From dce2317195a7d9aa77b159fd1beddaf8358f6243 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Sat, 9 Jan 2016 00:09:06 -0500 Subject: [PATCH 1/5] Increase range for GCC workaround on ARMEL. After speaking with AP from GCC, he states some issues are still likely present in Master, which is GCC 6.0 --- integer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integer.cpp b/integer.cpp index e767bd98..de5df007 100644 --- a/integer.cpp +++ b/integer.cpp @@ -59,7 +59,7 @@ #endif // Debian QEMU/ARMEL issue in MultiplyTop; see http://github.com/weidai11/cryptopp/issues/31. -#if __ARMEL__ && (CRYPTOPP_GCC_VERSION >= 50200) && (CRYPTOPP_GCC_VERSION < 50300) && __OPTIMIZE__ +#if __ARMEL__ && (CRYPTOPP_GCC_VERSION >= 40900) && (CRYPTOPP_GCC_VERSION < 70000) && __OPTIMIZE__ # define WORKAROUND_ARMEL_BUG 1 #endif From 76b2f9387d686ea4a880c820b4de0bca7214839c Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Sun, 10 Jan 2016 14:25:47 -0500 Subject: [PATCH 2/5] Cleared Valgrind warnings on uninitialized reads (Issue 105) --- rng.cpp | 56 ++++++++++++++++++++++++++++++++------------------------ rng.h | 8 ++++---- 2 files changed, 36 insertions(+), 28 deletions(-) diff --git a/rng.cpp b/rng.cpp index 354856c4..22141cb7 100644 --- a/rng.cpp +++ b/rng.cpp @@ -59,25 +59,33 @@ void LC_RNG::GenerateBlock(byte *output, size_t size) #ifndef CRYPTOPP_IMPORTS X917RNG::X917RNG(BlockTransformation *c, const byte *seed, const byte *deterministicTimeVector) - : cipher(c), - S(cipher->BlockSize()), - dtbuf(S), - randseed(seed, S), - m_lastBlock(S), - m_deterministicTimeVector(deterministicTimeVector, deterministicTimeVector ? S : 0) + : m_cipher(c), + m_size(m_cipher->BlockSize()), + m_datetime(m_size), + m_randseed(seed, m_size), + m_lastBlock(m_size), + m_deterministicTimeVector(deterministicTimeVector, deterministicTimeVector ? m_size : 0) { + // Valgrind finding, http://github.com/weidai11/cryptopp/issues/105 + // Garbage in the tail creates a non-conforming X9.17 or X9.31 generator. + if (m_size > 8) + { + memset(m_datetime, 0x00, m_size); + memset(m_lastBlock, 0x00, m_size); + } + if (!deterministicTimeVector) { time_t tstamp1 = time(0); - xorbuf(dtbuf, (byte *)&tstamp1, UnsignedMin(sizeof(tstamp1), S)); - cipher->ProcessBlock(dtbuf); + xorbuf(m_datetime, (byte *)&tstamp1, UnsignedMin(sizeof(tstamp1), m_size)); + m_cipher->ProcessBlock(m_datetime); clock_t tstamp2 = clock(); - xorbuf(dtbuf, (byte *)&tstamp2, UnsignedMin(sizeof(tstamp2), S)); - cipher->ProcessBlock(dtbuf); + xorbuf(m_datetime, (byte *)&tstamp2, UnsignedMin(sizeof(tstamp2), m_size)); + m_cipher->ProcessBlock(m_datetime); } // for FIPS 140-2 - GenerateBlock(m_lastBlock, S); + GenerateBlock(m_lastBlock, m_size); } void X917RNG::GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size) @@ -87,35 +95,35 @@ void X917RNG::GenerateIntoBufferedTransformation(BufferedTransformation &target, // calculate new enciphered timestamp if (m_deterministicTimeVector.size()) { - cipher->ProcessBlock(m_deterministicTimeVector, dtbuf); - IncrementCounterByOne(m_deterministicTimeVector, S); + m_cipher->ProcessBlock(m_deterministicTimeVector, m_datetime); + IncrementCounterByOne(m_deterministicTimeVector, m_size); } else { clock_t c = clock(); - xorbuf(dtbuf, (byte *)&c, UnsignedMin(sizeof(c), S)); + xorbuf(m_datetime, (byte *)&c, UnsignedMin(sizeof(c), m_size)); time_t t = time(NULL); - xorbuf(dtbuf+S-UnsignedMin(sizeof(t), S), (byte *)&t, UnsignedMin(sizeof(t), S)); - cipher->ProcessBlock(dtbuf); + xorbuf(m_datetime+m_size-UnsignedMin(sizeof(t), m_size), (byte *)&t, UnsignedMin(sizeof(t), m_size)); + m_cipher->ProcessBlock(m_datetime); } // combine enciphered timestamp with seed - xorbuf(randseed, dtbuf, S); + xorbuf(m_randseed, m_datetime, m_size); // generate