Re: [openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
On Wed, 2008-12-17 at 22:30 +0800, Andy Polyakov via RT wrote: Fix two bugs in .Lcbc_slow_enc_in_place. - At end of .Lcbc_slow_enc_in_place, %r10 instead of $_len should be set to 16. - In .Lcbc_slow_enc_in_place, %rdi should be initialized before stosb. Thanks. The problem is addressed but in different way, see http://cvs.openssl.org/chngview?cn=17698. Signed-off-by: Huang Ying ying.hu...@intel.com --- crypto/aes/asm/aes-x86_64.pl |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/crypto/aes/asm/aes-x86_64.pl +++ b/crypto/aes/asm/aes-x86_64.pl @@ -1994,10 +1994,12 @@ AES_cbc_encrypt: ??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place resided at line #1974! A. I use CVS. It's an issue of patch sequence, I put another personal patch before this one. And, I find with the simple test program attached with the mail. The output of CVS is different from that of openssl-0.9.8g if the specified input length is less than 16. Best Regards, Huang Ying #include openssl/aes.h #include stdio.h #include assert.h #include stdlib.h #include string.h void print_arr(unsigned char buf[], int sz, char *prefix) { int i; if (prefix) printf(%s, prefix); for (i = 0; i sz; i++) printf(%02x, buf[i]); printf(\n); } void test_cbc1(int in_len) { int ret; AES_KEY key; unsigned char user_key[16] = 123456; unsigned char iv1[16] = 9876543210987654; unsigned char iv2[16]; unsigned char in[16] = 1234567890; unsigned char out[16]; memcpy(iv2, iv1, sizeof(iv1)); ret = AES_set_encrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(in, out, in_len, key, iv1, 1); print_arr(out, sizeof(out),out: ); //AES_cbc_encrypt(in, in, in_len, key, iv2, 1); //print_arr(in, sizeof(in), ip_out: ); ret = AES_set_decrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(out, in, in_len, key, iv2, 0); print_arr(in, sizeof(in),out: ); } void test_cbc2(int in_len) { int ret; AES_KEY key; unsigned char user_key[16] = 123456; unsigned char iv1[16] = 9876543210987654; unsigned char iv2[16]; unsigned char in[32] = 12345678901234567890123456789012; unsigned char out[32]; in_len += 16; memcpy(iv2, iv1, sizeof(iv1)); ret = AES_set_encrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(in, out, in_len, key, iv1, 1); print_arr(out, sizeof(out), out: ); ret = AES_set_decrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(out, in, in_len, key, iv2, 0); print_arr(in, sizeof(in), in: ); } void test_cbc3(int in_len) { int ret; AES_KEY key; unsigned char user_key[16] = 123456; unsigned char iv1[16] = 9876543210987654; unsigned char iv2[16]; unsigned char in[80] = 1234567890123456789012345678901234567890 1234567890123456789012345678901234567890; unsigned char out[80]; in_len += 64; memcpy(iv2, iv1, sizeof(iv1)); ret = AES_set_encrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(in, out, in_len, key, iv1, 1); print_arr(out, sizeof(out), out: ); ret = AES_set_decrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(out, in, in_len, key, iv2, 0); print_arr(in, sizeof(in), in: ); } int main(int argc, char *argv[]) { int in_len; in_len = argc 1 ? atoi(argv[1]) : 16; test_cbc1(in_len); test_cbc2(in_len); test_cbc3(in_len); return 0; } signature.asc Description: This is a digitally signed message part
Re: [openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
On Wed, 2008-12-17 at 22:30 +0800, Andy Polyakov via RT wrote: Fix two bugs in .Lcbc_slow_enc_in_place. - At end of .Lcbc_slow_enc_in_place, %r10 instead of $_len should be set to 16. - In .Lcbc_slow_enc_in_place, %rdi should be initialized before stosb. Thanks. The problem is addressed but in different way, see http://cvs.openssl.org/chngview?cn=17698. Signed-off-by: Huang Ying ying.hu...@intel.com --- crypto/aes/asm/aes-x86_64.pl |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/crypto/aes/asm/aes-x86_64.pl +++ b/crypto/aes/asm/aes-x86_64.pl @@ -1994,10 +1994,12 @@ AES_cbc_encrypt: ??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place resided at line #1974! A. I use CVS. It's an issue of patch sequence, I put another personal patch before this one. And, I find with the simple test program attached with the mail. The output of CVS is different from that of openssl-0.9.8g if the specified input length is less than 16. Best Regards, Huang Ying #include openssl/aes.h #include stdio.h #include assert.h #include stdlib.h #include string.h void print_arr(unsigned char buf[], int sz, char *prefix) { int i; if (prefix) printf(%s, prefix); for (i = 0; i sz; i++) printf(%02x, buf[i]); printf(\n); } void test_cbc1(int in_len) { int ret; AES_KEY key; unsigned char user_key[16] = 123456; unsigned char iv1[16] = 9876543210987654; unsigned char iv2[16]; unsigned char