AES-256 CBC - hitting assert at line 197 in secblock.h

[User56784]

Hi,

I’m hitting an assert at line 197 in secblock.h when using AES-CBC
encryption with 256 bit key. It started with occasional failure when
generating random keys and I could not find out what’s causing the
problem, because I needed many attempts to get repro. Later on when I
had a few keys stored in a file, I was able to reproduce this issue
100%.

Here is my code

void CryptoAES::Encrypt(byte * input, byte * output, in length, byte
key[], byte iv[])
{
    CBC_Mode<AES>::Encryption cfbEncryption(key, KeyLength,
iv);            // ASSERT VIOLATION
    cfbEncryption.ProcessData(output, input, length);
}

ASSERT at line 197 in secblock.h

template <class T, size_t S, class A = NullAllocator<T>, bool
T_Align16 = false>
class FixedSizeAllocatorWithCleanup : public AllocatorBase<T>
{
    ...
    void deallocate(void *p, size_type n)
    {
        if (p == GetAlignedArray())
        {
            assert(n <= S);
===>    assert(m_allocated);        // ASSERT VIOLATION
            m_allocated = false;
            SecureWipeArray((pointer)p, n);
        }
        else
            m_fallbackAllocator.deallocate(p, n);
    }
    ...
}

I reuse key and iv arrays and just overwrite bytes in these 2 arrays
with a new key and initialization vector for each new encryption/
decryption, so I thought that this can cause a problem when
cfbEncryption gets out of scope, however deleting key and iv and
creating a new instance (key = new byte[KeyLength], iv = new
byte[IVLength]) did not solve the problem. The assert violation seems
to be caused by certain combinations of key and initialization vector.
What helped me solve the problem was rewriting the code mentioned
above as follows:

void CryptoAES::Encrypt(byte * input, byte * output, in length, byte
key[], byte iv[])
{
    CBC_Mode<AES>::Encryption * cfbEncryption = new
CBC_Mode<AES>::Encryption(key, KeyLength, iv);
    cfbEncryption->ProcessData(output, input, length);
    delete cfbEncryption;
}

I could use this new code which fixes the problem, but I don’t want to
ignore that assert. Rewriting the code might just move the problem
elsewhere and create potential heap corruption. There has to be a
reason for this assert violation.
Does anybody know what the problem is? Why certain combinations of key
and iv causes the problem?

Thanks.

-- 
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.