Discussion:
[cryptopp-users] LibCryptoPP 7.0 is making ASAN go nuts
Jose Rafael Castillo Huggins
2018-10-24 15:14:27 UTC
Permalink
Hi guys,

i've switched to cryptopp recently on both my builds for my project and it
actually do what is supposed to(in theory i really haven't deeply tested
the actual results tho) and been a great experience so far but the moment
ASAN got enabled for my debug builds, well things started hitting the fan.

Tyvm for you time

*Runtime Behaviour:*
So far seem fine when not using ASAN on release mode, hence i'm not sure if
this is an actual normal behavior for cryptopp with ASAN or if it actually
is a bug

*Library Version*
7.0

*Build Flags:*

O0 -g -march=native -pipe -fsanitize=address -fno-omit-frame-pointer -flto


*My build systems:*

*Archlinux:*
Compiler: GCC latest stable(8.2 series)
Compiler: Clang-svn

*Mac OS X Mojave:*
Compiler: Apple Clang(Xcode 10)

Reproducible: on all systems

*Actual Error Message:*

==28862==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020003eef5c at pc 0x00010eb6f64f bp 0x7ffee1a466d0 sp 0x7ffee1a45e80

READ of size 16 at 0x6020003eef5c thread T0

#0 0x10eb6f64e in __asan_memcpy
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5264e)

#1 0x10e287935 in std::__1::vector<unsigned int,
std::__1::allocator<unsigned int>
::__swap_out_circular_buffer(std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>&) memory:1697

#2 0x10fbd5381 in void std::__1::vector<unsigned int,
std::__1::allocator<unsigned int> >::__push_back_slow_path<unsigned int
const>(unsigned int const&) (libcryptopp.dylib:x86_64+0x46381)

#3 0x10fcd797a in CryptoPP::ECP::SimultaneousMultiply(CryptoPP::ECPPoint*,
CryptoPP::ECPPoint const&, CryptoPP::Integer const*, unsigned int) const
(libcryptopp.dylib:x86_64+0x14897a)

#4 0x10fcd6af3 in CryptoPP::ECP::ScalarMultiply(CryptoPP::ECPPoint const&,
CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0x147af3)

#5 0x10fc74aa0 in CryptoPP::ECPPoint
CryptoPP::GeneralCascadeMultiplication<CryptoPP::ECPPoint,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*> >(CryptoPP::AbstractGroup<CryptoPP::ECPPoint> const&,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>) (libcryptopp.dylib:x86_64+0xe5aa0)

#6 0x10fc73dd7 in
CryptoPP::DL_FixedBasePrecomputationImpl<CryptoPP::ECPPoint>::Exponentiate(CryptoPP::DL_GroupPrecomputation<CryptoPP::ECPPoint>
const&, CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0xe4dd7)

#7 0x10fc7b275 in
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::ValidateElement(unsigned
int, CryptoPP::ECPPoint const&,
CryptoPP::DL_FixedBasePrecomputation<CryptoPP::ECPPoint> const*) const
(libcryptopp.dylib:x86_64+0xec275)

#8 0x10fc8fc9c in
CryptoPP::DL_GroupParameters<CryptoPP::EC2NPoint>::Validate(CryptoPP::RandomNumberGenerator&,
unsigned int) const (libcryptopp.dylib:x86_64+0x100c9c)

#9 0x10fc85950 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>
::Validate(CryptoPP::RandomNumberGenerator&, unsigned int) const
(libcryptopp.dylib:x86_64+0xf6950)

#10 0x10e260969 in Pentasoft::securityInfoGenerator::process()
securitygenerationtools.cpp:902

#11 0x10e1bdb18 in main (keyServer:x86_64+0x100009b18)

#12 0x7fff5e69e08c in start (libdyld.dylib:x86_64+0x1708c)


0x6020003eef60 is located 0 bytes to the right of 16-byte region
[0x6020003eef50,0x6020003eef60)

allocated by thread T0 here:

#0 0x10eb7e752 in wrap__Znwm
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x61752)

#1 0x10fbd5cc7 in std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>::__split_buffer(unsigned long, unsigned
long, std::__1::allocator<unsigned int>&) (libcryptopp.dylib:x86_64+0x46cc7)

#2 0x10fbd540c in std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>::__split_buffer(unsigned long, unsigned
long, std::__1::allocator<unsigned int>&) (libcryptopp.dylib:x86_64+0x4640c)

