With bounds checking patch for gcc-3.1 problems if using AES
Lutz Jaenicke
Lutz.Jaenicke at aet.TU-Cottbus.DE
Wed Jul 10 03:59:48 EST 2002
On Tue, Jul 09, 2002 at 07:07:48PM +0000, Daniel Schröter wrote:
> like I said, I'm not the coding-expert, but I have some additional
> informations and a solution. I compiled OpenSSL with the CFLAG "-g" and
> now I get the file and linenumber where the problem occured:
>
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> evp_enc.c:105:Bounds error: in memcpy with 0x2bfc40 and 0x2bfc38 for 16,
> source and destination objects overlap.
> evp_enc.c:105: Pointer value: 0x2bfc40
> evp_enc.c:105: Object `send_context':
> evp_enc.c:105: Address in memory: 0x2bfc28 .. 0x2c0ca7
> evp_enc.c:105: Size: 4224 bytes
> evp_enc.c:105: Element size: 1 bytes
> evp_enc.c:105: Number of elements: 4224
> evp_enc.c:105: Created at: packet.c, line 87
> evp_enc.c:105: Storage class: static
> debug1: Calling cleanup 0x91178(0x0)
>
> The line 105 in file openssl-0.9.6d/crypto/evp/evp_enc.c is (maybe) the
> problem.:
>
> memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
>
> So I take an update to
> ftp://ftp.openssl.org/snapshot/openssl-SNAP-20020707.tar.gz
> and it works fine. Also the Beta2 from openssl-0.9.7 works fine.
Your analysis indicates the following:
ctx->iv and ctx->oiv are members of evp_cipher_ctx_st (aka EVP_CIPHER_CTX),
located one after the other in memory. Both are of the size EVP_MAX_IV_LENGTH
which is 8 in 0.9.6x and 16 for 0.9.7 and later. If the length of the IV
is larger than 8 bytes, an overlapping memory copy may occur:
...
#define RIJNDAEL_BLOCKSIZE 16
rijndal_cbc.iv_len = RIJNDAEL_BLOCKSIZE;
I did not check out the details of OpenSSH's AES implementation, but AES is
not part of OpenSSL 0.9.6x and it seems that it was added in the EVP style by
the OpenSSH people. However, this implementation might fail due to the
too small buffers in evp_cipher_ctx_st.
> Sorry for the wrong mailingliste I have taken and that the bug is
> already fixed.
If my analysis (based on a short glance into both OpenSSL's and OpenSSH's
sources) is correct, this mailing list _is_ appropriate.
Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
More information about the openssh-unix-dev
mailing list