On Fri, Apr 13, 2001 at 11:04:46PM -0500, Andy Brown wrote:
> I believe I've found a bug with the UNIX command-line "openssl enc"
> utility. If you specify the hex key (with -K) on the command line, the IV
> is some randomish garbage, probably whatever happens to be in memory.
I have run some tests on HP-UX and Linux. I think I could reproduce your
tests. (On HP-UX the IV is 0, but that may just be a coincidence.)
I had a glance over the source and it seems indeed, that on the
stack the two arrays "salt" and "iv" are defined but if I didn't miss
anything, then their initialization to 0 is nowhere enforced...
I have never dealt with the "openssl enc" command so I'll have to look
into it deeper before actually realizing a change.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