#3 0x10fbd531d in void std::__1::vector<unsigned int,
std::__1::allocator<unsigned int> >::__push_back_slow_path<unsigned int
const>(unsigned int const&) (libcryptopp.dylib:x86_64+0x4631d)

#4 0x10fcd797a in CryptoPP::ECP::SimultaneousMultiply(CryptoPP::ECPPoint*,
CryptoPP::ECPPoint const&, CryptoPP::Integer const*, unsigned int) const
(libcryptopp.dylib:x86_64+0x14897a)

#5 0x10fcd6af3 in CryptoPP::ECP::ScalarMultiply(CryptoPP::ECPPoint const&,
CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0x147af3)

#6 0x10fc74aa0 in CryptoPP::ECPPoint
CryptoPP::GeneralCascadeMultiplication<CryptoPP::ECPPoint,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*> >(CryptoPP::AbstractGroup<CryptoPP::ECPPoint> const&,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>) (libcryptopp.dylib:x86_64+0xe5aa0)

#7 0x10fc73dd7 in
CryptoPP::DL_FixedBasePrecomputationImpl<CryptoPP::ECPPoint>::Exponentiate(CryptoPP::DL_GroupPrecomputation<CryptoPP::ECPPoint>
const&, CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0xe4dd7)

#8 0x10fc7b275 in
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::ValidateElement(unsigned
int, CryptoPP::ECPPoint const&,
CryptoPP::DL_FixedBasePrecomputation<CryptoPP::ECPPoint> const*) const
(libcryptopp.dylib:x86_64+0xec275)

#9 0x10fc8fc9c in
CryptoPP::DL_GroupParameters<CryptoPP::EC2NPoint>::Validate(CryptoPP::RandomNumberGenerator&,
unsigned int) const (libcryptopp.dylib:x86_64+0x100c9c)

#10 0x10fc85950 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>
::Validate(CryptoPP::RandomNumberGenerator&, unsigned int) const
(libcryptopp.dylib:x86_64+0xf6950)

#11 0x10e260969 in Pentasoft::securityInfoGenerator::process()
securitygenerationtools.cpp:902

#12 0x10e1bdb18 in main (keyServer:x86_64+0x100009b18)

#13 0x7fff5e69e08c in start (libdyld.dylib:x86_64+0x1708c)


SUMMARY: AddressSanitizer: heap-buffer-overflow
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5264e) in __asan_memcpy

Shadow bytes around the buggy address:

0x1c040007dd90: fa fa fd fd fa fa fd fd fa fa 00 00 fa fa 00 00

0x1c040007dda0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd

0x1c040007ddb0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd

0x1c040007ddc0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd

0x1c040007ddd0: fa fa 00 00 fa fa fd fa fa fa fd fa fa fa 00 fa

=>0x1c040007dde0: fa fa fd fa fa fa fd fa fa fa 00[04]fa fa 00 04

0x1c040007ddf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

0x1c040007de00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

0x1c040007de10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

0x1c040007de20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

0x1c040007de30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

Shadow byte legend (one shadow byte represents 8 application bytes):

Addressable: 00

Partially addressable: 01 02 03 04 05 06 07

Heap left redzone: fa

Freed heap region: fd

Stack left redzone: f1

Stack mid redzone: f2

Stack right redzone: f3

Stack after return: f5

Stack use after scope: f8

Global redzone: f9

Global init order: f6

Poisoned by user: f7

Container overflow: fc

Array cookie: ac

Intra object redzone: bb

ASan internal: fe

Left alloca redzone: ca

Right alloca redzone: cb

==28862==ABORTING

10:55:56: The program has unexpectedly finished.

10:55:56: The process was ended forcefully.