a new block of random bytes - cipher->ProcessBlock(randseed); - if (memcmp(m_lastBlock, randseed, S) == 0) + m_cipher->ProcessBlock(m_randseed); + if (memcmp(m_lastBlock, m_randseed, m_size) == 0) throw SelfTestFailure("X917RNG: Continuous random number generator test failed."); // output random bytes - size_t len = UnsignedMin(S, size); - target.ChannelPut(channel, randseed, len); + size_t len = UnsignedMin(m_size, size); + target.ChannelPut(channel, m_randseed, len); size -= len; // compute new seed vector - memcpy(m_lastBlock, randseed, S); - xorbuf(randseed, dtbuf, S); - cipher->ProcessBlock(randseed); + memcpy(m_lastBlock, m_randseed, m_size); + xorbuf(m_randseed, m_datetime, m_size); + m_cipher->ProcessBlock(m_randseed); } } diff --git a/rng.h b/rng.h index 15e7ae33..b10f69ea 100644 --- a/rng.h +++ b/rng.h @@ -69,10 +69,10 @@ public: void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size); private: - member_ptr cipher; - const unsigned int S; // blocksize of cipher - SecByteBlock dtbuf; // buffer for enciphered timestamp - SecByteBlock randseed, m_lastBlock, m_deterministicTimeVector; + member_ptr m_cipher; + const unsigned int m_size; // S, blocksize of cipher + SecByteBlock m_datetime; // DT, buffer for enciphered timestamp + SecByteBlock m_randseed, m_lastBlock, m_deterministicTimeVector; }; //! \class MaurerRandomnessTest From 26f0eabf0f475eb341ba3b4065d292c964b6f8e9 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Mon, 11 Jan 2016 06:31:37 -0500 Subject: [PATCH 3/5] Cleared ARM64 warning --- validat2.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/validat2.cpp b/validat2.cpp index fd6d244a..bfd85aee 100644 --- a/validat2.cpp +++ b/validat2.cpp @@ -591,7 +591,7 @@ bool TestPolynomialMod2() for (unsigned int i=start; i < stop; i++) { - const word w(SIZE_MAX); + const word w((word)SIZE_MAX); PolynomialMod2 p(w); p <<= i; From c65c88a43201e1112acb2d45f2a78860f98a3af4 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Mon, 11 Jan 2016 06:54:00 -0500 Subject: [PATCH 4/5] Added -fno-omit-frame-pointer for asan recipe --- GNUmakefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/GNUmakefile b/GNUmakefile index d6060b22..e38ef4d3 100755 --- a/GNUmakefile +++ b/GNUmakefile @@ -220,6 +220,9 @@ ifeq ($(findstring asan,$(MAKECMDGOALS)),asan) ifeq ($(findstring -fsanitize=address,$(CXXFLAGS)),) CXXFLAGS += -fsanitize=address endif # CXXFLAGS +ifeq ($(findstring -fno-omit-frame-pointer,$(CXXFLAGS)),) +CXXFLAGS += -fno-omit-frame-pointer +endif # CXXFLAGS endif # Asan # LD gold linker testing. Triggered by 'LD=ld.gold'. From f16bd037227f9881571fd0905559ccf6ad95cc70 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Mon, 11 Jan 2016 09:35:39 -0500 Subject: [PATCH 5/5] Fixed copy/paste for address sanitizer --- cryptest.sh | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/cryptest.sh b/cryptest.sh index 3671380a..284b5aa8 100755 --- a/cryptest.sh +++ b/cryptest.sh @@ -101,21 +101,15 @@ else fi # Set to 0 if you don't have Asan -$CXX -x c++ -fsanitize=undefined adhoc.cpp.proto -c -o $TMP/adhoc > /dev/null 2>&1 +$CXX -x c++ -fsanitize=address adhoc.cpp.proto -c -o $TMP/adhoc > /dev/null 2>&1 if [ "$?" -eq "0" ] && [ "$IS_X86" -ne "0" ]; then HAVE_ASAN=1 else HAVE_ASAN=0 fi -# Fixup... -if [ "$IS_CYGWIN" -ne "0" ] || [ "$IS_MINGW" -ne "0" ]; then - HAVE_UBAN=0 - HAVE_ASAN=0 -fi - -# Final fixups for compilers like GCC on ARM64 -if [ "$HAVE_UBSAN" -eq "0" ] || [ "$HAVE_ASAN" -eq "0" ]; then +# Fixups... Cygwin and MinGW both advertise sanitizer support, but the program fails to link. +if [ "$HAVE_UBSAN" -eq "0" ] || [ "$HAVE_ASAN" -eq "0" ] || [ "$IS_CYGWIN" -ne "0" ] || [ "$IS_MINGW" -ne "0" ]; then HAVE_UBAN=0 HAVE_ASAN=0 fi