> > I found an issue in the implementation of the Crypto++ function > > RoundUpToMultipleOf (misc.h:745). The function is used at multiple > places > > throughout the code, so the bug *might* have security implications, > hence > > I'm reporting via email. > > > > misc.h:748 incorrectly assumes that the maximal value of type T1 is > > SIZE_MAX/sizeof(T1), which causes RoundUpToMultipleOf to detect integer > > overflows incorrectly. The branch condition gives false positives for > large > > 64-bit integers and false negatives for smaller types. See the attached > > source code for examples. Additionally, the documentation states that > > RoundUpToMultipleOf returns n + n%m, while in fact it returns (as it > should) > > n + (m-n%m)%m. >
We are tracking this issue at https://github.com/weidai11/cryptopp/issues/360. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
