[2925] in Kerberos-V5-bugs
pending/593: krb5-1.0.5: key schedule alignment lib patches
daemon@ATHENA.MIT.EDU (Larry Schwimmer)
Wed May 20 21:15:15 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU,
Larry Schwimmer <schwim@whatmore.Stanford.EDU>
Date: Wed, 20 May 1998 18:08:15 -0700 (PDT)
From: Larry Schwimmer <schwim@whatmore.Stanford.EDU>
To: krb5-bugs@MIT.EDU
>Number: 593
>Category: pending
>Synopsis: krb5-1.0.5: key schedule alignment lib patches
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed May 20 21:09:00 EDT 1998
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Submitter-Id: net
Originator: Larry Schwimmer
Organization: Stanford University
Confidential: no
Synopsis: key schedule alignment
Severity: serious
Priority: medium
Category: krb5-libs
Class: sw-bug
Release: krb5-1.0.5
Environment: Sparc Solaris
Description:
Using the krb4 compatibility libraries, the key schedule
routines generated a bus error on the Solaris sparc platform. I
tried compiling under both cc and gcc with various optimization
and debugging levels. The data structure was not word-aligned,
causing the problem.
Fix:
Two files were affected, lib/crypto/des/f_sched.c and
lib/des425/pcbc_encrypt.c. I realize that the encryption code is
optimized and that it should have as low overhead as possible, but the
patches were needed to make the code function at all. Since the call
in f_sched.c is called only a few times by programs, the overhead of
two memcpy calls should be insignificant.
The other file affected was lib/des425/pcbc_encrypt.c, which
is called regularly by programs using krb4. The patch only adds one
memcpy call, which is turned into inlined assembly by modern
compilers, so it should not add a significant overhead on modern
machines. It also only affects krb4 compatibility code, so it seems
reasonable.
Since the overhead was small, the problem large, and aligned
access tends to be faster, I did not restrict the patch to Solaris
Sparc. (I've tested the code with and without the patch on Solaris
Sparc, Solaris x86, HP-UX, Linux 2.0.x, AIX 4.1, AIX 4.2, IRIX 5.3,
IRIX 6.2, IRIX 6.4, Digital UNIX 3.2c, and Digital UNIX 4.0.)
yours,
Larry Schwimmer
schwim@leland.stanford.edu
Leland Systems Group
--- lib/crypto/des/f_sched.c.orig Fri Feb 6 19:43:25 1998
+++ lib/crypto/des/f_sched.c Mon Apr 13 20:11:23 1998
@@ -216,6 +216,9 @@
mit_des_key_schedule schedule;
{
register unsigned KRB_INT32 c, d;
+ mit_des_key_schedule our_schedule; /* ensures aligned correctly */
+
+ memcpy(our_schedule,schedule,sizeof(our_schedule));
{
/*
@@ -277,7 +280,7 @@
* 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes.
* The schedule must be this big.
*/
- k = (unsigned KRB_INT32 *)schedule;
+ k = (unsigned KRB_INT32 *)our_schedule;
two_bit_shifts = TWO_BIT_SHIFTS;
for (i = 16; i > 0; i--) {
/*
@@ -333,5 +336,7 @@
*k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00);
}
}
+
+ memcpy(schedule,our_schedule,sizeof(our_schedule));
return (0);
}
--- lib/des425/pcbc_encrypt.c.orig Fri Feb 6 19:43:34 1998
+++ lib/des425/pcbc_encrypt.c Mon Apr 13 20:26:58 1998
@@ -83,11 +83,13 @@
register unsigned KRB_INT32 temp;
register unsigned KRB_INT32 *kp;
register unsigned char *ip, *op;
+ des_key_schedule our_schedule; /* ensure aligned correctly */
+ memcpy(our_schedule,schedule,sizeof(our_schedule));
/*
* Copy the key pointer, just once
*/
- kp = (unsigned KRB_INT32 *)schedule;
+ kp = (unsigned KRB_INT32 *)our_schedule;
/*
* Deal with encryption and decryption separately.
