On 06/19/2010 01:43 PM, Mads Kiilerich wrote:
> Hi
>
> I'm trying to port an application from OpenSSL to NSS. The biggest
> problem right now is that valgrind reports that NSS accesses invalid
> memory when using RC4. There is no problem with chunk sizes up to 8
> and sizes divisible with 4, but for other sizes it access the source
> and destination in chunks of 4 bytes.
>
> Do I do something wrong, or is it a bug or feature of NSS? Is this
> behaviour documented somewhere?
>
> I'm using nss-3.12.6-7.fc13.i686
>
> /Mads
IIRC you can ignore the read valgrind warnings in this case. The code is
grabbing data a word at a time for efficiency reasons, then masking or
shifting out the part that was read from uninitialized memory.
I would double-check looking at the code. To make sure that was the case.
bob
>
>
> A minimal test case:
>
> [...@d610 tmp]$ cat rc4test.c
> #include <nss.h>
> #include <keyhi.h>
> #include <pk11pub.h>
>
> #define chunksize 17
>
> main()
> {
> NSS_NoDB_Init(NULL);
>
> PK11SlotInfo* slot = PK11_GetBestSlot(CKM_RC4, NULL);
>
> uint8 rc4key[7] = {1,2,3,4,5,6,7};
> SECItem keyItem;
> keyItem.type = siBuffer;
> keyItem.data = rc4key;
> keyItem.len = sizeof(rc4key);
> PK11SymKey* symKey = PK11_ImportSymKey(slot, CKM_RC4,
> PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL);
>
> SECItem* secParam = PK11_ParamFromIV(CKM_RC4, NULL);
>
> PK11Context* context = PK11_CreateContextBySymKey(CKM_RC4,
> CKA_ENCRYPT, symKey, secParam);
> PK11_FreeSymKey(symKey);
> SECITEM_FreeItem(secParam, PR_TRUE);
> PK11_FreeSlot(slot);
>
> uint8 *in_data = malloc(chunksize);
> memset(in_data, 0, chunksize);
> uint8 *out_data = malloc(chunksize);
>
> int outlen;
> PK11_CipherOp(context, out_data, &outlen, chunksize,
> in_data, chunksize);
> }
> [...@d610 tmp]$ gcc -Iinclude/freerdp -I/usr/include/nss3
> -I/usr/include/nspr4 -lnss3 -lnspr4 rc4test.c -o rc4test
> [...@d610 tmp]$ valgrind ./rc4test
> ==25805== Memcheck, a memory error detector
> ==25805== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
> ==25805== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright
> info
> ==25805== Command: ./rc4test
> ==25805==
> ==25805== Invalid read of size 4
> ==25805== at 0x2D68ADF: rc4_wordconv (arcfour.c:571)
> ==25805== by 0x45EDE8: RC4_Encrypt (loader.c:365)
> ==25805== by 0x444628: NSC_EncryptUpdate (pkcs11c.c:926)
> ==25805== by 0x31EDAB7: PK11_CipherOp (pk11cxt.c:731)
> ==25805== by 0x804888F: main (in /tmp/rc4test)
> ==25805== Address 0x4042198 is 16 bytes inside a block of size 17
> alloc'd
> ==25805== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
> ==25805== by 0x804882B: main (in /tmp/rc4test)
> ==25805==
> ==25805== Invalid read of size 4
> ==25805== at 0x2D6885D: rc4_wordconv (arcfour.c:591)
> ==25805== by 0x45EDE8: RC4_Encrypt (loader.c:365)
> ==25805== by 0x444628: NSC_EncryptUpdate (pkcs11c.c:926)
> ==25805== by 0x31EDAB7: PK11_CipherOp (pk11cxt.c:731)
> ==25805== by 0x804888F: main (in /tmp/rc4test)
> ==25805== Address 0x40421e0 is 16 bytes inside a block of size 17
> alloc'd
> ==25805== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
> ==25805== by 0x8048857: main (in /tmp/rc4test)
> ==25805==
> ==25805== Invalid write of size 4
> ==25805== at 0x2D68861: rc4_wordconv (arcfour.c:591)
> ==25805== by 0x45EDE8: RC4_Encrypt (loader.c:365)
> ==25805== by 0x444628: NSC_EncryptUpdate (pkcs11c.c:926)
> ==25805== by 0x31EDAB7: PK11_CipherOp (pk11cxt.c:731)
> ==25805== by 0x804888F: main (in /tmp/rc4test)
> ==25805== Address 0x40421e0 is 16 bytes inside a block of size 17
> alloc'd
> ==25805== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
> ==25805== by 0x8048857: main (in /tmp/rc4test)
> ==25805==
> ==25805==
> ==25805== HEAP SUMMARY:
> ==25805== in use at exit: 55,070 bytes in 697 blocks
> ==25805== total heap usage: 818 allocs, 121 frees, 66,939 bytes
> allocated
> ==25805==
> ==25805== LEAK SUMMARY:
> ==25805== definitely lost: 158 bytes in 4 blocks
> ==25805== indirectly lost: 167 bytes in 3 blocks
> ==25805== possibly lost: 31,711 bytes in 137 blocks
> ==25805== still reachable: 23,034 bytes in 553 blocks
> ==25805== suppressed: 0 bytes in 0 blocks
> ==25805== Rerun with --leak-check=full to see details of leaked memory
> ==25805==
> ==25805== For counts of detected and suppressed errors, rerun with: -v
> ==25805== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 28 from
> 11)
>
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
