(pctx) != 1) { >+ rb_raise(rb_eRuntimeError, "Digest initialization failed."); >+ } > > return str; > } >diff --git a/ruby-1.8.7-p352/ext/digest/digest.h b/ruby-1.8.7-p352/ext/digest/digest.h >index a108588..34ab9d4 100644 >--- a/ruby-1.8.7-p352/ext/digest/digest.h >+++ b/ruby-1.8.7-p352/ext/digest/digest.h >@@ -15,11 +15,11 @@ > > #include "ruby.h" > >-#define RUBY_DIGEST_API_VERSION 2 >+#define RUBY_DIGEST_API_VERSION 3 > >-typedef void (*rb_digest_hash_init_func_t)(void *); >+typedef int (*rb_digest_hash_init_func_t)(void *); > typedef void (*rb_digest_hash_update_func_t)(void *, unsigned char *, size_t); >-typedef void (*rb_digest_hash_finish_func_t)(void *, unsigned char *); >+typedef int (*rb_digest_hash_finish_func_t)(void *, unsigned char *); > > typedef struct { > int api_version; >diff --git a/ruby-1.8.7-p352/ext/digest/md5/md5.c b/ruby-1.8.7-p352/ext/digest/md5/md5.c >index c5dd784..1a131c0 100644 >--- a/ruby-1.8.7-p352/ext/digest/md5/md5.c >+++ b/ruby-1.8.7-p352/ext/digest/md5/md5.c >@@ -348,7 +348,7 @@ md5_process(MD5_CTX *pms, const uint8_t *data /*[64]*/) > pms->state[3] += d; > } > >-void >+int > MD5_Init(MD5_CTX *pms) > { > pms->count[0] = pms->count[1] = 0; >@@ -356,6 +356,7 @@ MD5_Init(MD5_CTX *pms) > pms->state[1] = /*0xefcdab89*/ T_MASK ^ 0x10325476; > pms->state[2] = /*0x98badcfe*/ T_MASK ^ 0x67452301; > pms->state[3] = 0x10325476; >+ return 1; > } > > void >@@ -396,7 +397,7 @@ MD5_Update(MD5_CTX *pms, const uint8_t *data, size_t nbytes) > memcpy(pms->buffer, p, left); > } > >-void >+int > MD5_Finish(MD5_CTX *pms, uint8_t *digest) > { > static const uint8_t pad[64] = { >@@ -417,4 +418,5 @@ MD5_Finish(MD5_CTX *pms, uint8_t *digest) > MD5_Update(pms, data, 8); > for (i = 0; i < 16; ++i) > digest[i] = (uint8_t)(pms->state[i >> 2] >> ((i & 3) << 3)); >+ return 1; > } >diff --git a/ruby-1.8.7-p352/ext/digest/md5/md5.h b/ruby-1.8.7-p352/ext/digest/md5/md5.h >index 053a572..ca61f74 100644 >--- a/ruby-1.8.7-p352/ext/digest/md5/md5.h >+++ b/ruby-1.8.7-p352/ext/digest/md5/md5.h >@@ -69,9 +69,9 @@ typedef struct md5_state_s { > #define MD5_Finish rb_Digest_MD5_Finish > #endif > >-void MD5_Init _((MD5_CTX *pms)); >+int MD5_Init _((MD5_CTX *pms)); > void MD5_Update _((MD5_CTX *pms, const uint8_t *data, size_t nbytes)); >-void MD5_Finish _((MD5_CTX *pms, uint8_t *digest)); >+int MD5_Finish _((MD5_CTX *pms, uint8_t *digest)); > > #define MD5_BLOCK_LENGTH 64 > #define MD5_DIGEST_LENGTH 16 >diff --git a/ruby-1.8.7-p352/ext/digest/md5/md5ossl.c b/ruby-1.8.7-p352/ext/digest/md5/md5ossl.c >index 29ae404..044eb94 100644 >--- a/ruby-1.8.7-p352/ext/digest/md5/md5ossl.c >+++ b/ruby-1.8.7-p352/ext/digest/md5/md5ossl.c >@@ -2,8 +2,15 @@ > > #include "md5ossl.h" > >-void >-MD5_Finish(MD5_CTX *pctx, unsigned char *digest) >+int >+rb_digest_md5osslevp_Init(EVP_MD_CTX *pctx) > { >- MD5_Final(digest, pctx); >+ return EVP_DigestInit_ex(pctx, EVP_md5(), NULL); >+} >+ >+int >+rb_digest_md5osslevp_Finish(EVP_MD_CTX *pctx, unsigned char *digest) >+{ >+ /* if EVP_DigestFinal_ex fails, we ignore that */ >+ return EVP_DigestFinal_ex(pctx, digest, NULL); > } >diff --git a/ruby-1.8.7-p352/ext/digest/md5/md5ossl.h b/ruby-1.8.7-p352/ext/digest/md5/md5ossl.h >index 2e9b5ef..fb0808c 100644 >--- a/ruby-1.8.7-p352/ext/digest/md5/md5ossl.h >+++ b/ruby-1.8.7-p352/ext/digest/md5/md5ossl.h >@@ -4,10 +4,22 @@ > #define MD5OSSL_H_INCLUDED > > #include <stddef.h> >-#include <openssl/md5.h> >+#include <openssl/evp.h> > >-#define MD5_BLOCK_LENGTH MD5_CBLOCK >+#define MD5_Init rb_digest_md5osslevp_Init >+#define MD5_Update EVP_DigestUpdate >+#define MD5_Finish rb_digest_md5osslevp_Finish >+#define MD5_CTX EVP_MD_CTX > >-void MD5_Finish(MD5_CTX *pctx, unsigned char *digest); >+/* We should use EVP_MD_size(3) and EVP_MD_block_size(3), but the >+ advantage of these is that they are flexible across digest >+ algorithms and we are fixing the digest algorithm here; and these >+ numbers must be constants because the rb_digest_metadata_t >+ structure is declared const. Simplest way is to write literals. */ >+#define MD5_BLOCK_LENGTH 64 >+#define MD5_DIGEST_LENGTH 16 >+ >+int MD5_Init(MD5_CTX *pctx); >+int MD5_Finish(MD5_CTX *pctx, unsigned char *digest); > > #endif >diff --git a/ruby-1.8.7-p352/ext/digest/rmd160/rmd160.c b/ruby-1.8.7-p352/ext/digest/rmd160/rmd160.c >index 3138d25..0ecf149 100644 >--- a/ruby-1.8.7-p352/ext/digest/rmd160/rmd160.c >+++ b/ruby-1.8.7-p352/ext/digest/rmd160/rmd160.c >@@ -124,7 +124,7 @@ > > /********************************************************************/ > >-void >+int > RMD160_Init(RMD160_CTX *context) > { > >@@ -138,6 +138,7 @@ RMD160_Init(RMD160_CTX *context) > context->state[4] = 0xc3d2e1f0U; > context->length[0] = context->length[1] = 0; > context->buflen = 0; >+ return 1; > } > > /********************************************************************/ >@@ -408,7 +409,7 @@ RMD160_Update(RMD160_CTX *context, const uint8_t *data, size_t nbytes) > > /********************************************************************/ > >-void >+int > RMD160_Finish(RMD160_CTX *context, uint8_t digest[20]) > { > uint32_t i; >@@ -452,6 +453,7 @@ RMD160_Finish(RMD160_CTX *context, uint8_t digest[20]) > digest[i + 3] = (context->state[i>>2] >> 24); > } > } >+ return 1; > } > > /************************ end of file rmd160.c **********************/ >diff --git a/ruby-1.8.7-p352/ext/digest/rmd160/rmd160.h b/ruby-1.8.7-p352/ext/digest/rmd160/rmd160.h >index 2c761d1..81742a1 100644 >--- a/ruby-1.8.7-p352/ext/digest/rmd160/rmd160.h >+++ b/ruby-1.8.7-p352/ext/digest/rmd160/rmd160.h >@@ -43,10 +43,10 @@ typedef struct { > #endif > > __BEGIN_DECLS >-void RMD160_Init _((RMD160_CTX *)); >+int RMD160_Init _((RMD160_CTX *)); > void RMD160_Transform _((uint32_t[5], const uint32_t[16])); > void RMD160_Update _((RMD160_CTX *, const uint8_t *, size_t)); >-void RMD160_Finish _((RMD160_CTX *, uint8_t[20])); >+int RMD160_Finish _((RMD160_CTX *, uint8_t[20])); > __END_DECLS > > #define RMD160_BLOCK_LENGTH 64 >diff --git a/ruby-1.8.7-p352/ext/digest/sha1/sha1.c b/ruby-1.8.7-p352/ext/digest/sha1/sha1.c >index 85102c8..76aacaf 100644 >--- a/ruby-1.8.7-p352/ext/digest/sha1/sha1.c >+++ b/ruby-1.8.7-p352/ext/digest/sha1/sha1.c >@@ -199,7 +199,7 @@ void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64]) > /* > * SHA1_Init - Initialize new context > */ >-void SHA1_Init(SHA1_CTX *context) >+int SHA1_Init(SHA1_CTX *context) > { > > _DIAGASSERT(context != 0); >@@ -211,6 +211,7 @@ void SHA1_Init(SHA1_CTX *context) > context->state[3] = 0x10325476; > context->state[4] = 0xC3D2E1F0; > context->count[0] = context->count[1] = 0; >+ return 1; > } > > >@@ -244,7 +245,7 @@ void SHA1_Update(SHA1_CTX *context, const uint8_t *data, size_t len) > /* > * Add padding and return the message digest. > */ >-void SHA1_Finish(SHA1_CTX* context, uint8_t digest[20]) >+int SHA1_Finish(SHA1_CTX* context, uint8_t digest[20]) > { > size_t i; > uint8_t finalcount[8]; >@@ -266,4 +267,5 @@ void SHA1_Finish(SHA1_CTX* context, uint8_t digest[20]) > digest[i] = (uint8_t) > ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); > } >+ return 1; > } >diff --git a/ruby-1.8.7-p352/ext/digest/sha1/sha1.h b/ruby-1.8.7-p352/ext/digest/sha1/sha1.h >index 1080530..340263d 100644 >--- a/ruby-1.8.7-p352/ext/digest/sha1/sha1.h >+++ b/ruby-1.8.7-p352/ext/digest/sha1/sha1.h >@@ -28,9 +28,9 @@ typedef struct { > #endif > > void SHA1_Transform _((uint32_t state[5], const uint8_t buffer[64])); >-void SHA1_Init _((SHA1_CTX *context)); >+int SHA1_Init _((SHA1_CTX *context)); > void SHA1_Update _((SHA1_CTX *context, const uint8_t *data, size_t len)); >-void SHA1_Finish _((SHA1_CTX *context, uint8_t digest[20])); >+int SHA1_Finish _((SHA1_CTX *context, uint8_t digest[20])); > > #define SHA1_BLOCK_LENGTH 64 > #define SHA1_DIGEST_LENGTH 20 >diff --git a/ruby-1.8.7-p352/ext/digest/sha2/sha2.c b/ruby-1.8.7-p352/ext/digest/sha2/sha2.c >index 597a25d..2369455 100644 >--- a/ruby-1.8.7-p352/ext/digest/sha2/sha2.c >+++ b/ruby-1.8.7-p352/ext/digest/sha2/sha2.c >@@ -283,13 +283,14 @@ const static sha2_word64 sha512_initial_hash_value[8] = { > > > /*** SHA-256: *********************************************************/ >-void SHA256_Init(SHA256_CTX* context) { >+int SHA256_Init(SHA256_CTX* context) { > if (context == (SHA256_CTX*)0) { >- return; >+ return 0; > } > MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH); > MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH); > context->bitcount = 0; >+ return 1; > } > > #ifdef SHA2_UNROLL_TRANSFORM >@@ -515,7 +516,7 @@ void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) { > usedspace = freespace = 0; > } > >-void SHA256_Finish(SHA256_CTX* context, sha2_byte digest[]) { >+int SHA256_Finish(SHA256_CTX* context, sha2_byte digest[]) { > sha2_word32 *d = (sha2_word32*)digest; > unsigned int usedspace; > >@@ -576,16 +577,18 @@ void SHA256_Finish(SHA256_CTX* context, sha2_byte digest[]) { > /* Clean up state data: */ > MEMSET_BZERO(context, sizeof(SHA256_CTX)); > usedspace = 0; >+ return 1; > } > > /*** SHA-512: *********************************************************/ >-void SHA512_Init(SHA512_CTX* context) { >+int