In message <[EMAIL PROTECTED]> on Tue, 30 Jul 2002 14:04:21
PDT, Matt Piotrowski <[EMAIL PROTECTED]> said:
matt.piotrowski> I think there's a bug in the AES counter mode
matt.piotrowski> implementation: if you pass a non-zero counter offset
matt.piotrowski> to AES_ctr128_encrypt() (through the "num" argument),
matt.piotrowski> this function will access unitialized data in "tmp".
How could num (or n, inside AES_ctr128_encrypt() ever have a value
that isn't between 0 (included) and AES_BLOCK_SIZE (excluded), unless
you do something stupid with num between calls? Make note of the
following statement:
n = (n+1) % AES_BLOCK_SIZE;
matt.piotrowski> I'm not sure if this function is intended to provide
matt.piotrowski> stream-like services, but if it is, then I have test
matt.piotrowski> code which demonstrates the bug and a patch that
matt.piotrowski> fixes it. I have included both below.
That program prints "success" on my system (a Pentium running Debian
GNU/Linux).
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