==28635==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020003959bc at pc 0x00010ff8464f bp 0x7ffee063d7d0 sp 0x7ffee063cf80

READ of size 16 at 0x6020003959bc thread T0

#0 0x10ff8464e in __asan_memcpy
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5264e)

#1 0x10f693945 in std::__1::vector<unsigned int,
std::__1::allocator<unsigned int>
::__swap_out_circular_buffer(std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>&) memory:1697

#2 0x110fe6381 in void std::__1::vector<unsigned int,
std::__1::allocator<unsigned int> >::__push_back_slow_path<unsigned int
const>(unsigned int const&) (libcryptopp.dylib:x86_64+0x46381)

#3 0x1110e897a in CryptoPP::ECP::SimultaneousMultiply(CryptoPP::ECPPoint*,
CryptoPP::ECPPoint const&, CryptoPP::Integer const*, unsigned int) const
(libcryptopp.dylib:x86_64+0x14897a)

#4 0x1110e7af3 in CryptoPP::ECP::ScalarMultiply(CryptoPP::ECPPoint const&,
CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0x147af3)

#5 0x111085aa0 in CryptoPP::ECPPoint
CryptoPP::GeneralCascadeMultiplication<CryptoPP::ECPPoint,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*> >(CryptoPP::AbstractGroup<CryptoPP::ECPPoint> const&,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>) (libcryptopp.dylib:x86_64+0xe5aa0)

#6 0x111084dd7 in
CryptoPP::DL_FixedBasePrecomputationImpl<CryptoPP::ECPPoint>::Exponentiate(CryptoPP::DL_GroupPrecomputation<CryptoPP::ECPPoint>
const&, CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0xe4dd7)

#7 0x1110a0f5a in
CryptoPP::DL_GroupParameters<CryptoPP::EC2NPoint>::ExponentiateBase(CryptoPP::Integer
const&) const (libcryptopp.dylib:x86_64+0x100f5a)

#8 0x10f66f3bb in
CryptoPP::DL_PrivateKey<CryptoPP::ECPPoint>::MakePublicKey(CryptoPP::DL_PublicKey<CryptoPP::ECPPoint>&)
const pubkey.h:1119

#9 0x10f66cc41 in Pentasoft::securityInfoGenerator::process()
securitygenerationtools.cpp:902

#10 0x10f5c6b18 in main (keyServer:x86_64+0x100009b18)

#11 0x7fff5e69e08c in start (libdyld.dylib:x86_64+0x1708c)


0x6020003959c0 is located 0 bytes to the right of 16-byte region
[0x6020003959b0,0x6020003959c0)

allocated by thread T0 here:

#0 0x10ff93752 in wrap__Znwm
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x61752)

#1 0x110fe6cc7 in std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>::__split_buffer(unsigned long, unsigned
long, std::__1::allocator<unsigned int>&) (libcryptopp.dylib:x86_64+0x46cc7)

#2 0x110fe640c in std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>::__split_buffer(unsigned long, unsigned
long, std::__1::allocator<unsigned int>&) (libcryptopp.dylib:x86_64+0x4640c)

#3 0x110fe631d in void std::__1::vector<unsigned int,
std::__1::allocator<unsigned int> >::__push_back_slow_path<unsigned int
const>(unsigned int const&) (libcryptopp.dylib:x86_64+0x4631d)

#4 0x1110e897a in CryptoPP::ECP::SimultaneousMultiply(CryptoPP::ECPPoint*,
CryptoPP::ECPPoint const&, CryptoPP::Integer const*, unsigned int) const
(libcryptopp.dylib:x86_64+0x14897a)

#5 0x1110e7af3 in CryptoPP::ECP::ScalarMultiply(CryptoPP::ECPPoint const&,
CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0x147af3)

#6 0x111085aa0 in CryptoPP::ECPPoint
CryptoPP::GeneralCascadeMultiplication<CryptoPP::ECPPoint,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*> >(CryptoPP::AbstractGroup<CryptoPP::ECPPoint> const&,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>) (libcryptopp.dylib:x86_64+0xe5aa0)

#7 0x111084dd7 in
CryptoPP::DL_FixedBasePrecomputationImpl<CryptoPP::ECPPoint>::Exponentiate(CryptoPP::DL_GroupPrecomputation<CryptoPP::ECPPoint>
const&, CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0xe4dd7)

#8 0x1110a0f5a in
CryptoPP::DL_GroupParameters<CryptoPP::EC2NPoint>::ExponentiateBase(CryptoPP::Integer
const&) const (libcryptopp.dylib:x86_64+0x100f5a)

#9 0x10f66f3bb in
CryptoPP::DL_PrivateKey<CryptoPP::ECPPoint>::MakePublicKey(CryptoPP::DL_PublicKey<CryptoPP::ECPPoint>&)
const pubkey.h:1119

#10 0x10f66cc41 in Pentasoft::securityInfoGenerator::process()
securitygenerationtools.cpp:902

