AESNI code accesses memory beyond buffer end
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Python-Crypto |
New
|
Undecided
|
Unassigned |
Bug Description
In the current AESNI.c code I read this:
static void aes_key_
{
[...]
case 24:
{
/* 192 bit key setup */
__m128i temp[2];
rk[0] = _mm_loadu_
rk[1] = _mm_loadu_
[...]
static void block_init(
{
[..]
In case of AES192, the key will be 24 bytes long.
The second _mm_loadu_si128 instruction will load 16 bytes from the location (cipherKey+16).
That means it will read in 8 bytes beyond the key buffer. That may lead to a crash.
It is also worth noting that the very same bug is contained in Figure 25 of the Intel document here:
https:/
The rest of AESNI.c strongly resembles that code too.
It is appropriate to mention that AESNI.c code was copied or at least derived from that source.
I leave it up to you to sort out the licensing topic.
At a first glance, the Intel document does not seem to grant rights compatible with a public domain implementation.
information type: | Private Security → Public |
The code seems to have been removed:
$ find -iname "*aes*" 2.6.1/lib/ Crypto/ Cipher/ AES.py 2.6.1/lib/ Crypto/ SelfTest/ Ciphertest_ AES.py 2.6.1/src/ AES.c 2.6.1/LEGAL/ copy/stmts/ Mark_Moraes. mbox
./pycrypto-
./pycrypto-
./pycrypto-
./pycrypto-
Also note that comments on github (where this has project moved) and the commit history on github suggest that this project is no longer active.
(Commenting here to save people time to figure this out.)