Re: [openssl.org #3139] Bug in AES XTS implementation for Windows x64 (truncating pointer to IV)

Andy Polyakov via RT Sat, 12 Oct 2013 12:46:25 -0700

> File: openssl/crypto/aes/asm/bsaes-x86_64.pl
> Function: bsaes_xts_[en|de]crypt
> Commit: fa104be35e24f3fea895d55bb7042d6f4b2963e9
> 
> Pointer to IV is pulled to $arg6 (line 2109):
>     mov    0xa8(%rsp),$arg6    # pull ivp
> 
> However, for x64 $arg6 is defined as r11d (line 1155):
>     my ($arg1,$arg2,$arg3,$arg4,$arg5,$arg6)=$win64 ?
> ("%rcx","%rdx","%r8","%r9","%r10","%r11d") :
> ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d");
> 
> Thus, an 8-byte pointer is truncated to 4 bytes (since r11d is a
> 4-byte register) which leads to unpredicted results (usually memory
> access exception).
> 
> $arg6 should not be used to store a pointers.


Good catch. Thanks for report. 
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7e1e3334f6d419a09da5f9f99bf448f18ff74867


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Re: [openssl.org #3139] Bug in AES XTS implementation for Windows x64 (truncating pointer to IV)

Reply via email to