DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38365>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38365 Summary: Encryption fails if there are less than 12 characters to encrypt Product: Security Version: C++ 1.2.0 Platform: PC OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Encryption AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I have found very interesting bug inside WinCAPICryptoSymmetricKey::encrypt(). I've been encrypting an XML file and used encrypt content (not whole element) option ( cipher->encryptElementContent() func ). The bug occurs whenever there are less then 12 (in my case only 4) characters inside XML element to encrypt. In the case of 4 characters, values are: //unsigned int rounding = (m_bytesInLastBlock + inLength) % m_blockSize; unsigned int rounding = (0 + 4) % 8; // rounding == 8 now //rounding += m_blockSize; rounding += 8; // rounding == 12 now //memcpy(m_lastBlock, &inBuf[inLength - rounding], rounding); memcpy(m_lastBlock, &inBuf[4 - 12], 12); // 4 - 12 ??? buffer "underflow" //memcpy(bufPtr, inBuf, inLength - rounding); memcpy(bufPtr, inBuf, 4 - 12); // again 4 - 12 :( Probably, the same bug is inside NSS and OpenSSL providers. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
