In message <[EMAIL PROTECTED]> on Fri, 27 Jun 2003 09:56:38 +0200, Thierry Boivin <[EMAIL PROTECTED]> said:
Thierry.Boivin> Generalized approach : as differencies for the Thierry.Boivin> various applications are the way to build the IV, ie: Thierry.Boivin> nonce part /upper counter part / lower counter part Thierry.Boivin> /whatever part, and, in my opinion, not the way to Thierry.Boivin> increment such a global IV from block to block, I Thierry.Boivin> would make the library incrementing by one on the Thierry.Boivin> whole size of the IV, leaving boundaries aspects (the Thierry.Boivin> routine just don't care about the way the given IV was Thierry.Boivin> built) and associated overflow condition checks (the Thierry.Boivin> routine gives back the manipulated IV) to the Thierry.Boivin> responsability of the calling programs. Do I understand correctly with this patch (for 0.9.8-dev, but should work with 0.9.7 as well)? Index: crypto/aes/aes_ctr.c =================================================================== RCS file: /e/openssl/cvs/openssl/crypto/aes/aes_ctr.c,v retrieving revision 1.5 diff -u -r1.5 aes_ctr.c --- crypto/aes/aes_ctr.c 13 Nov 2002 14:01:34 -0000 1.5 +++ crypto/aes/aes_ctr.c 29 Jun 2003 15:11:17 -0000 @@ -62,19 +62,49 @@ /* NOTE: CTR mode is big-endian. The rest of the AES code * is endian-neutral. */ -/* increment counter (128-bit int) by 2^64 */ +/* increment counter (128-bit int) by 1 */ static void AES_ctr128_inc(unsigned char *counter) { unsigned long c; - /* Grab 3rd dword of counter and increment */ + /* Grab bottom dword of counter and increment */ #ifdef L_ENDIAN - c = GETU32(counter + 8); + c = GETU32(counter + 0); c++; - PUTU32(counter + 8, c); + PUTU32(counter + 0, c); #else - c = GETU32(counter + 4); + c = GETU32(counter + 12); c++; - PUTU32(counter + 4, c); + PUTU32(counter + 12, c); +#endif + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 1st dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 4); + c++; + PUTU32(counter + 4, c); +#else + c = GETU32(counter + 8); + c++; + PUTU32(counter + 8, c); +#endif + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 2nd dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 8); + c++; + PUTU32(counter + 8, c); +#else + c = GETU32(counter + 4); + c++; + PUTU32(counter + 4, c); #endif /* if no overflow, we're done */ -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]