From patchwork Sun Nov 15 14:52:38 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Renat Nurgaliyev <impleman@gmail.com>
X-Patchwork-Id: 1400450
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.138; helo=whitealder.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=vYwV0iS7;
	dkim-atps=neutral
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4CYwDK55ZBz9sSn
	for <incoming@patchwork.ozlabs.org>; Mon, 16 Nov 2020 01:52:49 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 5040186AAB;
	Sun, 15 Nov 2020 14:52:47 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 6JsBwEiDHSes; Sun, 15 Nov 2020 14:52:46 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by whitealder.osuosl.org (Postfix) with ESMTP id EA74E8668A;
	Sun, 15 Nov 2020 14:52:45 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id BD9A2C0891;
	Sun, 15 Nov 2020 14:52:45 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 37DCFC07FF
 for <ovs-dev@openvswitch.org>; Sun, 15 Nov 2020 14:52:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by fraxinus.osuosl.org (Postfix) with ESMTP id 248F68610F
 for <ovs-dev@openvswitch.org>; Sun, 15 Nov 2020 14:52:44 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vBv8BjRA6KM7 for <ovs-dev@openvswitch.org>;
 Sun, 15 Nov 2020 14:52:43 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-lf1-f66.google.com (mail-lf1-f66.google.com
 [209.85.167.66])
 by fraxinus.osuosl.org (Postfix) with ESMTPS id 3D74885FAC
 for <ovs-dev@openvswitch.org>; Sun, 15 Nov 2020 14:52:43 +0000 (UTC)
Received: by mail-lf1-f66.google.com with SMTP id a9so20035753lfh.2
 for <ovs-dev@openvswitch.org>; Sun, 15 Nov 2020 06:52:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=date:from:to:cc:subject:message-id:mime-version:content-disposition;
 bh=hn+rTiHf3pCWntHgSz6kDO3D11+vZrZl30SAPvd6DCU=;
 b=vYwV0iS7kqO4kHKPL7Fsi/ZOA/HZVS/FOm11UDosGBaHChPLodffSQayC0e8WMkMoe
 JDRSykLEPbZUn4Uj+p290lHwA2ppwQyM6Twj2zxpUfD5KfP2aqtJsv92y+LZA9Nn4NjD
 KOB2D6x8gHxdlwGvZQB3qoVeqUe/r0XEEVQLHk9n3kcSqve4IYdVlvZY6ugDTzMkSAEV
 s11rcgOKUGPqN6xkHpaB3cQKOxFIbi0zjN2TbLZ4nrWbNXRJgc1h044BrUKdniNkh2fF
 t9jdufmWT4Y7+fd+pU6BF+kU7d4hWMYaE/6orp2vK4dlbVsyYtUbQB04pklQF/saSR4v
 OYKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
 :content-disposition;
 bh=hn+rTiHf3pCWntHgSz6kDO3D11+vZrZl30SAPvd6DCU=;
 b=ixWPTxAv27cM1OP8dLQQyVz/hfgIzM0/d43YOQKiRxk4zFZyevZoxOXS2cJQbIui7a
 kFk9czNTAv7jOuwKbyGuLU/KP6jUkFDGFWdAYdo1xbaeYIg/LbvXkpDjqWg462XFZxg8
 CeHFKM236eu1jOifDJp4uxwwL8UrClhVA3DTN6QjTsdJhAIWcLR11dAkWrCiqA62fnSQ
 5IGWLnCi94lJk4jWOC7oqd3IJNknCvyBOe8nFZ5PzyV0mrrinjTRUb1JSu9Ab07mEjGJ
 VLOPux+K+KjqGpgU9BbVgBDU8mAezpebmhwHuHP6N1GA4r9Rp36cJa5xmMQKhRpWKTqC
 xDqg==
X-Gm-Message-State: AOAM532NQV9AZYN23CyuRYOvRwi/fbStZBKsFgC3Xl5muI4AW6pbxuxV
 JEaHp7aXF5IytUmedlKQLl0N1lveyXs=
X-Google-Smtp-Source: 
 ABdhPJwxMALeY+5ZAR3Jm1UJEkw9b5Q55ENBHdzd+1dbn/ec+kTdZFNRvrEL/OeMTAcXiTlKhM62qA==
X-Received: by 2002:ac2:5199:: with SMTP id u25mr4854078lfi.438.1605451960937;
 Sun, 15 Nov 2020 06:52:40 -0800 (PST)
Received: from Renats-MacBook-Air.local (55d4b274.access.ecotel.net.
 [85.212.178.116])
 by smtp.gmail.com with ESMTPSA id a30sm2392975ljd.91.2020.11.15.06.52.39
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 15 Nov 2020 06:52:40 -0800 (PST)
Date: Sun, 15 Nov 2020 15:52:38 +0100
From: Renat Nurgaliyev <impleman@gmail.com>
To: ovs-dev@openvswitch.org
Message-ID: <X7FAtjmU7/+Ib+b/@Renats-MacBook-Air.local>
MIME-Version: 1.0
Content-Disposition: inline
Cc: i.maximets@ovn.org
Subject: [ovs-dev] [PATCH v2] Fix SHA-1 algorithm for data bigger than 512
	megabytes.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