SHA512_Init(SHA512_CTX* context) { > if (context == (SHA512_CTX*)0) { >- return; >+ return 0; > } > MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH); > MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH); > context->bitcount[0] = context->bitcount[1] = 0; >+ return 1; > } > > #ifdef SHA2_UNROLL_TRANSFORM >@@ -846,7 +849,7 @@ void SHA512_Last(SHA512_CTX* context) { > SHA512_Transform(context, (const sha2_word64*)context->buffer); > } > >-void SHA512_Finish(SHA512_CTX* context, sha2_byte digest[]) { >+int SHA512_Finish(SHA512_CTX* context, sha2_byte digest[]) { > sha2_word64 *d = (sha2_word64*)digest; > > /* Sanity check: */ >@@ -873,23 +876,25 @@ void SHA512_Finish(SHA512_CTX* context, sha2_byte digest[]) { > > /* Zero out state data */ > MEMSET_BZERO(context, sizeof(SHA512_CTX)); >+ return 1; > } > > /*** SHA-384: *********************************************************/ >-void SHA384_Init(SHA384_CTX* context) { >+int SHA384_Init(SHA384_CTX* context) { > if (context == (SHA384_CTX*)0) { >- return; >+ return 0; > } > MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH); > MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH); > context->bitcount[0] = context->bitcount[1] = 0; >+ return 1; > } > > void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) { > SHA512_Update((SHA512_CTX*)context, data, len); > } > >-void SHA384_Finish(SHA384_CTX* context, sha2_byte digest[]) { >+int SHA384_Finish(SHA384_CTX* context, sha2_byte digest[]) { > sha2_word64 *d = (sha2_word64*)digest; > > /* Sanity check: */ >@@ -916,4 +921,5 @@ void SHA384_Finish(SHA384_CTX* context, sha2_byte digest[]) { > > /* Zero out state data */ > MEMSET_BZERO(context, sizeof(SHA384_CTX)); >+ return 1; > } >diff --git a/ruby-1.8.7-p352/ext/digest/sha2/sha2.h b/ruby-1.8.7-p352/ext/digest/sha2/sha2.h >index b83155c..a934cd1 100644 >--- a/ruby-1.8.7-p352/ext/digest/sha2/sha2.h >+++ b/ruby-1.8.7-p352/ext/digest/sha2/sha2.h >@@ -89,17 +89,17 @@ typedef SHA512_CTX SHA384_CTX; > #endif > > /*** SHA-256/384/512 Function Prototypes ******************************/ >-void SHA256_Init _((SHA256_CTX *)); >+int SHA256_Init _((SHA256_CTX *)); > void SHA256_Update _((SHA256_CTX*, const uint8_t*, size_t)); >-void SHA256_Finish _((SHA256_CTX*, uint8_t[SHA256_DIGEST_LENGTH])); >+int SHA256_Finish _((SHA256_CTX*, uint8_t[SHA256_DIGEST_LENGTH])); > >-void SHA384_Init _((SHA384_CTX*)); >+int SHA384_Init _((SHA384_CTX*)); > void SHA384_Update _((SHA384_CTX*, const uint8_t*, size_t)); >-void SHA384_Finish _((SHA384_CTX*, uint8_t[SHA384_DIGEST_LENGTH])); >+int SHA384_Finish _((SHA384_CTX*, uint8_t[SHA384_DIGEST_LENGTH])); > >-void SHA512_Init _((SHA512_CTX*)); >+int SHA512_Init _((SHA512_CTX*)); > void SHA512_Update _((SHA512_CTX*, const uint8_t*, size_t)); >-void SHA512_Finish _((SHA512_CTX*, uint8_t[SHA512_DIGEST_LENGTH])); >+int SHA512_Finish _((SHA512_CTX*, uint8_t[SHA512_DIGEST_LENGTH])); > > #ifdef __cplusplus > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=880030">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1079042
: 880030