From 844e5ae0b40d77df6a0038d0b10d3f6b49921d8d Mon Sep 17 00:00:00 2001
From: Benny Prijono <bennylp@teluu.com>
Date: Tue, 12 May 2009 08:01:56 +0000
Subject: Fixed ticket #836: SHA1 encryption may corrupt STUN packets with
 MESSAGE-INTEGRITY. Also added unit test to verify this behavior

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@2690 74dad513-b988-da41-8d7b-12977e46ad98
---
 pjlib-util/src/pjlib-util-test/encryption.c | 31 ++++++++++++++++++++++++++++-
 pjlib-util/src/pjlib-util/sha1.c            | 10 ++++++----
 2 files changed, 36 insertions(+), 5 deletions(-)

(limited to 'pjlib-util')

diff --git a/pjlib-util/src/pjlib-util-test/encryption.c b/pjlib-util/src/pjlib-util-test/encryption.c
index c31bea95..3db0d9a0 100644
--- a/pjlib-util/src/pjlib-util-test/encryption.c
+++ b/pjlib-util/src/pjlib-util-test/encryption.c
@@ -64,10 +64,13 @@ static void digest_to_hex(const pj_uint8_t digest[PJ_SHA1_DIGEST_SIZE],
 
 static int sha1_test1(void)
 {
+    enum { MILLION = 1000000 };
     int k;
     pj_sha1_context context;
     pj_uint8_t digest[20];
     char output[80];
+    pj_pool_t *pool;
+    pj_uint8_t *block;
 
     PJ_LOG(3, (THIS_FILE, "  SHA1 test vector 1 from sha1.c.."));
     
@@ -86,7 +89,7 @@ static int sha1_test1(void)
 
     /* million 'a' vector we feed separately */
     pj_sha1_init(&context);
-    for (k = 0; k < 1000000; k++)
+    for (k = 0; k < MILLION; k++)
         pj_sha1_update(&context, (pj_uint8_t*)"a", 1);
     pj_sha1_final(&context, digest);
     digest_to_hex(digest, output);
@@ -95,6 +98,32 @@ static int sha1_test1(void)
         return -20;
     }
 
+    /* million 'a' test, using block */
+    pool = pj_pool_create(mem, "sha1test", 256, 512, NULL);
+    block = (pj_uint8_t*)pj_pool_alloc(pool, MILLION);
+    pj_memset(block, 'a', MILLION);
+
+    pj_sha1_init(&context);
+    pj_sha1_update(&context, block, MILLION);
+    pj_sha1_final(&context, digest);
+    digest_to_hex(digest, output);
+    if (strcmp(output, sha1_test_results[2])) {
+	pj_pool_release(pool);
+	PJ_LOG(3, (THIS_FILE, "    incorrect hash result for block update!"));
+        return -21;
+    }
+
+    /* verify that original buffer was not modified */
+    for (k=0; k<MILLION; ++k) {
+	if (block[k] != 'a') {
+	    pj_pool_release(pool);
+	    PJ_LOG(3, (THIS_FILE, "    block was modified!"));
+	    return -22;
+	}
+    }
+
+    pj_pool_release(pool);
+
     /* success */
     return(0);
 }
diff --git a/pjlib-util/src/pjlib-util/sha1.c b/pjlib-util/src/pjlib-util/sha1.c
index deb75162..afdbff2d 100644
--- a/pjlib-util/src/pjlib-util/sha1.c
+++ b/pjlib-util/src/pjlib-util/sha1.c
@@ -105,7 +105,7 @@ A million repetitions of "a"
 #undef SHA1HANDSOFF
 
 
-static void SHA1_Transform(pj_uint32_t state[5], const pj_uint8_t buffer[64]);
+static void SHA1_Transform(pj_uint32_t state[5], pj_uint8_t buffer[64]);
 
 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
 
@@ -131,7 +131,7 @@ static void SHA1_Transform(pj_uint32_t state[5], const pj_uint8_t buffer[64]);
 
 
 /* Hash a single 512-bit block. This is the core of the algorithm. */
-static void SHA1_Transform(pj_uint32_t state[5], const pj_uint8_t buffer[64])
+static void SHA1_Transform(pj_uint32_t state[5], pj_uint8_t buffer[64])
 {
     pj_uint32_t a, b, c, d, e;
     typedef union {
@@ -214,8 +214,10 @@ PJ_DEF(void) pj_sha1_update(pj_sha1_context* context,
     if ((j + len) > 63) {
         pj_memcpy(&context->buffer[j], data, (i = 64-j));
         SHA1_Transform(context->state, context->buffer);
-        for ( ; i + 63 < len; i += 64) {
-            SHA1_Transform(context->state, data + i);
+        for ( ; i + 63 < len; i += 64) {
+	    pj_uint8_t tmp[64];
+	    pj_memcpy(tmp, data + i, 64);
+            SHA1_Transform(context->state, tmp);
         }
         j = 0;
     }
-- 
cgit v1.2.3