bug in function AES_cfbr_encrypt_block

Tue, 01 Apr 2008 00:17:46 -0700 


Hi developers,

I find a bug in function AES_cfbr_encrypt_block in openssl-0.9.7m. The bug is 
memory-reading out-of-bound. The following is the code of function 
AES_cfbr_encrypt_block, which is in file crypto/aes/aes_cfb.c

159  /* This expects a single block of size nbits for both in and out. Note that
160     it corrupts any extra bits in the last byte of out */
161  void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
162                              const int nbits,const AES_KEY *key,
163                              unsigned char *ivec,const int enc)
164      {
165      int n,rem,num;
166      unsigned char ovec[AES_BLOCK_SIZE*2];
167
168      if (nbits<=0 || nbits>128) return;
169
170          /* fill in the first half of the new IV with the current IV */
171          memcpy(ovec,ivec,AES_BLOCK_SIZE);
172          /* construct the new IV */
173          AES_encrypt(ivec,ivec,key);
174          num = (nbits+7)/8;
175          if (enc)        /* encrypt the input */
176              for(n=0 ; n < num ; ++n)
177                  out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
178          else            /* decrypt the input */
179              for(n=0 ; n < num ; ++n)
180                  out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
181          /* shift ovec left... */
182          rem = nbits%8;
183          num = nbits/8;
184          if(rem==0)
185              memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
186          else
187              for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
188                  ivec[n] = ovec[n+num]<>(8-rem);
189
190      /* it is not necessary to cleanse ovec, since the IV is not secret */
191      }

If input-parameter nbits is 128, line 183 will set variable num to 16. In the 
for loop in line 187, when the induction-variable n increases to 15 (namely 
AES_BLOCK_SIZE-1), the program will still go to line 188. The express 
"ovec[n+num+1]" will read ovec[32]. However, size of array ovec is only 32 
(line 166). So the memory-reading will be out-of-bound.

Would you please study it?

Best Regards
Yiqun Ren (Luke)

_________________________________________________________________
新年换新颜,快来妆扮自己的MSN给心仪的TA一个惊喜!
http://im.live.cn/emoticons/?ID=18
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to