From nobody@FreeBSD.org  Wed May  9 20:29:43 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0845A16A402
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  9 May 2007 20:29:43 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id ECD3213C46C
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  9 May 2007 20:29:42 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l49KTgd6026801
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 9 May 2007 20:29:42 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l49KOcgp022588;
	Wed, 9 May 2007 20:24:38 GMT
	(envelope-from nobody)
Message-Id: <200705092024.l49KOcgp022588@www.freebsd.org>
Date: Wed, 9 May 2007 20:24:38 GMT
From: Ighighi<ighighi@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch]: security/digest tiger bug
X-Send-Pr-Version: www-3.0

>Number:         112553
>Category:       ports
>Synopsis:       [patch]: security/digest tiger bug
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 09 20:30:05 GMT 2007
>Closed-Date:    Tue May 29 14:54:22 GMT 2007
>Last-Modified:  Tue May 29 15:00:10 GMT 2007
>Originator:     Ighighi
>Release:        6.2-STABLE
>Organization:
>Environment:
FreeBSD orion 6.2-STABLE FreeBSD 6.2-STABLE #1: Sat May  5 10:13:59 VET 2007     root@orion:/usr/obj/usr/src/sys/CUSTOM  i386
>Description:
This patch makes Tiger output the correct checksum for the null string.

Previously, hashing /dev/null or the null string (echo -n "") would output the contents of the initial Tiger context.
$ digest tiger /dev/null
TIGER (/dev/null) = 0123456789abcdeffedcba9876543210f096a5b4c3b2e187

It should be:
$ ./digest tiger /dev/null
TIGER (/dev/null) = 24f0130c63ac933216166e76b1bb925ff373de2d49584e7a

See: http://www.cs.technion.ac.il/~biham/Reports/Tiger/testresults.html

The bug is in the Tiger code (not digest) because the emulation of the MD*/SHA* interface isn't well done.  When any of the *End() or *Final() is called after finishing a hash operation on zero-byte data, it must make sure the relevant update function (in this case, TigerUpdate) was called at least once, even with len=0.  This patch just adds a 192-bit static array containing the initial Tiger state (which now uses TigerInit()) that both TigerEnd() and TigerFinal() use to compare it to tiger_context_t (which contains just a Tiger state).  A "less cleaner" way would be to add an integer flag to tiger_context_t. It also makes TigerFinal() truly emulate the MD*/SHA*Final() calls.  This (trivial) patch to tiger.c was tested on a 32-bit Pentium-4 (little endian) running FreeBSD 6.2-STABLE and a Sun SPARC (big endian) running SunOS 5.10.  IMO, it could have been spotted earlier with a better test script.  The remaining algorithms work OK with the null string.

Note: This patch was tested against the current NetBSD's CVS version of pkgsrc/digest/files/tiger.c (as of this time of writing, version 1.2) and FreeBSD's (present in ports/security/digest) and (currently installed as digest-20050323_1.

http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/pkgtools/digest/files/tiger.c

To apply this patch on a FreeBSD system copy this patch to /usr/ports/security/digest/files as patch-tiger.c.patch and reinstall

The original author (agc@netbsd.org) was notified. These comments are reproduced on the patch for your convenience.
>How-To-Repeat:

>Fix:
Attached is a UUEncoded patch.

Patch attached with submission follows:

--- tiger.c.orig	Tue May  8 06:31:30 2007
+++ tiger.c	Tue May  8 08:07:57 2007
@@ -646,12 +646,16 @@
 	TIGER_COMPRESS_MACRO(((const uint64_t *) str), ((uint64_t *) state));
 }
 
+static uint64_t init_state[3] = {
+	0x0123456789ABCDEFLL, 0xFEDCBA9876543210LL, 0xF096A5B4C3B2E187LL
+};
+
 void
 TIGERInit(tiger_context_t *tp)
 {
-	tp->ctx[0] = 0x0123456789ABCDEFLL;
-	tp->ctx[1] = 0xFEDCBA9876543210LL;
-	tp->ctx[2] = 0xF096A5B4C3B2E187LL;
+	tp->ctx[0] = init_state[0];
+	tp->ctx[1] = init_state[1];
+	tp->ctx[2] = init_state[2];
 }
 
 void
@@ -708,10 +712,27 @@
 	tiger_compress(((uint64_t *) temp), tp->ctx);
 }
 
+#define PUT_64BIT_BE(cp, value) do {					\
+	(cp)[0] = (value) >> 56;					\
+	(cp)[1] = (value) >> 48;					\
+	(cp)[2] = (value) >> 40;					\
+	(cp)[3] = (value) >> 32;					\
+	(cp)[4] = (value) >> 24;					\
+	(cp)[5] = (value) >> 16;					\
+	(cp)[6] = (value) >> 8;						\
+	(cp)[7] = (value); } while (0)
+
 void
 TIGERFinal(uint8_t *digest, tiger_context_t *tp)
 {
-	/* nothing to do - included for compatibility with SHA* interface */
+	int i;
+
+	if (tp->ctx[0] == init_state[0] && tp->ctx[1] == init_state[1] &&
+			tp->ctx[2] == init_state[2])
+		TIGERUpdate(tp, "", 0);
+
+	for (i = 0; i < 3; i++)
+		PUT_64BIT_BE(digest + i * 8, tp->ctx[i]);
 }
 
 static void
@@ -734,6 +755,9 @@
 	if (buf == NULL && (buf = malloc(41)) == NULL) {
 		return NULL;
 	}
+	if (tp->ctx[0] == init_state[0] && tp->ctx[1] == init_state[1] &&
+			tp->ctx[2] == init_state[2])
+		TIGERUpdate(tp, "", 0);
 
 	for (i = 0; i < 3; ++i)
 		print_uint64(buf + i * 16, tp->ctx[i]);

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: miwi 
State-Changed-When: Tue May 29 14:54:21 UTC 2007 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=112553 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/112553: commit references a PR
Date: Tue, 29 May 2007 14:54:10 +0000 (UTC)

 miwi        2007-05-29 14:54:04 UTC
 
   FreeBSD ports repository
 
   Added files:
     security/digest/files patch-triger.c 
   Log:
   - Add a patch for output the correct checksum for the null string.
   
   PR:             112553
   Submitted by:   Ighighi<ighighi@gmail.com>
   Obtained from:  pkgsrc
   
   Revision  Changes    Path
   1.1       +62 -0     ports/security/digest/files/patch-triger.c (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
