#67 closed defect (fixed)

Use of uninitialised value in CryptoPP::Rijndael_Enc_AdvancedProcessBlocks

Reported by: Nikratio Owned by: weidai
Priority: major Milestone:
Version: 0.5.19 Keywords:
Cc: Launchpad Bug:

Description

Hello,

When running a different module under Valgrind, I noticed that CryptoPP seems to use uninitialized values at a few points:

==8726== Use of uninitialised value of size 4
==8726==    at 0x65D6325: CryptoPP::Rijndael_Enc_AdvancedProcessBlocks(void*, unsigned int const*) (in /usr/lib/libcrypto++.so.8.0.0)
==8726==    by 0x65D651D: CryptoPP::Rijndael::Enc::AdvancedProcessBlocks(unsigned char const*, unsigned char const*, unsigned char*, unsigned int, unsigned int) const (in /usr/lib/libcrypto++.so.8.0.0)
==8726==    by 0x65B1341: CryptoPP::CTR_ModePolicy::OperateKeystream(CryptoPP::KeystreamOperation, unsigned char*, unsigned char const*, unsigned int) (in /usr/lib/libcrypto++.so.8.0.0)
==8726==    by 0x62EE05E: CryptoPP::CTR_ModePolicy::WriteKeystream(unsigned char*, unsigned int) (modes.h:151)
==8726==    by 0x650B48E: CryptoPP::AdditiveCipherTemplate<CryptoPP::AbstractPolicyHolder<CryptoPP::AdditiveCipherAbstractPolicy, CryptoPP::CTR_ModePolicy> >::ProcessData(unsigned char*, unsigned char const*, unsigned int) (in /usr/lib/libcrypto++.so.8.0.0)
==8726==    by 0x62EDA5D: AES_process(AES*, _object*) (aesmodule.cpp:77)
==8726==    by 0x80F92A8: call_function (ceval.c:3738)
==8726==    by 0x80F4ACA: PyEval_EvalFrameEx (ceval.c:2412)
==8726==    by 0x80F7214: PyEval_EvalCodeEx (ceval.c:3000)
==8726==    by 0x80F99F3: fast_function (ceval.c:3846)
==8726==    by 0x80F964C: call_function (ceval.c:3771)
==8726==    by 0x80F4ACA: PyEval_EvalFrameEx (ceval.c:2412)

Change History (15)

comment:1 Changed at 2011-01-10T04:09:02Z by zooko

  • Owner set to Nikratio

Is it possible that the data or the key really are uninitialised?

Another possibility would be if your version of Crypto++ doesn't have this patch: http://bazaar.launchpad.net/~zooko/cryptopp/trunk/revision/455 from 2009-09-17.

Can you please submit a minimal test that demonstrates this bug when run under valgrind, either a program that I can build and execute with:

make && valgrind $PROGNAME or else a unit test that I can execute with make && valgrind python setup.py test.

comment:2 Changed at 2011-01-10T23:51:03Z by Nikratio

Here you go:

$ valgrind python-dbg contrib/test.py 
==19162== Memcheck, a memory error detector
==19162== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==19162== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==19162== Command: python-dbg contrib/test.py
==19162== 
==19162== Use of uninitialised value of size 4
==19162==    at 0x5121325: CryptoPP::Rijndael_Enc_AdvancedProcessBlocks(void*, unsigned int const*) (in /usr/lib/libcrypto++.so.8.0.0)
==19162==    by 0x512151D: CryptoPP::Rijndael::Enc::AdvancedProcessBlocks(unsigned char const*, unsigned char const*, unsigned char*, unsigned int, unsigned int) const (in /usr/lib/libcrypto++.so.8.0.0)
==19162==    by 0x50FC341: CryptoPP::CTR_ModePolicy::OperateKeystream(CryptoPP::KeystreamOperation, unsigned char*, unsigned char const*, unsigned int) (in /usr/lib/libcrypto++.so.8.0.0)
==19162==    by 0x4E2405E: CryptoPP::CTR_ModePolicy::WriteKeystream(unsigned char*, unsigned int) (modes.h:151)
==19162==    by 0x505648E: CryptoPP::AdditiveCipherTemplate<CryptoPP::AbstractPolicyHolder<CryptoPP::AdditiveCipherAbstractPolicy, CryptoPP::CTR_ModePolicy> >::ProcessData(unsigned char*, unsigned char const*, unsigned int) (in /usr/lib/libcrypto++.so.8.0.0)
==19162==    by 0x4E23A5D: AES_process(AES*, _object*) (aesmodule.cpp:77)
==19162==    by 0x80F92A8: call_function (ceval.c:3738)
==19162==    by 0x80F4ACA: PyEval_EvalFrameEx (ceval.c:2412)
==19162==    by 0x80F98F3: fast_function (ceval.c:3836)
==19162==    by 0x80F964C: call_function (ceval.c:3771)
==19162==    by 0x80F4ACA: PyEval_EvalFrameEx (ceval.c:2412)
==19162==    by 0x80F7214: PyEval_EvalCodeEx (ceval.c:3000)
==19162== 
[19593 refs]
==19162== 
==19162== HEAP SUMMARY:
==19162==     in use at exit: 565,451 bytes in 5,895 blocks
==19162==   total heap usage: 51,971 allocs, 46,076 frees, 5,439,309 bytes allocated
==19162== 
==19162== LEAK SUMMARY:
==19162==    definitely lost: 0 bytes in 0 blocks
==19162==    indirectly lost: 0 bytes in 0 blocks
==19162==      possibly lost: 544,863 bytes in 5,576 blocks
==19162==    still reachable: 20,588 bytes in 319 blocks
==19162==         suppressed: 0 bytes in 0 blocks
==19162== Rerun with --leak-check=full to see details of leaked memory
==19162== 
==19162== For counts of detected and suppressed errors, rerun with: -v
==19162== Use --track-origins=yes to see where uninitialised values come from
==19162== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 50 from 11)
$ cat contrib/test.py 
import hmac
import pycryptopp
import hashlib
import struct

def encrypt(buf, passphrase, nonce):
    
    key = hashlib.sha256(passphrase + nonce).digest()
    cipher = pycryptopp.cipher.aes.AES(key)
    hmac_ = hmac.new(key, digestmod=hashlib.sha256)

    hmac_.update(buf)
    buf = cipher.process(buf)
    hash_ = cipher.process(hmac_.digest())

    return b''.join(
                    (struct.pack(b'<B', len(nonce)),
                    nonce, hash_, buf))
        
encrypt('foobar', 'passphrase', 'nonce')

comment:3 Changed at 2011-01-10T23:52:23Z by Nikratio

The Crypto++ version is 5.6.0, python-pycryptopp is 0.5.17.

comment:4 Changed at 2011-01-13T21:21:24Z by zooko

Hm, I'm pretty busy but this could be a serious bug. Is anyone else available to look at it?

comment:5 Changed at 2011-01-16T07:37:39Z by zooko

  • Owner changed from Nikratio to zooko
  • Status changed from new to assigned

Okay, I'll look at this.

comment:6 Changed at 2011-01-16T08:04:32Z by zooko

Could not reproduce with:

$ PYTHONPATH= python -c 'import pycryptopp;print pycryptopp.__version__;print pycryptopp._pycryptopp.cryptopp_version'
0.5.25-r761
(560, 'pycryptopp-0.5.25-r761')

comment:7 Changed at 2011-01-16T08:14:40Z by zooko

Also could not reproduce with pycryptopp-0.5.17. Will add your test to the buildbot...

comment:8 Changed at 2011-01-16T08:50:21Z by zooko

  • Owner changed from zooko to Nikratio
  • Status changed from assigned to new

Okay I added your test to the test suite and am running it on the buildbots. See the buildbots for results. I can't reproduce it, and the version of pycryptopp you were using is a bit old. Please try to reproduce it with the latest version and report back. I'm assigning this ticket to you, so please close it when you are done with it, or assign it back to me if you want more help from me.

comment:9 Changed at 2011-01-16T22:08:20Z by Nikratio

I'll try with the newest version. Where can I find the results from the buildbots?

comment:10 Changed at 2011-01-16T22:52:49Z by Nikratio

I'm able to reproduce the problem with:

pycryptopp-0.5.23
pycryptopp-0.5.26
pycryptopp-0.5.27
pycryptopp-0.5.28

(all retrieved with darcs get --lazy --tag [tagname] http://tahoe-lafs.org/source/pycryptopp/trunk).

