abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix ZUC out-of-bounds read

Browse Source
This commit is contained in:
Zhi Guan
2026-06-14 15:36:02 +08:00
parent 5c67b5963d
commit f6f049256c
4 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -777,7 +777,7 @@ endif()
# #
set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_NAME "GmSSL")
set(CPACK_PACKAGE_VENDOR "GmSSL develop team") set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1039") set(CPACK_PACKAGE_VERSION "3.2.0-dev.1042")
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
set(CPACK_NSIS_MODIFY_PATH ON) set(CPACK_NSIS_MODIFY_PATH ON)
include(CPack) include(CPack)

2
include/gmssl/version.h
View File

@@ -19,7 +19,7 @@ extern "C" {
// Also update CPACK_PACKAGE_VERSION in CMakeLists.txt // Also update CPACK_PACKAGE_VERSION in CMakeLists.txt
#define GMSSL_VERSION_NUM 30200 #define GMSSL_VERSION_NUM 30200
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1039" #define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1042"
int gmssl_version_num(void); int gmssl_version_num(void);
const char *gmssl_version_str(void); const char *gmssl_version_str(void);

5
include/gmssl/zuc.h
View File

@@ -92,9 +92,10 @@ typedef struct ZUC256_MAC_CTX_st {
} ZUC256_MAC_CTX; } ZUC256_MAC_CTX;
void zuc256_mac_init(ZUC256_MAC_CTX *ctx, const uint8_t key[ZUC256_KEY_SIZE], void zuc256_mac_init(ZUC256_MAC_CTX *ctx, const uint8_t key[ZUC256_KEY_SIZE],
const uint8_t iv[ZUC256_IV_SIZE], int macbits); const uint8_t iv[ZUC256_IV_SIZE], int macbits); // macbits should be 32, 64, or 128
void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len); void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len);
void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]); void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits,
uint8_t *mac); // mac size should be 4, 8 or 16
typedef struct { typedef struct {

11
src/zuc.c
View File

@@ -325,11 +325,11 @@ void zuc_encrypt(ZUC_STATE *state, const uint8_t *in, size_t inlen, uint8_t *out
} }
LFSR[15] = V; LFSR[15] = V;
// xor with plaintext
Z ^= GETU32(in);
// output ciphertext // output ciphertext
if (inlen >= 4) { if (inlen >= 4) {
// xor with plaintext
Z ^= GETU32(in);
PUTU32(out, Z); PUTU32(out, Z);
inlen -= 4; inlen -= 4;
in += 4; in += 4;
@@ -338,6 +338,11 @@ void zuc_encrypt(ZUC_STATE *state, const uint8_t *in, size_t inlen, uint8_t *out
uint8_t word[4]; uint8_t word[4];
size_t i; size_t i;
memcpy(word, in, inlen);
// xor with plaintext
Z ^= GETU32(word);
PUTU32(word, Z); PUTU32(word, Z);
for (i = 0; i < inlen; i++) { for (i = 0; i < inlen; i++) {
out[i] = word[i]; out[i] = word[i];