L.S.,
please have a look at crypto/des/xcbc_enc.c: function
void DES_xcbc_encrypt(...)
in 0.9.9 CVS HEAD
at line 165 the loop reads:
for (l-=8; l>0; l-=8)
shouldn't this read as:
for (l-=8; l>=0; l-=8)
as happens for all other cbc loops out there (not only in this file),
as for length==8, the code for enc/dec in there does not look
symmetrical without this change, like it does for other files, such
as:
crypto/des/des_enc.c:
void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char
*output, ...)
and others. (grep for the string 'for (l-=8; l>0; l-=8)' to find them
all: xcbc_encrypt() is the only one which has l>0 instead of l>=0 in
the !enc else branch.)
I'll try to conjure up a test to showcase/test the possible bug here,
but if anyone can tell me offhand that I'm mistaken, I'd be much
obliged.
This one was spotted while working on size_t-ification of OpenSSL. I
changed the code in my copy, yet the tests don't seem to see the
difference --> this 'fringe case' is not checked, or some difference
should have triggered a fail/ok..
--
Met vriendelijke groeten / Best regards,
Ger Hobbelt
--------------------------------------------------
web: http://www.hobbelt.com/
http://www.hebbut.net/
mail: g...@hobbelt.com
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
