Andy Polyakov wrote:
>
> > small bug in opensssl-0.9.4:
> >
> > Using the 'enc' program present on the crypto/pkcs7 directory, I do:
> > - take a string of 6 or less chars and save it on a file
> > - apply the 'enc' prg to this file
> > - apply the 'dec' prg to this file
> >
> > the result is an empty message.
> >
> > If the length of the string is >= 7, it works ok
> this isn't correct statement. message shorter than 8 characters comes
> out empty. you've forgotten to count the end-of-line. and it looks like
> only block ciphers exhibit this behaviour. if you encrypt with rc4 it
> comes out right. andy.
Ouch!
Like most "small" bugs it is a bit nasty. It is a bug in the encrypt
BIOs (enc_read) which can occur when EOF occurs at the start of a read.
You can see another more serious consequence by modifying 'dec.c' to
read in 16 byte chunks and then encrypting/decrypting something of
length 17 bytes: the last byte will get truncated.
I'll work on a fix.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]