#11 0x10f5c6b18 in main (keyServer:x86_64+0x100009b18)

#12 0x7fff5e69e08c in start (libdyld.dylib:x86_64+0x1708c)


SUMMARY: AddressSanitizer: heap-buffer-overflow
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5264e) in __asan_memcpy

Shadow bytes around the buggy address:

0x1c0400072ae0: fa fa fd fd fa fa 00 00 fa fa 00 00 fa fa fd fd

0x1c0400072af0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd

0x1c0400072b00: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd

0x1c0400072b10: fa fa fd fd fa fa fd fd fa fa fd fd fa fa 00 00

0x1c0400072b20: fa fa fd fa fa fa fd fa fa fa 00 fa fa fa fd fa

=>0x1c0400072b30: fa fa fd fa fa fa 00[04]fa fa 00 04 fa fa fa fa

0x1c0400072b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

0x1c0400072b50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

0x1c0400072b60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

0x1c0400072b70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

0x1c0400072b80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

Shadow byte legend (one shadow byte represents 8 application bytes):

Addressable: 00

Partially addressable: 01 02 03 04 05 06 07

Heap left redzone: fa

Freed heap region: fd

Stack left redzone: f1

Stack mid redzone: f2

Stack right redzone: f3

Stack after return: f5

Stack use after scope: f8

Global redzone: f9

Global init order: f6

Poisoned by user: f7

Container overflow: fc

Array cookie: ac

Intra object redzone: bb

ASan internal: fe

Left alloca redzone: ca

Right alloca redzone: cb

==28635==ABORTING

10:42:20: The program has unexpectedly finished.

10:42:20: The process was ended forcefully.
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jeffrey Walton
2018-10-24 17:22:04 UTC
Permalink
On Wednesday, October 24, 2018 at 11:14:27 AM UTC-4, Jose Rafael Castillo
Post by Jose Rafael Castillo Huggins
Hi guys,
i've switched to cryptopp recently on both my builds for my project and it
actually do what is supposed to(in theory i really haven't deeply tested
the actual results tho) and been a great experience so far but the moment
ASAN got enabled for my debug builds, well things started hitting the fan.
Tyvm for you time
*Runtime Behaviour:*
So far seem fine when not using ASAN on release mode, hence i'm not sure
if this is an actual normal behavior for cryptopp with ASAN or if it
actually is a bug
*Library Version*
7.0
*Build Flags:*
O0 -g -march=native -pipe -fsanitize=address -fno-omit-frame-pointer -flto
*My build systems:*
*Archlinux:*
Compiler: GCC latest stable(8.2 series)
Compiler: Clang-svn
*Mac OS X Mojave:*
Compiler: Apple Clang(Xcode 10)
Reproducible: on all systems
I can't reproduce using the cryptest.exe program on Fedora, Ubuntu or OS X
(but I use an older version of OS X).

You need to supply a reporducer.

Jeff
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jeffrey Walton
2018-10-24 17:26:23 UTC
Permalink
Post by Jeffrey Walton
On Wednesday, October 24, 2018 at 11:14:27 AM UTC-4, Jose Rafael Castillo
Post by Jose Rafael Castillo Huggins
Hi guys,
i've switched to cryptopp recently on both my builds for my project and
it actually do what is supposed to(in theory i really haven't deeply tested
the actual results tho) and been a great experience so far but the moment
ASAN got enabled for my debug builds, well things started hitting the fan.
Tyvm for you time
*Runtime Behaviour:*
So far seem fine when not using ASAN on release mode, hence i'm not sure
if this is an actual normal behavior for cryptopp with ASAN or if it
actually is a bug
*Library Version*
7.0
*Build Flags:*
O0 -g -march=native -pipe -fsanitize=address -fno-omit-frame-pointer -flto
*My build systems:*
*Archlinux:*
Compiler: GCC latest stable(8.2 series)
Compiler: Clang-svn
*Mac OS X Mojave:*
Compiler: Apple Clang(Xcode 10)
Reproducible: on all systems
I can't reproduce using the cryptest.exe program on Fedora, Ubuntu or OS X
(but I use an older version of OS X).
By the way, we perform ASAN tests for C++03 through C++17. We use the asan
recipe baked into the makefile:

$ make distclean
$ make asan -j 4
$ ./cryptest.exe v
...
$ ./cryptest.exe tv all
...

