Hi
I'm trying to port an application from OpenSSL to NSS. The biggest
problem right now is that valgrind reports that NSS accesses invalid
memory when using RC4. There is no problem with chunk sizes up to 8 and
sizes divisible with 4, but for other sizes it access the source and
destination in chunks of 4 bytes.
Do I do something wrong, or is it a bug or feature of NSS? Is this
behaviour documented somewhere?
I'm using nss-3.12.6-7.fc13.i686
/Mads
A minimal test case:
[...@d610 tmp]$ cat rc4test.c
#include <nss.h>
#include <keyhi.h>
#include <pk11pub.h>
#define chunksize 17
main()
{
NSS_NoDB_Init(NULL);
PK11SlotInfo* slot = PK11_GetBestSlot(CKM_RC4, NULL);
uint8 rc4key[7] = {1,2,3,4,5,6,7};
SECItem keyItem;
keyItem.type = siBuffer;
keyItem.data = rc4key;
keyItem.len = sizeof(rc4key);
PK11SymKey* symKey = PK11_ImportSymKey(slot, CKM_RC4,
PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL);
SECItem* secParam = PK11_ParamFromIV(CKM_RC4, NULL);
PK11Context* context = PK11_CreateContextBySymKey(CKM_RC4,
CKA_ENCRYPT, symKey, secParam);
PK11_FreeSymKey(symKey);
SECITEM_FreeItem(secParam, PR_TRUE);
PK11_FreeSlot(slot);
uint8 *in_data = malloc(chunksize);
memset(in_data, 0, chunksize);
uint8 *out_data = malloc(chunksize);
int outlen;
PK11_CipherOp(context, out_data, &outlen, chunksize,
in_data, chunksize);
}
[...@d610 tmp]$ gcc -Iinclude/freerdp -I/usr/include/nss3
-I/usr/include/nspr4 -lnss3 -lnspr4 rc4test.c -o rc4test
[...@d610 tmp]$ valgrind ./rc4test
==25805== Memcheck, a memory error detector
==25805== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==25805== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==25805== Command: ./rc4test
==25805==
==25805== Invalid read of size 4
==25805== at 0x2D68ADF: rc4_wordconv (arcfour.c:571)
==25805== by 0x45EDE8: RC4_Encrypt (loader.c:365)
==25805== by 0x444628: NSC_EncryptUpdate (pkcs11c.c:926)
==25805== by 0x31EDAB7: PK11_CipherOp (pk11cxt.c:731)
==25805== by 0x804888F: main (in /tmp/rc4test)
==25805== Address 0x4042198 is 16 bytes inside a block of size 17 alloc'd
==25805== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==25805== by 0x804882B: main (in /tmp/rc4test)
==25805==
==25805== Invalid read of size 4
==25805== at 0x2D6885D: rc4_wordconv (arcfour.c:591)
==25805== by 0x45EDE8: RC4_Encrypt (loader.c:365)
==25805== by 0x444628: NSC_EncryptUpdate (pkcs11c.c:926)
==25805== by 0x31EDAB7: PK11_CipherOp (pk11cxt.c:731)
==25805== by 0x804888F: main (in /tmp/rc4test)
==25805== Address 0x40421e0 is 16 bytes inside a block of size 17 alloc'd
==25805== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==25805== by 0x8048857: main (in /tmp/rc4test)
==25805==
==25805== Invalid write of size 4
==25805== at 0x2D68861: rc4_wordconv (arcfour.c:591)
==25805== by 0x45EDE8: RC4_Encrypt (loader.c:365)
==25805== by 0x444628: NSC_EncryptUpdate (pkcs11c.c:926)
==25805== by 0x31EDAB7: PK11_CipherOp (pk11cxt.c:731)
==25805== by 0x804888F: main (in /tmp/rc4test)
==25805== Address 0x40421e0 is 16 bytes inside a block of size 17 alloc'd
==25805== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==25805== by 0x8048857: main (in /tmp/rc4test)
==25805==
==25805==
==25805== HEAP SUMMARY:
==25805== in use at exit: 55,070 bytes in 697 blocks
==25805== total heap usage: 818 allocs, 121 frees, 66,939 bytes allocated
==25805==
==25805== LEAK SUMMARY:
==25805== definitely lost: 158 bytes in 4 blocks
==25805== indirectly lost: 167 bytes in 3 blocks
==25805== possibly lost: 31,711 bytes in 137 blocks
==25805== still reachable: 23,034 bytes in 553 blocks
==25805== suppressed: 0 bytes in 0 blocks
==25805== Rerun with --leak-check=full to see details of leaked memory
==25805==
==25805== For counts of detected and suppressed errors, rerun with: -v
==25805== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 28 from 11)
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