Example:

$ python-dbg -c 'import pycryptopp;print pycryptopp.__version__;print pycryptopp._pycryptopp.cryptopp_version'
0.5.28
(560, 'pycryptopp-0.5.28')
[16808 refs]
$ valgrind python-dbg test.py 
==17075== Memcheck, a memory error detector
==17075== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==17075== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==17075== Command: python-dbg test.py
==17075== 
==17075== Use of uninitialised value of size 4
==17075==    at 0x4FD67F9: CryptoPP::Rijndael_Enc_AdvancedProcessBlocks(void*, unsigned int const*) (rijndael.cpp:900)
==17075==    by 0x500EEE3: CryptoPP::CTR_ModePolicy::OperateKeystream(CryptoPP::KeystreamOperation, unsigned char*, unsigned char const*, unsigned int) (modes.cpp:118)
==17075==    by 0x4F7CFDF: CryptoPP::CTR_ModePolicy::WriteKeystream(unsigned char*, unsigned int) (modes.h:151)
==17075==    by 0x4F85F53: CryptoPP::AdditiveCipherTemplate<CryptoPP::AbstractPolicyHolder<CryptoPP::AdditiveCipherAbstractPolicy, CryptoPP::CTR_ModePolicy> >::ProcessData(unsigned char*, unsigned char const*, unsigned int) (strciphr.cpp:119)
==17075==    by 0x5059617: AES_process(AES*, _object*) (aesmodule.cpp:78)
==17075==    by 0x80F92A8: call_function (ceval.c:3738)
==17075==    by 0x80F4ACA: PyEval_EvalFrameEx (ceval.c:2412)
==17075==    by 0x80F98F3: fast_function (ceval.c:3836)
==17075==    by 0x80F964C: call_function (ceval.c:3771)
==17075==    by 0x80F4ACA: PyEval_EvalFrameEx (ceval.c:2412)
==17075==    by 0x80F7214: PyEval_EvalCodeEx (ceval.c:3000)
==17075==    by 0x80ED06A: PyEval_EvalCode (ceval.c:541)
==17075== 

comment:11 Changed at 2011-01-16T22:56:55Z by Nikratio

  • Owner changed from Nikratio to zooko

comment:12 follow-up: Changed at 2011-01-27T22:50:55Z by zooko

The same valgrind warning happens when you run cryptopp561.zip upstream (see below).

Wei Dai, primary author of upstream Crypto++, is looking into it.

