Skip to content

SIGSEGV in Crypto.AES.CCM

From LysLysKOM

25080935 igår 21:18 /27 rader/ Niels Möller (entering a radioactive zone)
Mottagare: Pike (-) developers forum <21270>
Mottagare: Niels Möller (entering a radioactive zone) <104958>
    Mottaget: igår 21:18
Ärende: Bug in ccm glue?

Hi, I've received a bug report (from someone at Opera) about a crash when using Crypto.AES.CCM. Example

int main() {
 mixed state1 = Crypto.AES.CCM.State();

 state1->set_encrypt_key(String.hex2string("bedcfb5a011ebc84600fcb296c15af0d"));
 state1->set_iv(String.hex2string("438a547a94ea88dce46c6c85"));
 state1->update(String.hex2string(""));

 string ct = state1->crypt(String.hex2string(""));
 state1->digest();
 return 0;
}

When I try it (with Pike v8.0, installed as a debian package on x86_64) it segfaults in nettle_memxor3. As far as I can tell from 5 minutes of printf debugging, crash is inside the call to ->digest().

The set_iv method looks a bit suspicious to me, it doesn't include the required arguments for the nettle function ccm_set_nonce (and ccm is generally a bit messier to setup than most other modes). See http://www.lysator.liu.se/~nisse/nettle/nettle.html#index-ccm_005fset_005fnonce

There may of course be some problem in the nettle library too, in particular, I would be happier if api misuse resulted in an assert failure rather than a segfault.

(25080935) /Niels Möller (entering a radioactive zone)/