Re: [openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input

Mon, 22 Dec 2008 01:19:36 -0800 

On Wed, 2008-12-17 at 22:30 +0800, Andy Polyakov via RT wrote:
> > Fix two bugs in .Lcbc_slow_enc_in_place.
> > 
> > - At end of .Lcbc_slow_enc_in_place, %r10 instead of $_len should be
> >   set to 16.
> > - In .Lcbc_slow_enc_in_place, %rdi should be initialized before stosb.
> 
> Thanks. The problem is addressed but in different way, see 
> http://cvs.openssl.org/chngview?cn=17698.
> 
> > Signed-off-by: Huang Ying <ying.hu...@intel.com>
> > 
> > ---
> >  crypto/aes/asm/aes-x86_64.pl |    4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > --- a/crypto/aes/asm/aes-x86_64.pl
> > +++ b/crypto/aes/asm/aes-x86_64.pl
> > @@ -1994,10 +1994,12 @@ AES_cbc_encrypt:
> 
> ??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place 
> resided at line #1974! A.

I use CVS. It's an issue of patch sequence, I put another personal patch
before this one.

And, I find with the simple test program attached with the mail. The
output of CVS is different from that of openssl-0.9.8g if the specified
input length is less than 16.

Best Regards,
Huang Ying



#include <openssl/aes.h>
#include <stdio.h>
#include <assert.h>
#include <stdlib.h>
#include <string.h>

void print_arr(unsigned char buf[], int sz, char *prefix)
{
	int i;
	if (prefix)
		printf("%s", prefix);
	for (i = 0; i < sz; i++)
		printf("%02x", buf[i]);
	printf("\n");
}

void test_cbc1(int in_len)
{
	int ret;
	AES_KEY key;
	unsigned char user_key[16] = "123456";
	unsigned char iv1[16] = "9876543210987654";
	unsigned char iv2[16];
	unsigned char in[16] = "1234567890";
	unsigned char out[16];

	memcpy(iv2, iv1, sizeof(iv1));
	ret = AES_set_encrypt_key(user_key, 128, &key);
	assert(!ret);
	AES_cbc_encrypt(in, out, in_len, &key, iv1, 1);
	print_arr(out, sizeof(out), "   out: ");
	//AES_cbc_encrypt(in, in, in_len, &key, iv2, 1);
	//print_arr(in, sizeof(in), "ip_out: ");

	ret = AES_set_decrypt_key(user_key, 128, &key);
	assert(!ret);
	AES_cbc_encrypt(out, in, in_len, &key, iv2, 0);
	print_arr(in, sizeof(in), "   out: ");
}

void test_cbc2(int in_len)
{
	int ret;
	AES_KEY key;
	unsigned char user_key[16] = "123456";
	unsigned char iv1[16] = "9876543210987654";
	unsigned char iv2[16];
	unsigned char in[32] = "12345678901234567890123456789012";
	unsigned char out[32];

	in_len += 16;
	memcpy(iv2, iv1, sizeof(iv1));
	ret = AES_set_encrypt_key(user_key, 128, &key);
	assert(!ret);
	AES_cbc_encrypt(in, out, in_len, &key, iv1, 1);
	print_arr(out, sizeof(out), "out: ");

	ret = AES_set_decrypt_key(user_key, 128, &key);
	assert(!ret);
	AES_cbc_encrypt(out, in, in_len, &key, iv2, 0);
	print_arr(in, sizeof(in), " in: ");
}

void test_cbc3(int in_len)
{
	int ret;
	AES_KEY key;
	unsigned char user_key[16] = "123456";
	unsigned char iv1[16] = "9876543210987654";
	unsigned char iv2[16];
	unsigned char in[80] = "1234567890123456789012345678901234567890"
		"1234567890123456789012345678901234567890";
	unsigned char out[80];

	in_len += 64;
	memcpy(iv2, iv1, sizeof(iv1));
	ret = AES_set_encrypt_key(user_key, 128, &key);
	assert(!ret);
	AES_cbc_encrypt(in, out, in_len, &key, iv1, 1);
	print_arr(out, sizeof(out), "out: ");

	ret = AES_set_decrypt_key(user_key, 128, &key);
	assert(!ret);
	AES_cbc_encrypt(out, in, in_len, &key, iv2, 0);
	print_arr(in, sizeof(in), " in: ");
}

int main(int argc, char *argv[])
{
	int in_len;

	in_len = argc > 1 ? atoi(argv[1]) : 16;
	test_cbc1(in_len);
	test_cbc2(in_len);
	test_cbc3(in_len);
	return 0;
}

Attachment: signature.asc
Description: PGP signature

Reply via email to