Re: [openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
On Wed, 2008-12-17 at 22:30 +0800, Andy Polyakov via RT wrote:
Fix two bugs in .Lcbc_slow_enc_in_place.
- At end of .Lcbc_slow_enc_in_place, %r10 instead of $_len should be
set to 16.
- In .Lcbc_slow_enc_in_place, %rdi should be initialized before stosb.
Thanks. The problem is addressed but in different way, see
http://cvs.openssl.org/chngview?cn=17698.
Signed-off-by: Huang Ying ying.hu...@intel.com
---
crypto/aes/asm/aes-x86_64.pl |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -1994,10 +1994,12 @@ AES_cbc_encrypt:
??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place
resided at line #1974! A.
I use CVS. It's an issue of patch sequence, I put another personal patch
before this one.
And, I find with the simple test program attached with the mail. The
output of CVS is different from that of openssl-0.9.8g if the specified
input length is less than 16.
Best Regards,
Huang Ying
#include openssl/aes.h
#include stdio.h
#include assert.h
#include stdlib.h
#include string.h
void print_arr(unsigned char buf[], int sz, char *prefix)
{
int i;
if (prefix)
printf(%s, prefix);
for (i = 0; i sz; i++)
printf(%02x, buf[i]);
printf(\n);
}
void test_cbc1(int in_len)
{
int ret;
AES_KEY key;
unsigned char user_key[16] = 123456;
unsigned char iv1[16] = 9876543210987654;
unsigned char iv2[16];
unsigned char in[16] = 1234567890;
unsigned char out[16];
memcpy(iv2, iv1, sizeof(iv1));
ret = AES_set_encrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(in, out, in_len, key, iv1, 1);
print_arr(out, sizeof(out),out: );
//AES_cbc_encrypt(in, in, in_len, key, iv2, 1);
//print_arr(in, sizeof(in), ip_out: );
ret = AES_set_decrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(out, in, in_len, key, iv2, 0);
print_arr(in, sizeof(in),out: );
}
void test_cbc2(int in_len)
{
int ret;
AES_KEY key;
unsigned char user_key[16] = 123456;
unsigned char iv1[16] = 9876543210987654;
unsigned char iv2[16];
unsigned char in[32] = 12345678901234567890123456789012;
unsigned char out[32];
in_len += 16;
memcpy(iv2, iv1, sizeof(iv1));
ret = AES_set_encrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(in, out, in_len, key, iv1, 1);
print_arr(out, sizeof(out), out: );
ret = AES_set_decrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(out, in, in_len, key, iv2, 0);
print_arr(in, sizeof(in), in: );
}
void test_cbc3(int in_len)
{
int ret;
AES_KEY key;
unsigned char user_key[16] = 123456;
unsigned char iv1[16] = 9876543210987654;
unsigned char iv2[16];
unsigned char in[80] = 1234567890123456789012345678901234567890
1234567890123456789012345678901234567890;
unsigned char out[80];
in_len += 64;
memcpy(iv2, iv1, sizeof(iv1));
ret = AES_set_encrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(in, out, in_len, key, iv1, 1);
print_arr(out, sizeof(out), out: );
ret = AES_set_decrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(out, in, in_len, key, iv2, 0);
print_arr(in, sizeof(in), in: );
}
int main(int argc, char *argv[])
{
int in_len;
in_len = argc 1 ? atoi(argv[1]) : 16;
test_cbc1(in_len);
test_cbc2(in_len);
test_cbc3(in_len);
return 0;
}
signature.asc
Description: This is a digitally signed message part
Re: [openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
On Wed, 2008-12-17 at 22:30 +0800, Andy Polyakov via RT wrote:
Fix two bugs in .Lcbc_slow_enc_in_place.
- At end of .Lcbc_slow_enc_in_place, %r10 instead of $_len should be
set to 16.
- In .Lcbc_slow_enc_in_place, %rdi should be initialized before stosb.
Thanks. The problem is addressed but in different way, see
http://cvs.openssl.org/chngview?cn=17698.
Signed-off-by: Huang Ying ying.hu...@intel.com
---
crypto/aes/asm/aes-x86_64.pl |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -1994,10 +1994,12 @@ AES_cbc_encrypt:
??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place
resided at line #1974! A.
I use CVS. It's an issue of patch sequence, I put another personal patch
before this one.
And, I find with the simple test program attached with the mail. The
output of CVS is different from that of openssl-0.9.8g if the specified
input length is less than 16.
