Michael McDougall wrote: > diff -ur openssl-SNAP-20060415/crypto/aes/aes_cfb.c > openssl-SNAP-20060415.changed/crypto/aes/aes_cfb.c > --- openssl-SNAP-20060415/crypto/aes/aes_cfb.c 2004-12-30 > 06:00:14.000000000 -0500 > +++ openssl-SNAP-20060415.changed/crypto/aes/aes_cfb.c 2006-04-17 > 22:18:11.000000000 -0400 > @@ -191,18 +191,20 @@ > } > > /* N.B. This expects the input to be packed, MS bit first */ > -void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, > +void > +AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, > const unsigned long length, const AES_KEY *key, > unsigned char *ivec, int *num, const int enc) > { > unsigned int n; > unsigned char c[1],d[1]; > + unsigned long length_in_bits = length * 8; > > assert(in && out && key && ivec && num); > assert(*num == 0); > > memset(out,0,(length+7)/8); > - for(n=0 ; n < length ; ++n) > + for(n=0 ; n < length_in_bits ; ++n) > { > c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; > AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
the problem here is that that EVP layer specifies the length of the input in bytes whereas this functions expects the length in bits (although is not clearly specified somewhere). > diff -ur openssl-SNAP-20060415/crypto/evp/e_des.c > openssl-SNAP-20060415.changed/crypto/evp/e_des.c > --- openssl-SNAP-20060415/crypto/evp/e_des.c 2004-03-28 13:00:11.000000000 > -0500 > +++ openssl-SNAP-20060415.changed/crypto/evp/e_des.c 2006-04-17 > 22:17:39.000000000 -0400 > @@ -109,8 +109,9 @@ > { > unsigned int n; > unsigned char c[1],d[1]; > + unsigned int inl_bits = inl * 8; > > - for(n=0 ; n < inl ; ++n) > + for(n=0 ; n < inl_bits ; ++n) > { > c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; > DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, agree, with this one. Cheers, Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]