I started with an AES256 demo I found at https://github.com/saju/misc and
modified the initialisations to use AES128. The test strings that program uses
are quite short - less than 100 characters. If I add a significantly longer
string to those test values Valgrind reports a string of what I suspect are
buffer overruns. Note that I discovered this in my real code and this is a
simple test case that seems to demonstrate the same problem. I also print the
library version that the program is using.
>From that demo:
const char *input[] = {
"a",
"abcd",
"this is a test",
"this is a bigger test",
// "\nWho are you ?\nI am the 'Doctor'.\n'Doctor' who ?\nPrecisely!",
"qwertyuiopasdfghjkl;zxcvbnm,/.';][=-0987654321`QWERTYUIOP[ASDFRGTHYJULO;PZXCVBNM,./qwertyuiopasdfghjkl;zxcvbnm,/.';][=-0987654321`QWERTYUIOP[ASDFRGTHYJULO;PZXCVBNM,./qwertyuiopasdfghjkl;zxcvbnm,/.';][=-0987654321`QWERTYUIOP[ASDFRGTHYJULO;PZXCVBNM,./qwertyuiopasdfghjkl;zxcvbnm,/.';][=-0987654321`QWERTYUIOP[ASDFRGTHYJULO;PZXCVBNM,./",
NULL};...
printf("Using OpenSSL version \"%s\"\n", SSLeay_version(SSLEAY_VERSION));
I added the "qwerty......" string and the version output.
Using OpenSSL version "OpenSSL 1.0.1f 6 Jan 2014"
OK: enc/dec ok for "a"
OK: enc/dec ok for "abcd"
OK: enc/dec ok for "this is a test"
OK: enc/dec ok for "this is a bigger test"
OK: enc/dec ok for
"qwertyuiopasdfghjkl;zxcvbnm,/.';][=-0987654321`QWERTYUIOP[ASDFRGTHYJULO;PZXCVBNM,./qwertyuiopasdfghjkl;zxcvbnm,/.';][=-0987654321`QWERTYUIOP[ASDFRGTHYJULO;PZXCVBNM,./qwertyuiopasdfghjkl;zxcvbnm,/.';][=-0987654321`QWERTYUIOP[ASDFRGTHYJULO;PZXCVBNM,./qwertyuiopasdfghjkl;zxcvbnm,/.';][=-0987654321`QWERTYUIOP[ASDFRGTHYJULO;PZXCVBNM,./"
But if I use Valgrind I get this log file:
valgrind --track-origins=yes --leak-check=full --show-reachable=yes
--log-file=valgrind.log ./demo
==11437== Memcheck, a memory error detector
==11437== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==11437== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==11437== Command: ./demo
==11437== Parent PID: 6494
==11437==
==11437== Conditional jump or move depends on uninitialised value(s)
==11437== at 0x4C2E8CE: strncmp (vg_replace_strmem.c:569)
==11437== by 0x40DBE1: was_main (AesDemo.c:111)
==11437== by 0x40DCCA: AesDemo (AesDemo.c:125)
==11437== by 0x40EEDD: main (OpenSslAesTest.cpp:225)
==11437== Uninitialised value was created by a stack allocation
==11437== at 0x4EBADF7: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11437==
==11437== Conditional jump or move depends on uninitialised value(s)
==11437== at 0x4C2E8D9: strncmp (vg_replace_strmem.c:569)
==11437== by 0x40DBE1: was_main (AesDemo.c:111)
==11437== by 0x40DCCA: AesDemo (AesDemo.c:125)
==11437== by 0x40EEDD: main (OpenSslAesTest.cpp:225)
==11437== Uninitialised value was created by a stack allocation
==11437== at 0x4EBADF7: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11437==
==11437== Conditional jump or move depends on uninitialised value(s)
==11437== at 0x4C2E8DB: strncmp (vg_replace_strmem.c:569)
==11437== by 0x40DBE1: was_main (AesDemo.c:111)
==11437== by 0x40DCCA: AesDemo (AesDemo.c:125)
==11437== by 0x40EEDD: main (OpenSslAesTest.cpp:225)
==11437== Uninitialised value was created by a stack allocation
==11437== at 0x4EBADF7: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11437==
==11437== Conditional jump or move depends on uninitialised value(s)
==11437== at 0x4C2E907: strncmp (vg_replace_strmem.c:569)
==11437== by 0x40DBE1: was_main (AesDemo.c:111)
==11437== by 0x40DCCA: AesDemo (AesDemo.c:125)
==11437== by 0x40EEDD: main (OpenSslAesTest.cpp:225)
==11437== Uninitialised value was created by a stack allocation
==11437== at 0x4EBADF7: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11437==
==11437== Conditional jump or move depends on uninitialised value(s)
==11437== at 0x4C2E8F1: strncmp (vg_replace_strmem.c:569)
==11437== by 0x40DBE1: was_main (AesDemo.c:111)