in[16] = 1234567890; unsigned char out[16]; memcpy(iv2, iv1, sizeof(iv1)); ret = AES_set_encrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(in, out, in_len, key, iv1, 1); print_arr(out, sizeof(out),out: ); //AES_cbc_encrypt(in, in, in_len, key, iv2, 1); //print_arr(in, sizeof(in), ip_out: ); ret = AES_set_decrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(out, in, in_len, key, iv2, 0); print_arr(in, sizeof(in),out: ); } void test_cbc2(int in_len) { int ret; AES_KEY key; unsigned char user_key[16] = 123456; unsigned char iv1[16] = 9876543210987654; unsigned char iv2[16]; unsigned char in[32] = 12345678901234567890123456789012; unsigned char out[32]; in_len += 16; memcpy(iv2, iv1, sizeof(iv1)); ret = AES_set_encrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(in, out, in_len, key, iv1, 1); print_arr(out, sizeof(out), out: ); ret = AES_set_decrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(out, in, in_len, key, iv2, 0); print_arr(in, sizeof(in), in: ); } void test_cbc3(int in_len) { int ret; AES_KEY key; unsigned char user_key[16] = 123456; unsigned char iv1[16] = 9876543210987654; unsigned char iv2[16]; unsigned char in[80] = 1234567890123456789012345678901234567890 1234567890123456789012345678901234567890; unsigned char out[80]; in_len += 64; memcpy(iv2, iv1, sizeof(iv1)); ret = AES_set_encrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(in, out, in_len, key, iv1, 1); print_arr(out, sizeof(out), out: ); ret = AES_set_decrypt_key(user_key, 128, key); assert(!ret); AES_cbc_encrypt(out, in, in_len, key, iv2, 0); print_arr(in, sizeof(in), in: ); } int main(int argc, char *argv[]) { int in_len; in_len = argc 1 ? atoi(argv[1]) : 16; test_cbc1(in_len); test_cbc2(in_len); test_cbc3(in_len); return 0; } signature.asc Description: PGP signature
Re: [openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
--- a/crypto/aes/asm/aes-x86_64.pl +++ b/crypto/aes/asm/aes-x86_64.pl @@ -1994,10 +1994,12 @@ AES_cbc_encrypt: ??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place resided at line #1974! A. I use CVS. It's an issue of patch sequence, I put another personal patch before this one. I should have guessed:-) And, I find with the simple test program attached with the mail. The output of CVS is different from that of openssl-0.9.8g if the specified input length is less than 16. The bug was present even in 0.9.8 and it was addressed at the same time, see http://cvs.openssl.org/chngview?cn=17699. For reference. One can argue that AES_cbc_encrypt could just as well require padded input, i.e. length divisible by 16. One can even argue that nobody is passing length not divisible by 16 anyway(*) and doing so wouldn't break anything. But the thing is that it's the way OpenSSL is (*all* cbc procedures are like this) and as it has been around for a while, it's hardly appropriate to change, as there is no way of knowing if anybody is dependent on this behavior. A. (*) most notably EVP (which by the way is *the* recommended interface to OpenSSL) does *not* pass length not divisible by 16, which is how bug is bound to slip through EVP-based tests. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
Fix two bugs in .Lcbc_slow_enc_in_place. - At end of .Lcbc_slow_enc_in_place, %r10 instead of $_len should be set to 16. - In .Lcbc_slow_enc_in_place, %rdi should be initialized before stosb. Signed-off-by: Huang Ying ying.hu...@intel.com --- crypto/aes/asm/aes-x86_64.pl |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/crypto/aes/asm/aes-x86_64.pl +++ b/crypto/aes/asm/aes-x86_64.pl @@ -1994,10 +1994,12 @@ AES_cbc_encrypt: .Lcbc_slow_enc_in_place: mov \$16,%rcx # zero tail sub %r10,%rcx + mov $out,%rdi + add %r10,%rdi xor %rax,%rax .long 0x9066AAF3 # rep stosb mov $out,$inp # this is not a mistake! - movq\$16,$_len # len=16 + movq\$16,%r10 # len=16 jmp .Lcbc_slow_enc_loop # one more spin... #--- SLOW DECRYPT ---# .align 16 signature.asc Description: PGP signature
Re: [openssl.org #1801] [BUGFIX] Segment fault when invoking AES_cbc_encrypt() on x86_64 with short input
Fix two bugs in .Lcbc_slow_enc_in_place. - At end of .Lcbc_slow_enc_in_place, %r10 instead of $_len should be set to 16. - In .Lcbc_slow_enc_in_place, %rdi should be initialized before stosb. Thanks. The problem is addressed but in different way, see http://cvs.openssl.org/chngview?cn=17698. Signed-off-by: Huang Ying ying.hu...@intel.com --- crypto/aes/asm/aes-x86_64.pl |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/crypto/aes/asm/aes-x86_64.pl +++ b/crypto/aes/asm/aes-x86_64.pl @@ -1994,10 +1994,12 @@ AES_cbc_encrypt: ??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place resided at line #1974! A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org