==1403== Memcheck, a memory error detector
==1403== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==1403== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==1403== Command: ./cryptest.exe tv aes
==1403== Parent PID: 1235
==1403== 
==1403== Use of uninitialised value of size 4
==1403==    at 0x81D65FE: CryptoPP::Rijndael::Enc::AdvancedProcessBlocks(unsigned char const*, unsigned char const*, unsigned char*, unsigned int, unsigned int) const (rijndael.cpp:1233)
==1403==    by 0x81D6FE4: CryptoPP::Rijndael::Enc::ProcessAndXorBlock(unsigned char const*, unsigned char const*, unsigned char*) const (rijndael.cpp:354)
==1403==    by 0x81B28E5: CryptoPP::OFB_ModePolicy::WriteKeystream(unsigned char*, unsigned int) (cryptlib.h:438)
==1403==    by 0x813CA51: CryptoPP::AdditiveCipherTemplate<CryptoPP::AbstractPolicyHolder<CryptoPP::AdditiveCipherAbstractPolicy, CryptoPP::OFB_ModePolicy> >::GenerateBlock(unsigned char*, unsigned int) (strciphr.cpp:60)
==1403==    by 0x811ADA6: CryptoPP::RandomNumberGenerator::GenerateWord32(unsigned int, unsigned int) (cryptlib.cpp:257)
==1403==    by 0x80D3B78: RandomizedTransfer(CryptoPP::BufferedTransformation&, CryptoPP::BufferedTransformation&, bool, std::string const&) (datatest.cpp:65)
==1403==    by 0x80D43A6: PutDecodedDatumInto(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > const&, char const*, CryptoPP::BufferedTransformation&) (datatest.cpp:119)
==1403==    by 0x80D4AAE: GetDecodedDatum(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > const&, char const*) (datatest.cpp:125)
==1403==    by 0x80D54F9: TestSymmetricCipher(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, CryptoPP::NameValuePairs const&) (datatest.cpp:321)
==1403==    by 0x80DB1C5: TestDataFile(std::string const&, CryptoPP::NameValuePairs const&, unsigned int&, unsigned int&) (datatest.cpp:703)
==1403==    by 0x80DB7BB: RunTestDataFile(char const*, CryptoPP::NameValuePairs const&) (datatest.cpp:747)
==1403==    by 0x806EEEA: main (test.cpp:255)
==1403== 
==1403== Use of uninitialised value of size 4
==1403==    at 0x81D6618: CryptoPP::Rijndael::Enc::AdvancedProcessBlocks(unsigned char const*, unsigned char const*, unsigned char*, unsigned int, unsigned int) const (rijndael.cpp:1238)
==1403==    by 0x81D6FE4: CryptoPP::Rijndael::Enc::ProcessAndXorBlock(unsigned char const*, unsigned char const*, unsigned char*) const (rijndael.cpp:354)
==1403==    by 0x81B28E5: CryptoPP::OFB_ModePolicy::WriteKeystream(unsigned char*, unsigned int) (cryptlib.h:438)
==1403==    by 0x813CA51: CryptoPP::AdditiveCipherTemplate<CryptoPP::AbstractPolicyHolder<CryptoPP::AdditiveCipherAbstractPolicy, CryptoPP::OFB_ModePolicy> >::GenerateBlock(unsigned char*, unsigned int) (strciphr.cpp:60)
==1403==    by 0x811ADA6: CryptoPP::RandomNumberGenerator::GenerateWord32(unsigned int, unsigned int) (cryptlib.cpp:257)
==1403==    by 0x80D3B78: RandomizedTransfer(CryptoPP::BufferedTransformation&, CryptoPP::BufferedTransformation&, bool, std::string const&) (datatest.cpp:65)
==1403==    by 0x80D43A6: PutDecodedDatumInto(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > const&, char const*, CryptoPP::BufferedTransformation&) (datatest.cpp:119)
==1403==    by 0x80D4AAE: GetDecodedDatum(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > const&, char const*) (datatest.cpp:125)
==1403==    by 0x80D54F9: TestSymmetricCipher(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, CryptoPP::NameValuePairs const&) (datatest.cpp:321)
==1403==    by 0x80DB1C5: TestDataFile(std::string const&, CryptoPP::NameValuePairs const&, unsigned int&, unsigned int&) (datatest.cpp:703)
==1403==    by 0x80DB7BB: RunTestDataFile(char const*, CryptoPP::NameValuePairs const&) (datatest.cpp:747)
==1403==    by 0x806EEEA: main (test.cpp:255)
==1403== 
==1403== Use of uninitialised value of size 4