==11437== by 0x40DCCA: AesDemo (AesDemo.c:125)
==11437== by 0x40EEDD: main (OpenSslAesTest.cpp:225)
==11437== Uninitialised value was created by a stack allocation
==11437== at 0x4EBADF7: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11437==
==11437== Conditional jump or move depends on uninitialised value(s)
==11437== at 0x4C2E8F3: strncmp (vg_replace_strmem.c:569)
==11437== by 0x40DBE1: was_main (AesDemo.c:111)
==11437== by 0x40DCCA: AesDemo (AesDemo.c:125)
==11437== by 0x40EEDD: main (OpenSslAesTest.cpp:225)
==11437== Uninitialised value was created by a stack allocation
==11437== at 0x4EBADF7: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11437==
==11437== Conditional jump or move depends on uninitialised value(s)
==11437== at 0x63878F3: vfprintf (vfprintf.c:1661)
==11437== by 0x6390388: printf (printf.c:33)
==11437== by 0x40DC22: was_main (AesDemo.c:114)
==11437== by 0x40DCCA: AesDemo (AesDemo.c:125)
==11437== by 0x40EEDD: main (OpenSslAesTest.cpp:225)
==11437== Uninitialised value was created by a stack allocation
==11437== at 0x4EBADF7: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11437==
==11437== Conditional jump or move depends on uninitialised value(s)
==11437== at 0x63B619F: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1302)
==11437== by 0x63878B4: vfprintf (vfprintf.c:1661)
==11437== by 0x6390388: printf (printf.c:33)
==11437== by 0x40DC22: was_main (AesDemo.c:114)
==11437== by 0x40DCCA: AesDemo (AesDemo.c:125)
==11437== by 0x40EEDD: main (OpenSslAesTest.cpp:225)
==11437== Uninitialised value was created by a stack allocation
==11437== at 0x4EBADF7: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11437==
==11437== Syscall param write(buf) points to uninitialised byte(s)
==11437== at 0x64282F0: __write_nocancel (syscall-template.S:81)
==11437== by 0x63B5A82: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1261)
==11437== by 0x63B6F5B: _IO_do_write@@GLIBC_2.2.5 (fileops.c:538)
==11437== by 0x63B6120: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1332)
==11437== by 0x63863D9: vfprintf (vfprintf.c:1692)
==11437== by 0x6390388: printf (printf.c:33)
==11437== by 0x40DC22: was_main (AesDemo.c:114)
==11437== by 0x40DCCA: AesDemo (AesDemo.c:125)
==11437== by 0x40EEDD: main (OpenSslAesTest.cpp:225)
==11437== Address 0x4025014 is not stack'd, malloc'd or (recently) free'd
==11437== Uninitialised value was created by a stack allocation
==11437== at 0x4EBADF7: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11437==
==11437==
==11437== HEAP SUMMARY:
==11437== in use at exit: 0 bytes in 0 blocks
==11437== total heap usage: 17 allocs, 17 frees, 1,681 bytes allocated
==11437==
==11437== All heap blocks were freed -- no leaks are possible
==11437==
==11437== For counts of detected and suppressed errors, rerun with: -v
==11437== ERROR SUMMARY: 161 errors from 9 contexts (suppressed: 0 from 0)
Originally I started with this installed (latest auto-updated Ubuntu desktop)
$ openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Wed Oct 15 17:43:26 UTC 2014
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
-Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
I have downloaded 1.0.1j but I am struggling to get Ubuntu/netbeans to build
with the new version as OpenSSL is quite closely tied in to the ubuntu core. So
while the command line tools are updated:
$ openssl version -a
OpenSSL 1.0.1j 15 Oct 2014
built on: Thu Dec 4 14:57:03 AEDT 2014
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM
-DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl"
I can't get my program to compile with the new library. Tweaking the library
and linker paths gives me compile errors. but I'm working on that. In the
meantime, if you could resist the temptation to simply reply "use the latest
version" that would be helpful. Perhaps suggestions on how to force gcc to use
the right paths.
thanks
Chris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
