Hello everyone,
I've found a bug in the debug build in Crypto++ 5.6.2 with MSVC 2012 in
Windows 7.
In file pwdbased.h in line 105 you find
byte b = byte(i >> ((3-j)*8));
this causes an error when running a debug built version because there
occurs a data loss if i gets 256 (which it will get) and j get 3 (which it
will get), so you try to assign 256 to an integer of range [0;255].
MS Debugger causes an run-time error as soon as this arises.
So here is the fixed version:
byte b = byte(i >> ((3-j)*8) & 0xFF);
This is the recommendation of the MS debugger and shouldn't have any impact
on performance of the code.
I tested this version, it doesn't cause run-time errors and passes the test
vector for PKCS5_PBKDF2_HMAC<SHA1>.
BR
JPM
Here is a little program demonstrating the error:
#include <pwdbased.h>
using namespace CryptoPP;
int main()
{
byte TargetBuffer[64],PWBuffer[64],SaltBuffer[64];
PKCS5_PBKDF2_HMAC<SHA256>().DeriveKey(TargetBuffer,64,PWBuffer,64,SaltBuffer,64,1);
// error occurs here
return 0;
}
--
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
