As i'm new to the list, i hope i'm not embarassing myself by pointing out the following:
First, in file crypto/aes/aes_cbc.c, line 94--98:
memcpy(tmp, in, sizeof tmp);
AES_decrypt(in, out, key);
for(n=0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= ivec[n];
memcpy(ivec, tmp, AES_BLOCK_SIZE);is equivalent to the shorter form (that saves several CPU cycles) below:
AES_decrypt(in, out, key);
for(n=0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= ivec[n];
memcpy(ivec, in, AES_BLOCK_SIZE);So, if the experts can verify this, i wonder if i should submit a patch?
Second, i don't think AES_cbc_encrypt currently handles partial blocks correctly. The reason is line 88-89:
AES_encrypt(tmp, tmp, key);
memcpy(out, tmp, len);truncates the ciphertext, but the decryption part tries to decrypt the whole block (line 104-105):
memcpy(tmp, in, sizeof tmp);
AES_decrypt(tmp, tmp, key);It is easy to verify this by writing a simple encrypt/decrypt program
(which I have written) -- multiple blocks work; partial don't. As far as i can tell, it is also not implementing a technique called ciphertext stealing. So, if the experts can verify this, i wonder if i should submit a patch?
Thank you very much for your attention.
Best regards, law
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
