>>> --- a/crypto/aes/asm/aes-x86_64.pl >>> +++ b/crypto/aes/asm/aes-x86_64.pl >>> @@ -1994,10 +1994,12 @@ AES_cbc_encrypt: >> ??? What is it for version you have? In CVS .Lcbc_slow_enc_in_place >> resided at line #1974! A. > > I use CVS. It's an issue of patch sequence, I put another personal patch > before this one.
I should have guessed:-) > And, I find with the simple test program attached with the mail. The > output of CVS is different from that of openssl-0.9.8g if the specified > input length is less than 16. The bug was present even in 0.9.8 and it was addressed at the same time, see http://cvs.openssl.org/chngview?cn=17699. For reference. One can argue that AES_cbc_encrypt could just as well require padded input, i.e. length divisible by 16. One can even argue that nobody is passing length not divisible by 16 anyway(*) and doing so wouldn't break anything. But the thing is that it's the way OpenSSL is (*all* cbc procedures are like this) and as it has been around for a while, it's hardly appropriate to change, as there is no way of knowing if anybody is dependent on this behavior. A. (*) most notably EVP (which by the way is *the* recommended interface to OpenSSL) does *not* pass length not divisible by 16, which is how bug is bound to slip through EVP-based tests. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
