Re: [openssl.org #2858] bug in gosthash.c circle_xor8() routine

Mon, 13 Aug 2012 09:04:44 -0700 

On Aug 13, 2012, at 10:16 AM, Andy Polyakov via RT wrote:

>> In the file  openssl/engines/ccgost/gosthash.c, the function
>> circle_xor8() is sometimes called with overlapping buffers
>> (specifically, the *same* buffer), yet uses the memcpy() function
>> instead of memmove(), which can result in undefined behavior.  This
>> caused a definite problem in some compilation environments on MacOS X
>> 10.7 when using the code standalone outside of OpenSSL, so presumably
>> it could potentially cause issues in OpenSSL as well.
>
> Good catch! Out of curiosity, what does "compilation ... outside of
> OpenSSL" mean? Another compiler? Different optimization flags?


        It seems to do with compilers and/or flags, yes.  I think the MacOS  
system memcpy() allows overlapping buffers, so it's something the  
compilers are doing.  Quite possibly optimization level -- I did not  
track it down completely.  It seemed to work when I compiled them  
without optimization flags standalone, but was failing when included  
in a larger Objective-C project (though that same project seemed to  
work when compiled on MacOS 10.5, so it may be a gcc vs clang thing,  
or maybe just gcc versions, or optimizations flags).  If I recall, it  
may have worked in "Debug" builds, but not in "Release" (where  
optimization levels are higher), which helped with tracking down the  
problem in gdb (i.e. was able to figure out where the values diverged  
between the two builds).  I'm not sure how the system OpenSSL is  
compiled, as I wasn't using that.  But it definitely will fail in any  
environment where the memcpy() implementation depends on non- 
overlapping regions, and it seems that at least some of the builtin  
implementations in gcc and/or clang do depend on that.

        The errors I was seeing went away when I changed the two memcpy()  
calls to memmove().  Something like  "if (w == k) { memmove()...} else  
{ memcpy()...}" also works, i.e. still calling memcpy when the buffers  
are not the same, if the optimization is important for speed.

        -Carl Lindberg


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to