==1403==    at 0x81D661B: CryptoPP::Rijndael::Enc::AdvancedProcessBlocks(unsigned char const*, unsigned char const*, unsigned char*, unsigned int, unsigned int) const (rijndael.cpp:1238)
==1403==    by 0x81D6FE4: CryptoPP::Rijndael::Enc::ProcessAndXorBlock(unsigned char const*, unsigned char const*, unsigned char*) const (rijndael.cpp:354)
==1403==    by 0x81B28E5: CryptoPP::OFB_ModePolicy::WriteKeystream(unsigned char*, unsigned int) (cryptlib.h:438)
==1403==    by 0x813CA51: CryptoPP::AdditiveCipherTemplate<CryptoPP::AbstractPolicyHolder<CryptoPP::AdditiveCipherAbstractPolicy, CryptoPP::OFB_ModePolicy> >::GenerateBlock(unsigned char*, unsigned int) (strciphr.cpp:60)
==1403==    by 0x811ADA6: CryptoPP::RandomNumberGenerator::GenerateWord32(unsigned int, unsigned int) (cryptlib.cpp:257)
==1403==    by 0x80D3B78: RandomizedTransfer(CryptoPP::BufferedTransformation&, CryptoPP::BufferedTransformation&, bool, std::string const&) (datatest.cpp:65)
==1403==    by 0x80D43A6: PutDecodedDatumInto(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > const&, char const*, CryptoPP::BufferedTransformation&) (datatest.cpp:119)
==1403==    by 0x80D4AAE: GetDecodedDatum(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > const&, char const*) (datatest.cpp:125)
==1403==    by 0x80D54F9: TestSymmetricCipher(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, CryptoPP::NameValuePairs const&) (datatest.cpp:321)
==1403==    by 0x80DB1C5: TestDataFile(std::string const&, CryptoPP::NameValuePairs const&, unsigned int&, unsigned int&) (datatest.cpp:703)
==1403==    by 0x80DB7BB: RunTestDataFile(char const*, CryptoPP::NameValuePairs const&) (datatest.cpp:747)
==1403==    by 0x806EEEA: main (test.cpp:255)
==1403== 
==1403== Use of uninitialised value of size 4
==1403==    at 0x81D65FE: CryptoPP::Rijndael::Enc::AdvancedProcessBlocks(unsigned char const*, unsigned char const*, unsigned char*, unsigned int, unsigned int) const (rijndael.cpp:1233)
==1403==    by 0x81B2619: CryptoPP::CTR_ModePolicy::OperateKeystream(CryptoPP::KeystreamOperation, unsigned char*, unsigned char const*, unsigned int) (modes.cpp:120)
==1403==    by 0x80703BE: CryptoPP::CTR_ModePolicy::WriteKeystream(unsigned char*, unsigned int) (modes.h:151)
==1403==    by 0x813CF6F: CryptoPP::AdditiveCipherTemplate<CryptoPP::AbstractPolicyHolder<CryptoPP::AdditiveCipherAbstractPolicy, CryptoPP::CTR_ModePolicy> >::ProcessData(unsigned char*, unsigned char const*, unsigned int) (strciphr.cpp:119)
==1403==    by 0x8169F56: CryptoPP::StreamTransformationFilter::NextPutMultiple(unsigned char const*, unsigned int) (cryptlib.h:503)
==1403==    by 0x816B328: CryptoPP::FilterWithBufferedInput::PutMaybeModifiable(unsigned char*, unsigned int, int, bool, bool) (filters.cpp:365)
==1403==    by 0x8074E55: CryptoPP::FilterWithBufferedInput::Put2(unsigned char const*, unsigned int, int, bool) (filters.h:157)
==1403==    by 0x811D205: CryptoPP::BufferedTransformation::ChannelPut2(std::string const&, unsigned char const*, unsigned int, int, bool) (cryptlib.cpp:357)
==1403==    by 0x80D3C3D: RandomizedTransfer(CryptoPP::BufferedTransformation&, CryptoPP::BufferedTransformation&, bool, std::string const&) (cryptlib.h:976)
==1403==    by 0x80D6021: TestSymmetricCipher(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, CryptoPP::NameValuePairs const&) (datatest.cpp:401)
==1403==    by 0x80DB1C5: TestDataFile(std::string const&, CryptoPP::NameValuePairs const&, unsigned int&, unsigned int&) (datatest.cpp:703)
==1403==    by 0x80DB7BB: RunTestDataFile(char const*, CryptoPP::NameValuePairs const&) (datatest.cpp:747)
==1403== 
==1403== Use of uninitialised value of size 4
==1403==    at 0x81D6618: CryptoPP::Rijndael::Enc::AdvancedProcessBlocks(unsigned char const*, unsigned char const*, unsigned char*, unsigned int, unsigned int) const (rijndael.cpp:1238)
==1403==    by 0x81B2619: CryptoPP::CTR_ModePolicy::OperateKeystream(CryptoPP::KeystreamOperation, unsigned char*, unsigned char const*, unsigned int) (modes.cpp:120)