Here's the test script we use for the testing:
https://github.com/weidai11/cryptopp/blob/master/cryptest.sh . On a
platform like x86_64 it will test about 100 configurations.
Jeff
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jeffrey Walton
2018-10-24 17:50:14 UTC
Permalink
Post by Jeffrey Walton
Post by Jeffrey Walton
On Wednesday, October 24, 2018 at 11:14:27 AM UTC-4, Jose Rafael Castillo
Post by Jose Rafael Castillo Huggins
Hi guys,
i've switched to cryptopp recently on both my builds for my project and
it actually do what is supposed to(in theory i really haven't deeply tested
the actual results tho) and been a great experience so far but the moment
ASAN got enabled for my debug builds, well things started hitting the fan.
Tyvm for you time
*Runtime Behaviour:*
So far seem fine when not using ASAN on release mode, hence i'm not sure
if this is an actual normal behavior for cryptopp with ASAN or if it
actually is a bug
*Library Version*
7.0
*Build Flags:*
O0 -g -march=native -pipe -fsanitize=address -fno-omit-frame-pointer -flto
*My build systems:*
*Archlinux:*
Compiler: GCC latest stable(8.2 series)
Compiler: Clang-svn
*Mac OS X Mojave:*
Compiler: Apple Clang(Xcode 10)
Reproducible: on all systems
I can't reproduce using the cryptest.exe program on Fedora, Ubuntu or OS
X (but I use an older version of OS X).
By the way, we perform ASAN tests for C++03 through C++17. We use the asan
$ make distclean
$ make asan -j 4
$ ./cryptest.exe v
...
$ ./cryptest.exe tv all
...
And here's how to test your CXXFLAGS. I could not reproduce the issue on
Fedora 28:

$ AR=gcc-ar RANLIB=gcc-ranlib CXXFLAGS="-O0 -g -march=native -pipe
-fsanitize=address -fno-omit-frame-pointer -flto" make -j 4

Jeff
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jose Rafael Castillo Huggins
2018-10-24 19:19:31 UTC
Permalink
ok, i'll check if i can isolate the reason since i doubt all my 3 compilers
are wrong about it and post some code to trigger it

maybe is related to the fact my actual code using reside in a library and
not on the executable directly