Best Regards,
Huang Ying
#include openssl/aes.h
#include stdio.h
#include assert.h
#include stdlib.h
#include string.h
void print_arr(unsigned char buf[], int sz, char *prefix)
{
int i;
if (prefix)
printf(%s, prefix);
for (i = 0; i sz; i++)
printf(%02x, buf[i]);
printf(\n);
}
void test_cbc1(int in_len)
{
int ret;
AES_KEY key;
unsigned char user_key[16] = 123456;
unsigned char iv1[16] = 9876543210987654;
unsigned char iv2[16];
unsigned char in[16] = 1234567890;
unsigned char out[16];
memcpy(iv2, iv1, sizeof(iv1));
ret = AES_set_encrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(in, out, in_len, key, iv1, 1);
print_arr(out, sizeof(out),out: );
//AES_cbc_encrypt(in, in, in_len, key, iv2, 1);
//print_arr(in, sizeof(in), ip_out: );
ret = AES_set_decrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(out, in, in_len, key, iv2, 0);
print_arr(in, sizeof(in),out: );
}
void test_cbc2(int in_len)
{
int ret;
AES_KEY key;
unsigned char user_key[16] = 123456;
unsigned char iv1[16] = 9876543210987654;
unsigned char iv2[16];
unsigned char in[32] = 12345678901234567890123456789012;
unsigned char out[32];
in_len += 16;
memcpy(iv2, iv1, sizeof(iv1));
ret = AES_set_encrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(in, out, in_len, key, iv1, 1);
print_arr(out, sizeof(out), out: );
ret = AES_set_decrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(out, in, in_len, key, iv2, 0);
print_arr(in, sizeof(in), in: );
}
void test_cbc3(int in_len)
{
int ret;
AES_KEY key;
unsigned char user_key[16] = 123456;
unsigned char iv1[16] = 9876543210987654;
unsigned char iv2[16];
unsigned char in[80] = 1234567890123456789012345678901234567890
1234567890123456789012345678901234567890;
unsigned char out[80];
in_len += 64;
memcpy(iv2, iv1, sizeof(iv1));
ret = AES_set_encrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(in, out, in_len, key, iv1, 1);
print_arr(out, sizeof(out), out: );
ret = AES_set_decrypt_key(user_key, 128, key);
assert(!ret);
AES_cbc_encrypt(out, in, in_len, key, iv2, 0);
print_arr(in, sizeof(in), in: );
}
int main(int argc, char *argv[])
{
int in_len;
in_len = argc 1 ? atoi(argv[1]) : 16;
test_cbc1(in_len);
test_cbc2(in_len);
test_cbc3(in_len);
return 0;
}
signature.asc
Description: PGP signature
Re: [openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
--- a/crypto/aes/asm/aes-x86_64.pl +++ b/crypto/aes/asm/aes-x86_64.pl @@ -1994,10 +1994,12 @@ AES_cbc_encrypt: ??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place resided at line #1974! A. I use CVS. It's an issue of patch sequence, I put another personal patch before this one. I should have guessed:-) And, I find with the simple test program attached with the mail. The output of CVS is different from that of openssl-0.9.8g if the specified input length is less than 16. The bug was present even in 0.9.8 and it was addressed at the same time, see http://cvs.openssl.org/chngview?cn=17699. For reference. One can argue that AES_cbc_encrypt could just as well require padded input, i.e. length divisible by 16. One can even argue that nobody is passing length not divisible by 16 anyway(*) and doing so wouldn't break anything. But the thing is that it's the way OpenSSL is (*all* cbc procedures are like this) and as it has been around for a while, it's hardly appropriate to change, as there is no way of knowing if anybody is dependent on this behavior. A. (*) most notably EVP (which by the way is *the* recommended interface to OpenSSL) does *not* pass length not divisible by 16, which is how bug is bound to slip through EVP-based tests. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
Fix two bugs in .Lcbc_slow_enc_in_place. - At end of .Lcbc_slow_enc_in_place, %r10 instead of $_len should be set to 16. - In .Lcbc_slow_enc_in_place, %rdi should be initialized before stosb. Signed-off-by: Huang Ying ying.hu...@intel.com --- crypto/aes/asm/aes-x86_64.pl |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/crypto/aes/asm/aes-x86_64.pl +++ b/crypto/aes/asm/aes-x86_64.pl @@ -1994,10 +1994,12 @@ AES_cbc_encrypt: .Lcbc_slow_enc_in_place: mov \$16,%rcx # zero tail sub %r10,%rcx + mov $out,%rdi + add %r10,%rdi xor %rax,%rax .long 0x9066AAF3 # rep stosb mov $out,$inp # this is not a mistake! - movq\$16,$_len # len=16 + movq\$16,%r10 # len=16 jmp .Lcbc_slow_enc_loop # one more spin... #--- SLOW DECRYPT ---# .align 16 signature.asc Description: PGP signature
Re: [openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
Fix two bugs in .Lcbc_slow_enc_in_place. - At end of .Lcbc_slow_enc_in_place, %r10 instead of $_len should be set to 16. - In .Lcbc_slow_enc_in_place, %rdi should be initialized before stosb. Thanks. The problem is addressed but in different way, see http://cvs.openssl.org/chngview?cn=17698. Signed-off-by: Huang Ying ying.hu...@intel.com --- crypto/aes/asm/aes-x86_64.pl |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/crypto/aes/asm/aes-x86_64.pl +++ b/crypto/aes/asm/aes-x86_64.pl @@ -1994,10 +1994,12 @@ AES_cbc_encrypt: ??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place resided at line #1974! A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
