File: openssl/crypto/aes/asm/bsaes-x86_64.pl
Function: bsaes_xts_[en|de]crypt
Commit: fa104be35e24f3fea895d55bb7042d6f4b2963e9

Pointer to IV is pulled to $arg6 (line 2109):
    mov    0xa8(%rsp),$arg6    # pull ivp

However, for x64 $arg6 is defined as r11d (line 1155):
    my ($arg1,$arg2,$arg3,$arg4,$arg5,$arg6)=$win64 ?
("%rcx","%rdx","%r8","%r9","%r10","%r11d") :
("%rdi","%rsi","%rdx","%rcx","%r8","%r9d");

Thus, an 8-byte pointer is truncated to 4 bytes (since r11d is a
4-byte register) which leads to unpredicted results (usually memory
access exception).

$arg6 should not be used to store a pointers.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to