I'll post a full patch at some point - but in the interim.
This isn't so much a bug as something I forgot to go back and fix when I
coded it originally.
CCM will fail with AAD > 0xff00 bytes as I forgot to add the formatting
bytes for the larger AAD's.
Note that it still hasn't been tested with AAD's > 2^32 bytes .
With normal use of CCM this was probably harmless, as it's typically used
with small packets.
--- openssl-0.9.8e.orig/crypto/aes/aes_ccm.c 2009-12-18
08:38:39.000000000 +1000
+++ openssl-0.9.8e/crypto/aes/aes_ccm.c 2009-12-18 10:29:51.000000000 +1000
@@ -180,7 +180,8 @@
unsigned int aadbytes = 0;
unsigned int offset = 0;
int outl = 0;
- unsigned int i,j;
+ unsigned int i,j,k;
+ int aadenc = 2;
#if defined(AES_CCM_DEBUG)
int b = 0; /* Index counters to aid formatting during debug */
int s = 0;
@@ -283,15 +284,22 @@
if(aad != NULL && aadlen > 0) {
if(aadlen < (0x10000L - 0x100L)) {
aadbytes = 2;
+ aadenc = 2;
} else if(aadlen <= 0xFFFFFFFF) {
aadbytes = 6;
+ aadenc = 4;
+ A0[0] = 0xff;
+ A0[1] = 0xfe;
} else {
aadbytes = 10;
+ aadenc = 8;
+ A0[0] = 0xff;
+ A0[1] = 0xff;
}
j = aadlen;
- for(i = aadbytes-1; i > 0; i--) {
- A0[i] = j & 0xff;
- j >>= 8;
+ for(i = 0, k = aadbytes-1; i < aadenc; i++,k--) {
+ A0[k] = j & 0xff;
+ j = j / 256;
}
/* Now roll through the aad ? */
}
@@ -364,7 +372,7 @@
/* AES_encrypt(CTR,A0,akey); */
EVP_EncryptUpdate(ctx,A0,&outl,CTR,AES_BLOCK_SIZE);
printbinCTR("S",&s,A0,AES_BLOCK_SIZE);
- /* Increment the ounter */
+ /* Increment the counter */
AES_CCM_inc(CTR,q);
/* XOR the encrypted counter with the incoming data */
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
