Ralf S. Engelschall wrote:
>
> Noch ack'ed, but haven't we already fixed this recently
> for OpenSSL 0.9.2?
Yes, I fixed it a couple of weeks ago.
Cheers,
Ben.
>
> ----- Forwarded message from "M.-A. Lemburg" <[EMAIL PROTECTED]> -----
> Date: Fri, 29 Jan 1999 15:21:01 +0100
> From: "M.-A. Lemburg" <[EMAIL PROTECTED]>
> Organization: IKDS
> To: [EMAIL PROTECTED]
> Subject: CAST bug in OpenSSL
>
> Hi,
>
> I've just downloaded the latest tarball from the OpenSSL site
> and found that a bug in CAST still needs fixing. This is the
> original EMail I sent to Eric Young in last september. Although
> he confirmed the bug, it seems that no changes have been made
> to the implementation.
>
> """
> Hi Eric,
>
> first of all, I'd like to thank you for the great job you did
> on SSLeay. I'm currently developing a wrapper of the cryptographic
> algorithms exposed by the lib that makes them available for use
> in Python (http://www.python.org):
>
> http://starship.skyport.net/~lemburg/mxCrypto.html
>
> While hacking along I found what looks like a bug in the CAST
> implementation of SSLeay 0.9.0. The RFC2144 specs say that for keys
> of length 5-10 bytes the number of rounds is supposed to be 12
> instead of 16. Yet, SSLeay always uses 16 rounds regardeless of how
> long the key is. As a result the test data given in the RFC fails
> for keys of length 5-10.
> """
>
> BTW: You may want to include the above link somewhere on the
> OpenSSL site. It points to a SWIG wrapped version of parts of
> SSLeay which makes the ciphers and hash functions available
> to Python.
>
> Sorry for the direct EMail... I couldn't find any mention of a
> mailing list for these kinds of reports on the web pages.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