==1403==    by 0x80703BE: CryptoPP::CTR_ModePolicy::WriteKeystream(unsigned char*, unsigned int) (modes.h:151)
==1403==    by 0x813CF6F: CryptoPP::AdditiveCipherTemplate<CryptoPP::AbstractPolicyHolder<CryptoPP::AdditiveCipherAbstractPolicy, CryptoPP::CTR_ModePolicy> >::ProcessData(unsigned char*, unsigned char const*, unsigned int) (strciphr.cpp:119)
==1403==    by 0x8169F56: CryptoPP::StreamTransformationFilter::NextPutMultiple(unsigned char const*, unsigned int) (cryptlib.h:503)
==1403==    by 0x816B328: CryptoPP::FilterWithBufferedInput::PutMaybeModifiable(unsigned char*, unsigned int, int, bool, bool) (filters.cpp:365)
==1403==    by 0x8074E55: CryptoPP::FilterWithBufferedInput::Put2(unsigned char const*, unsigned int, int, bool) (filters.h:157)
==1403==    by 0x811D205: CryptoPP::BufferedTransformation::ChannelPut2(std::string const&, unsigned char const*, unsigned int, int, bool) (cryptlib.cpp:357)
==1403==    by 0x80D3C3D: RandomizedTransfer(CryptoPP::BufferedTransformation&, CryptoPP::BufferedTransformation&, bool, std::string const&) (cryptlib.h:976)
==1403==    by 0x80D6021: TestSymmetricCipher(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, CryptoPP::NameValuePairs const&) (datatest.cpp:401)
==1403==    by 0x80DB1C5: TestDataFile(std::string const&, CryptoPP::NameValuePairs const&, unsigned int&, unsigned int&) (datatest.cpp:703)
==1403==    by 0x80DB7BB: RunTestDataFile(char const*, CryptoPP::NameValuePairs const&) (datatest.cpp:747)
==1403== 
==1403== Use of uninitialised value of size 4
==1403==    at 0x81D661B: CryptoPP::Rijndael::Enc::AdvancedProcessBlocks(unsigned char const*, unsigned char const*, unsigned char*, unsigned int, unsigned int) const (rijndael.cpp:1238)
==1403==    by 0x81B2619: CryptoPP::CTR_ModePolicy::OperateKeystream(CryptoPP::KeystreamOperation, unsigned char*, unsigned char const*, unsigned int) (modes.cpp:120)
==1403==    by 0x80703BE: CryptoPP::CTR_ModePolicy::WriteKeystream(unsigned char*, unsigned int) (modes.h:151)
==1403==    by 0x813CF6F: CryptoPP::AdditiveCipherTemplate<CryptoPP::AbstractPolicyHolder<CryptoPP::AdditiveCipherAbstractPolicy, CryptoPP::CTR_ModePolicy> >::ProcessData(unsigned char*, unsigned char const*, unsigned int) (strciphr.cpp:119)
==1403==    by 0x8169F56: CryptoPP::StreamTransformationFilter::NextPutMultiple(unsigned char const*, unsigned int) (cryptlib.h:503)
==1403==    by 0x816B328: CryptoPP::FilterWithBufferedInput::PutMaybeModifiable(unsigned char*, unsigned int, int, bool, bool) (filters.cpp:365)
==1403==    by 0x8074E55: CryptoPP::FilterWithBufferedInput::Put2(unsigned char const*, unsigned int, int, bool) (filters.h:157)
==1403==    by 0x811D205: CryptoPP::BufferedTransformation::ChannelPut2(std::string const&, unsigned char const*, unsigned int, int, bool) (cryptlib.cpp:357)
==1403==    by 0x80D3C3D: RandomizedTransfer(CryptoPP::BufferedTransformation&, CryptoPP::BufferedTransformation&, bool, std::string const&) (cryptlib.h:976)
==1403==    by 0x80D6021: TestSymmetricCipher(std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, CryptoPP::NameValuePairs const&) (datatest.cpp:401)
==1403==    by 0x80DB1C5: TestDataFile(std::string const&, CryptoPP::NameValuePairs const&, unsigned int&, unsigned int&) (datatest.cpp:703)
==1403==    by 0x80DB7BB: RunTestDataFile(char const*, CryptoPP::NameValuePairs const&) (datatest.cpp:747)
==1403== 
==1403== 
==1403== HEAP SUMMARY:
==1403==     in use at exit: 0 bytes in 0 blocks
==1403==   total heap usage: 19,097 allocs, 19,097 frees, 968,981 bytes allocated
==1403== 
==1403== All heap blocks were freed -- no leaks are possible
==1403== 
==1403== For counts of detected and suppressed errors, rerun with: -v
==1403== Use --track-origins=yes to see where uninitialised values come from
==1403== ERROR SUMMARY: 852 errors from 6 contexts (suppressed: 21 from 8)

