Is anywhere documented memory alignment requirements used with symcryptengine?

[pemensik]

We have a customer, who tried to use SymCrypt and this engine to implement FIPS 140-2 like compliance. However they hit a crashes with some software, for example bind-export-libs and dhcp client.

I have tried reproducing it by using the engine with named service. It crashes early in the start, because it uses MOVAPS instructions requiring 16B alignment. Normal OpenSSL does not have any similar requirement and typical application does not have a need for alignment checks. I think that is important difference from default OpenSSL engine, be it on Windows platform or Linux. Is such requirement documented anywhere?

I think such requirement prevents the use of symcryptengine as a system wide default. Is it possible to build version without such limitation? Ie. which would accept also non-aligned memory buffers? I had expected some requirements for RSA keys and such, but requirement of digest functions is a bit surprising.

(gdb) bt
#0  0x00007ffff7f2b91d in SymCryptMd5AppendBlocks (pChain=0x5555558a6908, pbData=0x5555558a68c8 "\200", cbData=64, pcbRemaining=0x7fffffffdfb0) at /__w/1/s/lib/md5.c:388
#1  0x00007ffff7f26839 in SymCryptHashCommonPaddingMd4Style (pHash=pHash@entry=0x7ffff7f79880 <SymCryptMd5Algorithm_default>, pState=pState@entry=0x5555558a68a8) at /__w/1/s/lib/hash.c:125
#2  0x00007ffff7f2b1dc in SymCryptMd5Result (pState=0x5555558a68a8, pbResult=0x7fffffffe060 "(\341\212UUU") at /__w/1/s/lib/md5.c:221
#3  0x00007ffff1e22e19 in scossl_digest_md5_final () from /usr/lib64/symcryptengine.so
#4  0x00007ffff5fae808 in EVP_DigestFinal_ex (ctx=0x5555558b25f8, md=0x7fffffffe060 "(\341\212UUU", size=0x0) at crypto/evp/digest.c:199
#5  0x00007ffff5fae882 in EVP_DigestFinal (ctx=0x5555558b25f8, md=<optimized out>, size=<optimized out>) at crypto/evp/digest.c:185
#6  0x00007ffff63667cd in do_detect_available () from /lib64/libisc.so.1107
#7  0x00007ffff4ff6e67 in __pthread_once_slow (once_control=0x7ffff65bd0e4, init_routine=0x7ffff6366760 <do_detect_available>) at pthread_once.c:116
#8  0x00007ffff636693b in isc_md5_available () from /lib64/libisc.so.1107
#9  0x00007ffff793830d in dst.hmacmd5_init () from /lib64/libdns.so.1115
#10 0x00007ffff792d67c in dst_lib_init2 () from /lib64/libdns.so.1115
#11 0x00005555555b21f4 in ns_server_create (mctx=0x55555582a730, serverp=0x555555824240 <ns_g_server>) at ../../../bin/named/server.c:9166
#12 0x0000555555578bed in setup () at ../../../bin/named/main.c:1337
#13 main (argc=2, argv=0x7fffffffe2d8) at ../../../bin/named/main.c:1556

(gdb) disassemble /m
388 in /__w/1/s/lib/md5.c
   0x00007ffff7f2b90b <+1787>:  mov    0x10(%rsp),%rax
   0x00007ffff7f2b910 <+1792>:  movd   %r11d,%xmm3
   0x00007ffff7f2b915 <+1797>:  punpckldq %xmm3,%xmm0
   0x00007ffff7f2b919 <+1801>:  punpcklqdq %xmm1,%xmm0
=> 0x00007ffff7f2b91d <+1805>:  movaps %xmm0,(%rax)

[mlindgren]

Thank you for the report. We are discussing internally how we want to approach this.

[samuel-lee-msft]

Fix in main should resolve any issues with alignment of structures in SCOSSL in the presence of memory allocators that have alignment guarantees less than required by SymCrypt for SymCrypt structs.