From owner-freebsd-hackers@FreeBSD.ORG Wed Sep 17 00:56:38 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FA6416A4B3 for ; Wed, 17 Sep 2003 00:56:38 -0700 (PDT) Received: from hitpro.hitachi.co.jp (hitpro.hitachi.co.jp [133.145.224.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F91C43F85 for ; Wed, 17 Sep 2003 00:56:35 -0700 (PDT) (envelope-from ume@bisd.hitachi.co.jp) Received: from mc3.mcg.hitachi.co.jp by hitpro.hitachi.co.jp (8.12.9/eHI-hitpro) id h8H7uWYQ004716; Wed, 17 Sep 2003 16:56:33 +0900 (JST) Received: (from root@localhost) by mc3.mcg.hitachi.co.jp (8.11.6+Sun/8.11.6) id h8H7uVK19111 for ; Wed, 17 Sep 2003 16:56:31 +0900 (JST) Received: from unknown [192.168.2.1] by mc3.mcg.hitachi.co.jp with SMTP id SAA19108 ; Wed, 17 Sep 2003 16:56:30 +0900 Received: from navsg2.hitachi.co.jp by navsg2.hitachi.co.jp (8.9.3/3.7W-navsg2) id QAA21396; Wed, 17 Sep 2003 16:56:30 +0900 (JST) Received: from mlsv5.itg.hitachi.co.jp ([158.213.165.104]) by navsg2.hitachi.co.jp (NAVGW 2.5.2.17) with SMTP id M2003091716562930423 ; Wed, 17 Sep 2003 16:56:29 +0900 Received: from navgw14.itg.hitachi.co.jp by mlsv5.itg.hitachi.co.jp (8.12.6/8.12.6) id h8H7uSrR003470; Wed, 17 Sep 2003 16:56:29 +0900 Received: from bisdgw.bisd.hitachi.co.jp ([133.144.87.253]) M2003091716564504685 ; Wed, 17 Sep 2003 16:56:45 +0900 Received: from bisdmail.bisd.hitachi.co.jpQAA14570; Wed, 17 Sep 2003 16:56:29 +0900 (JST) (envelope-from ume@bisd.hitachi.co.jp) Received: from plum.ssr.bisd.hitachi.co.jph8H7uSk19558; Wed, 17 Sep 2003 16:56:28 +0900 (JST) (envelope-from ume@bisd.hitachi.co.jp) Date: Wed, 17 Sep 2003 16:56:28 +0900 Message-ID: From: Hajimu UMEMOTO To: zevlg@yandex.ru In-Reply-To: <3F680C78.000003.13537@tide.yandex.ru> References: <3F680C78.000003.13537@tide.yandex.ru> User-Agent: xcite1.38> Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 4.8-RELEASE MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: hackers@freebsd.org cc: core@kame.net Subject: Re: possible rijndael bug X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Sep 2003 07:56:38 -0000 Hi, >>>>> On Wed, 17 Sep 2003 11:25:44 +0400 (MSD) >>>>> zevlg@yandex.ru ("lg") said: zevlg> I recently examined rijndael implementation, which ships in sys/crypto/rijndael and there zevlg> is code in function rijndael_padEncrypt()(from rijndael-api-fst.c): zevlg> numBlocks = inputOctets/16; zevlg> ... zevlg> ... zevlg> padLen = 16 - (inputOctets - 16*numBlocks); zevlg> if (padLen > 0 && padLen <= 16) zevlg> panic("..."); zevlg> bcopy(input, block, 16 - padLen); zevlg> for (cp = block + 16 - padLen; cp < block + 16; cp++) zevlg> *cp = padLen; zevlg> rijndaelEncrypt(block, outBuffer, key->keySched, key->ROUNDS); zevlg> ... zevlg> so padLen check will always success and it surely will panic, or even if we admit that zevlg> padLen check is bypassed(what is impossible i think) then bcopy() will be called with zevlg> larger size argument then size of block array or with negative size. Isn't this padLen zevlg> check is unneeded? or maybe it should look like 'if (padLen <= 0 || padLen > 16)'? I saw it during working on next KAME merge into 5-CURRENT. KAME/NetBSD uses assert() here like: assert(padLen > 0 && padLen <= 16); Since FreeBSD doesn't have assert() in kernel, this line was changed to: if (padLen > 0 && padLen <= 16) return BAD_CIPHER_STATE; for KAME/FreeBSD. Since if expression is true, the assert() macro does nothing, the expression seems wrong, and it should be: if (padLen <= 0 || padLen > 16) return BAD_CIPHER_STATE; as you pointed out. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/