[openssl-dev] [openssl.org #4218] Invalid typecasting in CRYPTO_ctr128_encrypt
Bjorn Kornefalk via RT
rt at openssl.org
Tue Jan 5 17:36:35 UTC 2016
OpenSSL 1.0.2e
At line 156 of crypto/modes/ctr128.c
const unsigned char *in,
unsigned char *out,
unsigned char ivec[16],
unsigned char ecount_buf[16]
*(size_t *)(out + n) =
*(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
If the buffers are not aligned, the application crashes due to the invalid
type casting of unsigned char (1 byte) to size_t (4 to 8 bytes for most
CPU:s).
Same errors at line 99
data = (size_t *)counter;
The solution is either to change the implementation to work with bytes or
to change the input vector to
const size_t *in,
size_t *out,
size_t ivec[16 / sizeof(size_t)],
size_t ecount_buf[16 / sizeof(size_t)
The workaround is to make sure that the input, output, ivvec and ecount
are all aligned, but since they are declared as single byte arrays, there
is a violation of the contract between input arguments and the usage of
the arguments.
Example to provoke this error running 64-bit SunOS
core 'core' of 23520: ../out/solaris/pnrg_test
ffffffff7efa44b4 CRYPTO_ctr128_encrypt (10010a090, 10010b8c0, 10,
ffffffff7fffef58, ffffffff7ffff128, ffffffff7ffff13c) + d8
ffffffff7ef8dd80 AES_ctr128_encrypt (10010a090, 10010b8c0, 10,
ffffffff7fffef58, ffffffff7ffff128, ffffffff7ffff13c) + 3c
00000001000057ac PNRG::generateRandomData(unsigned long)
(ffffffff7ffff13c, ffffffff7ffff128, 100, 20, 10010a090, 10010a0b0) + 13c
In Linux, it does not provoke a core dump.
Applicaition is compiled using
gcc (GCC) 4.9.2
Copyright (C) 2014 Free Software Foundation, Inc.
Best regards
Björn Kornefalk
Senior Software Engineer
Giesecke & Devrient 3S AB
Fredsborgsgatan 24
100 74 Stockholm
SWEDEN
Tel: (+46) 70 350 5633
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pnrg_test.cpp
Type: application/octet-stream
Size: 5179 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160105/39e17c01/attachment.obj>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list