On Wednesday, October 24, 2018 at 11:14:27 AM UTC-4, Jose Rafael Castillo
Post by Jose Rafael Castillo Huggins
Hi guys,
i've switched to cryptopp recently on both my builds for my project and it
actually do what is supposed to(in theory i really haven't deeply tested
the actual results tho) and been a great experience so far but the moment
ASAN got enabled for my debug builds, well things started hitting the fan.
Tyvm for you time
*Runtime Behaviour:*
So far seem fine when not using ASAN on release mode, hence i'm not sure
if this is an actual normal behavior for cryptopp with ASAN or if it
actually is a bug
*Library Version*
7.0
*Build Flags:*
O0 -g -march=native -pipe -fsanitize=address -fno-omit-frame-pointer -flto
*My build systems:*
*Archlinux:*
Compiler: GCC latest stable(8.2 series)
Compiler: Clang-svn
*Mac OS X Mojave:*
Compiler: Apple Clang(Xcode 10)
Reproducible: on all systems
*Actual Error Message:*
==28862==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020003eef5c at pc 0x00010eb6f64f bp 0x7ffee1a466d0 sp 0x7ffee1a45e80
READ of size 16 at 0x6020003eef5c thread T0
#0 0x10eb6f64e in __asan_memcpy
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5264e)
#1 0x10e287935 in std::__1::vector<unsigned int,
std::__1::allocator<unsigned int>
::__swap_out_circular_buffer(std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>&) memory:1697
#2 0x10fbd5381 in void std::__1::vector<unsigned int,
std::__1::allocator<unsigned int> >::__push_back_slow_path<unsigned int
const>(unsigned int const&) (libcryptopp.dylib:x86_64+0x46381)
#3 0x10fcd797a in CryptoPP::ECP::SimultaneousMultiply(CryptoPP::ECPPoint*,
CryptoPP::ECPPoint const&, CryptoPP::Integer const*, unsigned int) const
(libcryptopp.dylib:x86_64+0x14897a)
#4 0x10fcd6af3 in CryptoPP::ECP::ScalarMultiply(CryptoPP::ECPPoint const&,
CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0x147af3)
#5 0x10fc74aa0 in CryptoPP::ECPPoint
CryptoPP::GeneralCascadeMultiplication<CryptoPP::ECPPoint,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*> >(CryptoPP::AbstractGroup<CryptoPP::ECPPoint> const&,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>) (libcryptopp.dylib:x86_64+0xe5aa0)
#6 0x10fc73dd7 in
CryptoPP::DL_FixedBasePrecomputationImpl<CryptoPP::ECPPoint>::Exponentiate(CryptoPP::DL_GroupPrecomputation<CryptoPP::ECPPoint>
const&, CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0xe4dd7)
#7 0x10fc7b275 in
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::ValidateElement(unsigned
int, CryptoPP::ECPPoint const&,
CryptoPP::DL_FixedBasePrecomputation<CryptoPP::ECPPoint> const*) const
(libcryptopp.dylib:x86_64+0xec275)
#8 0x10fc8fc9c in
CryptoPP::DL_GroupParameters<CryptoPP::EC2NPoint>::Validate(CryptoPP::RandomNumberGenerator&,
unsigned int) const (libcryptopp.dylib:x86_64+0x100c9c)
#9 0x10fc85950 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>
::Validate(CryptoPP::RandomNumberGenerator&, unsigned int) const
(libcryptopp.dylib:x86_64+0xf6950)
#10 0x10e260969 in Pentasoft::securityInfoGenerator::process()
securitygenerationtools.cpp:902
#11 0x10e1bdb18 in main (keyServer:x86_64+0x100009b18)
#12 0x7fff5e69e08c in start (libdyld.dylib:x86_64+0x1708c)
0x6020003eef60 is located 0 bytes to the right of 16-byte region
[0x6020003eef50,0x6020003eef60)
#0 0x10eb7e752 in wrap__Znwm
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x61752)
#1 0x10fbd5cc7 in std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>::__split_buffer(unsigned long, unsigned
long, std::__1::allocator<unsigned int>&) (libcryptopp.dylib:x86_64+0x46cc7)
#2 0x10fbd540c in std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>::__split_buffer(unsigned long, unsigned
long, std::__1::allocator<unsigned int>&) (libcryptopp.dylib:x86_64+0x4640c)
#3 0x10fbd531d in void std::__1::vector<unsigned int,
std::__1::allocator<unsigned int> >::__push_back_slow_path<unsigned int
const>(unsigned int const&) (libcryptopp.dylib:x86_64+0x4631d)
#4 0x10fcd797a in CryptoPP::ECP::SimultaneousMultiply(CryptoPP::ECPPoint*,
CryptoPP::ECPPoint const&, CryptoPP::Integer const*, unsigned int) const
(libcryptopp.dylib:x86_64+0x14897a)
#5 0x10fcd6af3 in CryptoPP::ECP::ScalarMultiply(CryptoPP::ECPPoint const&,
CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0x147af3)
#6 0x10fc74aa0 in CryptoPP::ECPPoint