comment:13 in reply to: ↑ 12 Changed at 2011-01-28T01:55:59Z by weidai

The way the AES inline assembly is written makes Valgrind think it's using uninitialised value when it's not. I've checked in a workaround to Crypto++ SVN as revision 525.

comment:14 Changed at 2011-01-28T04:57:32Z by zooko

  • Owner changed from zooko to weidai

Dear Wei Dai:

Thanks again for the quick response to this bug report!

The sf.net SVN browser is off-line due to a security breach at sf.net: http://sourceforge.net/blog/sourceforge-net-attack/ (and by the way we should probably think about what could go wrong if the servers that host Crypto++ were compromised. Does everyone need to check the secure hashes of the downloadable .zip files? What about revision control history -- how can we verify that it hasn't been tampered with. Are there any other assets at sf.net that we might need to account for? The issue tracker? Any passwords or other secrets stored at sf.net?)

The bzr mirror that I have set up (launchpad.net does this for me automatically) has this as patch 520:

http://bazaar.launchpad.net/~zooko/cryptopp/trunk/revision/502

Here is the text of it:

=== modified file 'rijndael.cpp'
--- rijndael.cpp        2011-01-07 01:38:48 +0000
+++ rijndael.cpp        2011-01-28 01:22:27 +0000
@@ -526,7 +526,7 @@
 #if CRYPTOPP_BOOL_X86
 
 #define L_REG                  esp
-#define L_INDEX(i)             (L_REG+512+i)
+#define L_INDEX(i)             (L_REG+768+i)
 #define L_INXORBLOCKS  L_INBLOCKS+4
 #define L_OUTXORBLOCKS L_INBLOCKS+8
 #define L_OUTBLOCKS            L_INBLOCKS+12
@@ -625,7 +625,7 @@
 
 #if CRYPTOPP_BOOL_X86
        AS2(    mov             [ecx+16*12+16*4], esp)  // save esp to L_SP
-       AS2(    lea             esp, [ecx-512])
+       AS2(    lea             esp, [ecx-768])
 #endif
 
        // copy subkeys to stack

Could you please explain further how this is not actually a bug in Crypto++ but only a false alarm from valgrind? Valgrind rarely emits false alarms -- the only other one I've seen is the interesting case of PyObject_Free.

I would like to understand what is going on here, but my grasp of assembly is weak.

Thanks!

Last edited at 2011-01-28T05:02:03Z by zooko (previous) (diff)

comment:15 Changed at 2011-01-28T09:03:19Z by zooko

  • Resolution set to fixed
  • Status changed from new to closed

I committed the patch to pycryptopp as [20110128080845-92b7f-f23aae31626d817f7ae344a1a80bed64232614ab]. Thanks! (I still want to understand it if you can take time to explain.)

Version 0, edited at 2011-01-28T09:03:19Z by zooko (next)
Note: See TracTickets for help on using tickets.