In message <[EMAIL PROTECTED]> on Fri, 27 Jun 2003 09:56:38 +0200, Thierry Boivin
<[EMAIL PROTECTED]> said:
Thierry.Boivin> Generalized approach : as differencies for the
Thierry.Boivin> various applications are the way to build the IV, ie:
Thierry.Boivin> nonce part /upper counter part / lower counter part
Thierry.Boivin> /whatever part, and, in my opinion, not the way to
Thierry.Boivin> increment such a global IV from block to block, I
Thierry.Boivin> would make the library incrementing by one on the
Thierry.Boivin> whole size of the IV, leaving boundaries aspects (the
Thierry.Boivin> routine just don't care about the way the given IV was
Thierry.Boivin> built) and associated overflow condition checks (the
Thierry.Boivin> routine gives back the manipulated IV) to the
Thierry.Boivin> responsability of the calling programs.
Do I understand correctly with this patch (for 0.9.8-dev, but should
work with 0.9.7 as well)?
Index: crypto/aes/aes_ctr.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/aes/aes_ctr.c,v
retrieving revision 1.5
diff -u -r1.5 aes_ctr.c
--- crypto/aes/aes_ctr.c 13 Nov 2002 14:01:34 -0000 1.5
+++ crypto/aes/aes_ctr.c 29 Jun 2003 15:11:17 -0000
@@ -62,19 +62,49 @@
/* NOTE: CTR mode is big-endian. The rest of the AES code
* is endian-neutral. */
-/* increment counter (128-bit int) by 2^64 */
+/* increment counter (128-bit int) by 1 */
static void AES_ctr128_inc(unsigned char *counter) {
unsigned long c;
- /* Grab 3rd dword of counter and increment */
+ /* Grab bottom dword of counter and increment */
#ifdef L_ENDIAN
- c = GETU32(counter + 8);
+ c = GETU32(counter + 0);
c++;
- PUTU32(counter + 8, c);
+ PUTU32(counter + 0, c);
#else
- c = GETU32(counter + 4);
+ c = GETU32(counter + 12);
c++;
- PUTU32(counter + 4, c);
+ PUTU32(counter + 12, c);
+#endif
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 1st dword of counter and increment */
+#ifdef L_ENDIAN
+ c = GETU32(counter + 4);
+ c++;
+ PUTU32(counter + 4, c);
+#else
+ c = GETU32(counter + 8);
+ c++;
+ PUTU32(counter + 8, c);
+#endif
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 2nd dword of counter and increment */
+#ifdef L_ENDIAN
+ c = GETU32(counter + 8);
+ c++;
+ PUTU32(counter + 8, c);
+#else
+ c = GETU32(counter + 4);
+ c++;
+ PUTU32(counter + 4, c);
#endif
/* if no overflow, we're done */
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
