[openssl-dev] [openssl.org #4218] Invalid typecasting in CRYPTO_ctr128_encrypt
Kurt Roeckx via RT
rt at openssl.org
Tue Jan 5 22:41:59 UTC 2016
On Tue, Jan 05, 2016 at 05:36:35PM +0000, Bjorn Kornefalk via RT wrote:
> OpenSSL 1.0.2e
>
> At line 156 of crypto/modes/ctr128.c
>
> const unsigned char *in,
> unsigned char *out,
> unsigned char ivec[16],
> unsigned char ecount_buf[16]
>
> *(size_t *)(out + n) =
> *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
>
> If the buffers are not aligned, the application crashes due to the invalid
> type casting of unsigned char (1 byte) to size_t (4 to 8 bytes for most
> CPU:s).
You should not run into that issue if STRICT_ALIGNMENT is defined.
Currently this is set by:
#define STRICT_ALIGNMENT 1
#ifndef PEDANTIC
# if defined(__i386) || defined(__i386__) || \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
defined(__aarch64__) || \
defined(__s390__) || defined(__s390x__)
# undef STRICT_ALIGNMENT
# endif
#endif
Kurt
More information about the openssl-dev
mailing list