[openssl-dev] [openssl.org #3843] OpenSSL 1.0.1* and below: incorrect use of _lrotl()
Solar Designer via RT
rt at openssl.org
Fri May 8 16:05:12 UTC 2015
Hi,
Lei Zhang (re)discovered that OpenSSL 1.0.1* and below gets miscompiled,
resulting in incorrect computation of at least SHA-1 hashes (and probably
SHA-0, MD4, MD5) when it's compiled with icc for 64-bit Linux (x86_64 or
mic), but not for Windows. The problem is already fixed in 1.0.2 and in
LibreSSL.
The problem is that OpenSSL uses the _lrotl() intrinsic to rotate 32-bit
integers, whereas it is defined to operate on "unsigned long", which
obviously is 64-bit on many platforms.
Lei's report:
http://www.openwall.com/lists/john-dev/2015/03/26/1
A previous report (from 2011):
https://software.intel.com/en-us/articles/openssl-generates-incorrect-shamd5-value-if-built-with-icc-compiler
I suggest that this be fixed for all currently supported branches of
OpenSSL. For now, Lei switched to using LibreSSL in our John the Ripper
-jumbo builds for Xeon Phi, but we'd like to (re-)include instructions
for building with OpenSSL as well.
Thanks,
Alexander
More information about the openssl-dev
mailing list