Hi Marko and Nikos,

Nikos: please read this before continuing:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=299509

Marko: Thank you for submitting this bugreport, sorry for the late
response from me, I apologize.

Your issue will be fixed in the upcoming libmcrypt 2.5.8-1 version,
I've just uploaded the package.  But please also note, that you have
forgot to check that the CAST5 implementation in libmcrypt supports
the bitlengths you are trying to use:

Your code, marked with >> my insertions:
        ctx = mcrypt_module_open("cast-128", NULL, "ecb", NULL);
        if (ctx == (void *) MCRYPT_FAILED) {
                printf("not found\n");
                return 1;
        }
>>      int nosizes, I;
>>      int *sizes= mcrypt_enc_get_supported_key_sizes(ctx, &nosizes);
>>      for (I=0; I<nosizes; I++) fprintf(stderr, "supported size: %d\n", 
>> sizes[I]);
>>      free(sizes);

If you run this, you will see, that only 16 byte keys are supported,
but adding support for 5 and 10 byte long keys was very easy (just
modifying a const in the source, see the attached patch).

Probably mcrypt should report some error in this case through its API
instead of silently using a bigger key with zero padding.  What is
your opinion, Nikos?

Thanks for your contribution,
Gergely

diff --git a/modules/algorithms/cast-128.c b/modules/algorithms/cast-128.c
index 6058d35..2df0343 100644
--- a/modules/algorithms/cast-128.c
+++ b/modules/algorithms/cast-128.c
@@ -317,7 +317,7 @@ WIN32DLL_DEFINE int _mcrypt_get_key_size()
        return 16;
 }
 
-static const int key_sizes[] = { 16 };
+static const int key_sizes[] = { 5, 10, 16 };
 WIN32DLL_DEFINE const int *_mcrypt_get_supported_key_sizes(int *len)
 {
        *len = sizeof(key_sizes)/sizeof(int);




-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to