From a8e48bb0ab903b33cc3e97bfc4886b4fd9899edd Mon Sep 17 00:00:00 2001
From: "Dmitriy A. Gerasimov" <dmitriy.gerasimov@demlabs.net>
Date: Mon, 5 Oct 2020 16:28:00 +0700
Subject: [PATCH] [*] BF fixed
---
CMakeLists.txt | 2 +-
dap-sdk/crypto/src/dap_enc_bf.c | 7 +++++--
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 50ddb66daa..07e48a064f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2,7 +2,7 @@ project(cellframe-sdk C)
cmake_minimum_required(VERSION 2.8)
set(CMAKE_C_STANDARD 11)
-set(CELLFRAME_SDK_NATIVE_VERSION "2.6-9")
+set(CELLFRAME_SDK_NATIVE_VERSION "2.6-10")
add_definitions ("-DCELLFRAME_SDK_VERSION=\"${CELLFRAME_SDK_NATIVE_VERSION}\"")
set(DAPSDK_MODULES "")
diff --git a/dap-sdk/crypto/src/dap_enc_bf.c b/dap-sdk/crypto/src/dap_enc_bf.c
index 025f2b726d..86681c1649 100644
--- a/dap-sdk/crypto/src/dap_enc_bf.c
+++ b/dap-sdk/crypto/src/dap_enc_bf.c
@@ -114,8 +114,11 @@ size_t dap_enc_bf_cbc_decrypt_fast(struct dap_enc_key *a_key, const void * a_in,
a_key->priv_key_data, iv, BF_DECRYPT);
int bf_cbc_padding_length = *(uint8_t*)(a_out + a_in_size - BLOWFISH_BLOCK_SIZE - 1);
-
size_t a_out_size = *(uint32_t*)(a_out + a_in_size - BLOWFISH_BLOCK_SIZE - 1 - bf_cbc_padding_length - 4);
+ if (a_out_size > a_in_size + BLOWFISH_BLOCK_SIZE) {
+ log_it(L_WARNING, "blowfish_cbc decryption out size %d too big", a_out_size);
+ return a_in_size + BLOWFISH_BLOCK_SIZE;
+ }
return a_out_size;
}
@@ -126,7 +129,7 @@ size_t dap_enc_bf_cbc_encrypt_fast(struct dap_enc_key * a_key, const void * a_in
//generate iv and put it in *a_out first bytes
size_t a_out_size = (a_in_size + 4 + 1 + BLOWFISH_BLOCK_SIZE-1)/BLOWFISH_BLOCK_SIZE*BLOWFISH_BLOCK_SIZE + BLOWFISH_BLOCK_SIZE;
if(a_out_size > buf_out_size) {
- log_it(L_ERROR, "blowfish_cbc fast_encryption too small buf_out_size");
+ log_it(L_ERROR, "blowfish_cbc fast_encryption too small buf_out_size, %d < %d", buf_out_size, a_out_size);
return 0;
}
--
GitLab