In modern systems, size_t is 64 bits. There is a 32 bit overflow check
in sha1_update(), which will not work correctly, because compiler will
do an automatic cast to 64 bits, since size_t type variable is in the
expression. We do want however to lose data, since this is the whole
idea of this overflow check.

Because of this, computation of SHA-1 checksum will always be incorrect
for any data, that is bigger than 512 megabytes, which in bits is the
boundary of 32 bits integer.

In practice it means that any OVSDB transaction, bigger or equal to 512
megabytes, is considered corrupt and ovsdb-server will refuse to work
with the database file. This is especially critical for OVN southbound
database, since it tends to grow rapidly.

Signed-off-by: Renat Nurgaliyev <impleman@gmail.com>
---
v2:
  replace size_t with uint32_t where necessary instead of explicit cast
---
 lib/sha1.c | 4 ++--
 lib/sha1.h | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/sha1.c b/lib/sha1.c
index 4f48ef210..87360d9cd 100644
--- a/lib/sha1.c
+++ b/lib/sha1.c
@@ -197,7 +197,7 @@ sha1_init(struct sha1_ctx *sha_info)
  * inputLen: The length of the input buffer.
  */
 void
-sha1_update(struct sha1_ctx *ctx, const void *buffer_, size_t count)
+sha1_update(struct sha1_ctx *ctx, const void *buffer_, uint32_t count)
 {
     const uint8_t *buffer = buffer_;
     unsigned int i;
@@ -274,7 +274,7 @@ sha1_final(struct sha1_ctx *ctx, uint8_t digest[SHA1_DIGEST_SIZE])
 
 /* Computes the hash of 'n' bytes in 'data' into 'digest'. */
 void
-sha1_bytes(const void *data, size_t n, uint8_t digest[SHA1_DIGEST_SIZE])
+sha1_bytes(const void *data, uint32_t n, uint8_t digest[SHA1_DIGEST_SIZE])
 {
     struct sha1_ctx ctx;
 
diff --git a/lib/sha1.h b/lib/sha1.h
index eda265dfc..a6e5a8cc0 100644
--- a/lib/sha1.h
+++ b/lib/sha1.h
@@ -45,9 +45,9 @@ struct sha1_ctx {
 };
 
 void sha1_init(struct sha1_ctx *);
-void sha1_update(struct sha1_ctx *, const void *, size_t);
+void sha1_update(struct sha1_ctx *, const void *, uint32_t);
 void sha1_final(struct sha1_ctx *, uint8_t digest[SHA1_DIGEST_SIZE]);
-void sha1_bytes(const void *, size_t, uint8_t digest[SHA1_DIGEST_SIZE]);
+void sha1_bytes(const void *, uint32_t, uint8_t digest[SHA1_DIGEST_SIZE]);
 
 #define SHA1_FMT \
         "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" \