[EMAIL PROTECTED] via RT wrote:
The function AES_cbc_encrypt has a bug when its input and output parameters are the same which causes it to incorrectly update the IV.
All other OpenSSL ..._cbc_encrypt functions happily accept input==output, I don't see a valid reason why AES would be the exception. The attached patch fixes the problem, but a revisitation of the AES CBC functions may be in order in order to optimise (I'm sure it's got to be possible to encrypt/decrypt without memcpying so much)
It's 6 weeks since I submitted this patch. Are there objections to it, or should I just sit patiently until it gets to the top of someone's queue?
-- Jon Bright Silicon Circus Ltd. http://www.siliconcircus.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