CryptoPP::GeneralCascadeMultiplication<CryptoPP::ECPPoint,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*> >(CryptoPP::AbstractGroup<CryptoPP::ECPPoint> const&,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>) (libcryptopp.dylib:x86_64+0xe5aa0)
#7 0x10fc73dd7 in
CryptoPP::DL_FixedBasePrecomputationImpl<CryptoPP::ECPPoint>::Exponentiate(CryptoPP::DL_GroupPrecomputation<CryptoPP::ECPPoint>
const&, CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0xe4dd7)
#8 0x10fc7b275 in
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::ValidateElement(unsigned
int, CryptoPP::ECPPoint const&,
CryptoPP::DL_FixedBasePrecomputation<CryptoPP::ECPPoint> const*) const
(libcryptopp.dylib:x86_64+0xec275)
#9 0x10fc8fc9c in
CryptoPP::DL_GroupParameters<CryptoPP::EC2NPoint>::Validate(CryptoPP::RandomNumberGenerator&,
unsigned int) const (libcryptopp.dylib:x86_64+0x100c9c)
#10 0x10fc85950 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>
::Validate(CryptoPP::RandomNumberGenerator&, unsigned int) const
(libcryptopp.dylib:x86_64+0xf6950)
#11 0x10e260969 in Pentasoft::securityInfoGenerator::process()
securitygenerationtools.cpp:902
#12 0x10e1bdb18 in main (keyServer:x86_64+0x100009b18)
#13 0x7fff5e69e08c in start (libdyld.dylib:x86_64+0x1708c)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5264e) in __asan_memcpy
0x1c040007dd90: fa fa fd fd fa fa fd fd fa fa 00 00 fa fa 00 00
0x1c040007dda0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c040007ddb0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c040007ddc0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c040007ddd0: fa fa 00 00 fa fa fd fa fa fa fd fa fa fa 00 fa
=>0x1c040007dde0: fa fa fd fa fa fa fd fa fa fa 00[04]fa fa 00 04
0x1c040007ddf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c040007de00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c040007de10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c040007de20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c040007de30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28862==ABORTING
10:55:56: The program has unexpectedly finished.
10:55:56: The process was ended forcefully.
==28635==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020003959bc at pc 0x00010ff8464f bp 0x7ffee063d7d0 sp 0x7ffee063cf80
READ of size 16 at 0x6020003959bc thread T0
#0 0x10ff8464e in __asan_memcpy
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5264e)
#1 0x10f693945 in std::__1::vector<unsigned int,
std::__1::allocator<unsigned int>
::__swap_out_circular_buffer(std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>&) memory:1697
#2 0x110fe6381 in void std::__1::vector<unsigned int,
std::__1::allocator<unsigned int> >::__push_back_slow_path<unsigned int
const>(unsigned int const&) (libcryptopp.dylib:x86_64+0x46381)
#3 0x1110e897a in CryptoPP::ECP::SimultaneousMultiply(CryptoPP::ECPPoint*,
CryptoPP::ECPPoint const&, CryptoPP::Integer const*, unsigned int) const
(libcryptopp.dylib:x86_64+0x14897a)
#4 0x1110e7af3 in CryptoPP::ECP::ScalarMultiply(CryptoPP::ECPPoint const&,
CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0x147af3)
#5 0x111085aa0 in CryptoPP::ECPPoint
CryptoPP::GeneralCascadeMultiplication<CryptoPP::ECPPoint,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*> >(CryptoPP::AbstractGroup<CryptoPP::ECPPoint> const&,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>) (libcryptopp.dylib:x86_64+0xe5aa0)
#6 0x111084dd7 in
CryptoPP::DL_FixedBasePrecomputationImpl<CryptoPP::ECPPoint>::Exponentiate(CryptoPP::DL_GroupPrecomputation<CryptoPP::ECPPoint>
const&, CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0xe4dd7)
#7 0x1110a0f5a in
CryptoPP::DL_GroupParameters<CryptoPP::EC2NPoint>::ExponentiateBase(CryptoPP::Integer
const&) const (libcryptopp.dylib:x86_64+0x100f5a)
#8 0x10f66f3bb in
CryptoPP::DL_PrivateKey<CryptoPP::ECPPoint>::MakePublicKey(CryptoPP::DL_PublicKey<CryptoPP::ECPPoint>&)
const pubkey.h:1119
#9 0x10f66cc41 in Pentasoft::securityInfoGenerator::process()
securitygenerationtools.cpp:902
#10 0x10f5c6b18 in main (keyServer:x86_64+0x100009b18)
#11 0x7fff5e69e08c in start (libdyld.dylib:x86_64+0x1708c)
0x6020003959c0 is located 0 bytes to the right of 16-byte region
[0x6020003959b0,0x6020003959c0)
#0 0x10ff93752 in wrap__Znwm
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x61752)
#1 0x110fe6cc7 in std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>::__split_buffer(unsigned long, unsigned
long, std::__1::allocator<unsigned int>&) (libcryptopp.dylib:x86_64+0x46cc7)
#2 0x110fe640c in std::__1::__split_buffer<unsigned int,
