hi
while doing some statistical tests on the output of different symmetric ciphers
with 'openssl enc' we found files with lots of zeros. they were obviously
corrupt:
$ dd if=/dev/urandom of=input bs=1024 count=128
$ openssl enc -des-ede3-cfb1 -in input -out output -pass pass:password
$ openssl enc -d -des-ede3-cfb1 -in output -out output2 -pass pass:password
$ diff input output2
Binary files input and output2 differ
including openssl 1.0.1c, the implementation of 3des cfb1 in
crypto/evp/e_des3.c seems buggy: shifting is done bit-wise but the for loop
only iterates over the bytes of the input buffer (instead of its bits). so only
the first eights of the buffer gets processed.
the following fix should solve the problem (similar to the implementation of
des_cfb1_cipher()):
--- e_des3.c 2011-05-29 01:01:26.000000000 +0200
+++ e_des3_p.c 2012-08-27 17:59:38.000000000 +0200
@@ -175,7 +175,7 @@
size_t n;
unsigned char c[1],d[1];
- for(n=0 ; n < inl ; ++n)
+ for(n=0 ; n < inl*8 ; ++n)
{
c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
DES_ede3_cfb_encrypt(c,d,1,1,
gruss andrea
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
