In message <[EMAIL PROTECTED]> on Tue, 30 Jul 2002 16:18:07
PDT, Matt Piotrowski <[EMAIL PROTECTED]> said:
matt.piotrowski> "num" could point to a value out of that range if it
matt.piotrowski> is not initialized before the first call to
matt.piotrowski> AES_ctr128_encrypt(). The fix for this is to clearly
matt.piotrowski> document that the value "num" points to is both an
matt.piotrowski> input and an output.
Just as for the DES OFB and CFB modes, num must be initialized to 0 by
the user. You're perfectly correct that we need to document the AES
functions, thanks for the reminder.
matt.piotrowski> However, this range of values really has no bearing
matt.piotrowski> on the bug. The bug exists for all non-zero values.
I completely agree, now that you pointed out what you meant (sorry for
missing it). However, your patch worries me, because it potentially
can mean that AES in counter mode goes half as fast in case encryption
is done in chunks close to AES_BLOCK_SIZE in size (because counter
will be encrypted twice for each increment). I'd much prefer to have
a relevant portion of tmp saved somewhere (just like OFB mode, but
that one has an ivec to count on for that :-/). A possibility is to
set up an vector of AES_BLOCK_SIZE bytes in AES_KEY, specifically to
be used for such purposes (actually, it could be used directly as
tmp). It can be considered a hack, but will do the job, and more
efficiently for the worst case.
Comments?
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
