Jun-ichiro itojun Hagino wrote:
>
> Hello this is Jun-ichiro (Itoh) Hagino of KAME project.
> RFC2144 says that, CAST128 must be performed only 12 rounds if
> key length <= 80bits. The following patch should fix the behavior.
> Assembly language versions needs some fix too.
>
> This bug was found on SSLeay 0.9.0b, report has been sent to SSLeay
> team, but OpenSSL is using a version prior to the fix (0.9.0b?),
> so I'm sending this report to you.
>
> I'm not on the openssl-dev mailing list so please send comments to
> [EMAIL PROTECTED] or [EMAIL PROTECTED] too. Thanks.
Hi there - I've just committed a fix for the C version (based on yours)
which I haven't tested, and also for the assembler versions, which I
have tested. You might like to note that your patch didn't actually fix
the test program, which had been crippled to not test short keys!
Thanks for the bug report.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
