Hi Everyone, I wanted to give everyone a heads up.... Rijndael was cleaned up a bit to help with auditing and testing.
Previously, CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS was unconditionally set in rijndael.cpp because of a missing symbol under Microsoft SSE2 non-AESNI X64 builds. The define was removed and the issue was cleared with: * http://github.com/weidai11/cryptopp/commit/58ed2fcd370523ed101715f57b0926d7dd8ac622 * http://github.com/weidai11/cryptopp/commit/c8de423ab5a1eda7c6b5bd36aa323f1996486547 The remediations brought another issue to light, and it is a hang in Rijndael's Enc::AdvancedProcessBlocks and AliasedWithTable. This issue always existed, but the recent commit and testing with CRYPTOPP_NO_UNALIGNED_DATA_ACCESS defined and CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS removed brought it back again. For completeness, CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is OK. The issue is being tracked at: * http://github.com/weidai11/cryptopp/issues/132 The bug report has some initial findings around the 132 issue. I know how to clear it when CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is defined, but it causes another failure in the self tests. The failure is an Invalid PKCS #7 Padding in AES/CBC mode. The invalid padding is a little trickier. I think its due to inadvertently mixing routines for compressed and uncompressed tables to avoid timing attacks. There are no direct switches to control the use of compressed tables; rather it pivots on aligned/unaligned data access so its controlled by CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS and CRYPTOPP_NO_UNALIGNED_DATA_ACCESS. I should have it sorted out in a few days. If you need to use AES immediately, then manually re-add the 58ed2fcd commit (http://github.com/weidai11/cryptopp/commit/58ed2fcd370523ed101715f57b0926d7dd8ac622). If anyone speaks up, I can add it for you now (I'm trying to avoid the extra commit). Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
