[openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check
Michel
michel.sales at free.fr
Tue Aug 9 21:28:49 UTC 2016
Hi,
As I obviously needed to improve my test program,
I am now encrypting and decrypting files trying all ciphers in all their
available modes.
( ChaCha20, AES-128, AES-192, AES-256, Blowfish, Cast5, Camellia-128,
Camellia-192, Camellia-256, IDEA, Seed, 3 Keys Triple-DES, 2 Keys Triple-DES
)
( Poly1305, OCB, GCM, OFB, CFB, CFB1, CFB8, CTR, CBC )
You are certainly already informed (as I believe it may be caused by the
same problem that David diagnosed)
but I felt preferable to report that even with an output buffer larger than
the expected data size,
I always got a heap corrupted, but *ONLY* when I use the CBC mode.
FWIW, here is the call stack :
[External Code]
Test.exe!CRYPTO_free(void * str, const char * file, int line) Line 179 C
Test.exe!buffer_free(bio_st * a) Line 76 C
Test.exe!BIO_free(bio_st * a) Line 72 C
Test.exe!OCrypto::IO::Free() Line 1204 C++
Test.exe!WinFile::Close() Line 388 C++
Test.exe!WinFile::~WinFile() Line 456 C++
Test.exe!LoadData(const char * sFullFileName) Line 186 C++
Test.exe!main(int argc, char * * argv) Line 154 C++
[External Code]
HEAP CORRUPTION DETECTED
All ciphers look to work good in all other modes than CBC
(still using a buffer greater than needed).
Regards,
Michel.
More information about the openssl-dev
mailing list