In message <[EMAIL PROTECTED]> on Tue, 30 Jul 2002 16:18:07 PDT, Matt Piotrowski <[EMAIL PROTECTED]> said:
matt.piotrowski> "num" could point to a value out of that range if it matt.piotrowski> is not initialized before the first call to matt.piotrowski> AES_ctr128_encrypt(). The fix for this is to clearly matt.piotrowski> document that the value "num" points to is both an matt.piotrowski> input and an output. Just as for the DES OFB and CFB modes, num must be initialized to 0 by the user. You're perfectly correct that we need to document the AES functions, thanks for the reminder. matt.piotrowski> However, this range of values really has no bearing matt.piotrowski> on the bug. The bug exists for all non-zero values. I completely agree, now that you pointed out what you meant (sorry for missing it). However, your patch worries me, because it potentially can mean that AES in counter mode goes half as fast in case encryption is done in chunks close to AES_BLOCK_SIZE in size (because counter will be encrypted twice for each increment). I'd much prefer to have a relevant portion of tmp saved somewhere (just like OFB mode, but that one has an ivec to count on for that :-/). A possibility is to set up an vector of AES_BLOCK_SIZE bytes in AES_KEY, specifically to be used for such purposes (actually, it could be used directly as tmp). It can be considered a hack, but will do the job, and more efficiently for the worst case. Comments? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]