[FWD] CAST bug in OpenSSL

Fri, 29 Jan 1999 10:06:17 -0500 


Noch ack'ed, but haven't we already fixed this recently 
for OpenSSL 0.9.2?

----- Forwarded message from "M.-A. Lemburg" <[EMAIL PROTECTED]> -----
Date: Fri, 29 Jan 1999 15:21:01 +0100
From: "M.-A. Lemburg" <[EMAIL PROTECTED]>
Organization: IKDS
To: [EMAIL PROTECTED]
Subject: CAST bug in OpenSSL

Hi,

I've just downloaded the latest tarball from the OpenSSL site
and found that a bug in CAST still needs fixing. This is the
original EMail I sent to Eric Young in last september. Although
he confirmed the bug, it seems that no changes have been made
to the implementation.

"""
Hi Eric,

first of all, I'd like to thank you for the great job you did
on SSLeay. I'm currently developing a wrapper of the cryptographic
algorithms exposed by the lib that makes them available for use
in Python (http://www.python.org):

        http://starship.skyport.net/~lemburg/mxCrypto.html

While hacking along I found what looks like a bug in the CAST
implementation of SSLeay 0.9.0. The RFC2144 specs say that for keys
of length 5-10 bytes the number of rounds is supposed to be 12
instead of 16. Yet, SSLeay always uses 16 rounds regardeless of how
long the key is. As a result the test data given in the RFC fails
for keys of length 5-10.
"""

BTW: You may want to include the above link somewhere on the
OpenSSL site. It points to a SWIG wrapped version of parts of
SSLeay which makes the ciphers and hash functions available
to Python.

Sorry for the direct EMail... I couldn't find any mention of a
mailing list for these kinds of reports on the web pages.

Cheers,
-- 
Marc-Andre Lemburg                               Y2000: 336 days left
---------------------------------------------------------------------
          : Python Pages >>> http://starship.skyport.net/~lemburg/  :
           ---------------------------------------------------------
----- End forwarded message -----

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to