In message <[EMAIL PROTECTED]> on Tue, 30 Jul 2002 14:04:21 PDT, Matt Piotrowski <[EMAIL PROTECTED]> said:
matt.piotrowski> I think there's a bug in the AES counter mode matt.piotrowski> implementation: if you pass a non-zero counter offset matt.piotrowski> to AES_ctr128_encrypt() (through the "num" argument), matt.piotrowski> this function will access unitialized data in "tmp". How could num (or n, inside AES_ctr128_encrypt() ever have a value that isn't between 0 (included) and AES_BLOCK_SIZE (excluded), unless you do something stupid with num between calls? Make note of the following statement: n = (n+1) % AES_BLOCK_SIZE; matt.piotrowski> I'm not sure if this function is intended to provide matt.piotrowski> stream-like services, but if it is, then I have test matt.piotrowski> code which demonstrates the bug and a patch that matt.piotrowski> fixes it. I have included both below. That program prints "success" on my system (a Pentium running Debian GNU/Linux). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]