std::__1::allocator<unsigned int>&>::__split_buffer(unsigned long, unsigned
long, std::__1::allocator<unsigned int>&) (libcryptopp.dylib:x86_64+0x4640c)
#3 0x110fe631d in void std::__1::vector<unsigned int,
std::__1::allocator<unsigned int> >::__push_back_slow_path<unsigned int
const>(unsigned int const&) (libcryptopp.dylib:x86_64+0x4631d)
#4 0x1110e897a in CryptoPP::ECP::SimultaneousMultiply(CryptoPP::ECPPoint*,
CryptoPP::ECPPoint const&, CryptoPP::Integer const*, unsigned int) const
(libcryptopp.dylib:x86_64+0x14897a)
#5 0x1110e7af3 in CryptoPP::ECP::ScalarMultiply(CryptoPP::ECPPoint const&,
CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0x147af3)
#6 0x111085aa0 in CryptoPP::ECPPoint
CryptoPP::GeneralCascadeMultiplication<CryptoPP::ECPPoint,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*> >(CryptoPP::AbstractGroup<CryptoPP::ECPPoint> const&,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>,
std::__1::__wrap_iter<CryptoPP::BaseAndExponent<CryptoPP::ECPPoint,
CryptoPP::Integer>*>) (libcryptopp.dylib:x86_64+0xe5aa0)
#7 0x111084dd7 in
CryptoPP::DL_FixedBasePrecomputationImpl<CryptoPP::ECPPoint>::Exponentiate(CryptoPP::DL_GroupPrecomputation<CryptoPP::ECPPoint>
const&, CryptoPP::Integer const&) const (libcryptopp.dylib:x86_64+0xe4dd7)
#8 0x1110a0f5a in
CryptoPP::DL_GroupParameters<CryptoPP::EC2NPoint>::ExponentiateBase(CryptoPP::Integer
const&) const (libcryptopp.dylib:x86_64+0x100f5a)
#9 0x10f66f3bb in
CryptoPP::DL_PrivateKey<CryptoPP::ECPPoint>::MakePublicKey(CryptoPP::DL_PublicKey<CryptoPP::ECPPoint>&)
const pubkey.h:1119
#10 0x10f66cc41 in Pentasoft::securityInfoGenerator::process()
securitygenerationtools.cpp:902
#11 0x10f5c6b18 in main (keyServer:x86_64+0x100009b18)
#12 0x7fff5e69e08c in start (libdyld.dylib:x86_64+0x1708c)
SUMMARY: AddressSanitizer: heap-buffer-overflow
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5264e) in __asan_memcpy
0x1c0400072ae0: fa fa fd fd fa fa 00 00 fa fa 00 00 fa fa fd fd
0x1c0400072af0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c0400072b00: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x1c0400072b10: fa fa fd fd fa fa fd fd fa fa fd fd fa fa 00 00
0x1c0400072b20: fa fa fd fa fa fa fd fa fa fa 00 fa fa fa fd fa
=>0x1c0400072b30: fa fa fd fa fa fa 00[04]fa fa 00 04 fa fa fa fa
0x1c0400072b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0400072b50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0400072b60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0400072b70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c0400072b80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28635==ABORTING
10:42:20: The program has unexpectedly finished.
10:42:20: The process was ended forcefully.
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jeffrey Walton
2018-10-24 19:39:31 UTC
Permalink
On Wed, Oct 24, 2018 at 3:19 PM Jose Rafael Castillo Huggins
ok, i'll check if i can isolate the reason since i doubt all my 3 compilers are wrong about it and post some code to trigger it
maybe is related to the fact my actual code using reside in a library and not on the executable directly
My guess is an undersized buffer in
Pentasoft::securityInfoGenerator::process() . But I'd need to see some
code to say more.

Does Valgrind trigger?

Jeff
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jose Rafael Castillo Huggins
2018-10-25 13:05:08 UTC
Permalink
I did have an issue with secblock inside a for loop but seems to move it
out fixed the asan triggers on my Xeon E3-1230v3 on archlinux but the issue
now only triggers on my mac mini 2012 but when the main class is wrapped on
a QSharedPointer, i'm guessing is something related to some spectre
mitigation or something CPU specific to this mac now, i guess we can close
it for now.

if i found a reproducible way to trigger it ill post the code
Post by Jeffrey Walton
On Wed, Oct 24, 2018 at 3:19 PM Jose Rafael Castillo Huggins
Post by Jose Rafael Castillo Huggins
ok, i'll check if i can isolate the reason since i doubt all my 3
compilers are wrong about it and post some code to trigger it
Post by Jose Rafael Castillo Huggins
maybe is related to the fact my actual code using reside in a library
and not on the executable directly
My guess is an undersized buffer in
Pentasoft::securityInfoGenerator::process() . But I'd need to see some
code to say more.
Does Valgrind trigger?
Jeff
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...