[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-dev
Subject: [openssl.org #2432] gcm128.c (all versions) bug in OPENSSL_SMALL_FOOTPRINT version of CRYPTO_gcm128_
From: "Michael Heyman via RT" <rt () openssl ! org>
Date: 2011-01-14 18:34:13
Message-ID: rt-3.4.5-91129-1295030053-737.2432-21-0 () openssl ! org
[Download RAW message or body]
The CRYPTO_gcm128_decrypt() function has a bug when compiling with the
OPENSSL_SMALL_FOOTPRINT option - the code in question does not get
exercised unless that option is set.
In addition, the test cases when compiling with SELFTEST are designed
such that this bug does not get reported.
The included patch fixes the bug and the test cases.
----
Michael Heyman
["gcm128.c.patch" (text/x-patch)]
--- gcm128.c 2011-01-14 10:59:04.104386199 -0500
+++ gcm128.c 2011-01-14 11:04:34.685296210 -0500
@@ -1080,11 +1080,11 @@
PUTU32(ctx->Yi.c+12,ctr);
else
ctx->Yi.d[3] = ctr;
}
c = in[i];
- out[i] ^= ctx->EKi.c[n];
+ out[i] = c^ctx->EKi.c[n];
ctx->Xi.c[n] ^= c;
n = (n+1)%16;
if (n==0)
GCM_MUL(ctx,Xi);
}
@@ -1540,11 +1540,12 @@
if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \
(C##n && memcmp(out,C##n,sizeof(out)))) \
ret++, printf ("encrypt test#%d failed.\n",n);\
CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \
if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \
- if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out)); \
+ if (C##n) { memset(out,0,sizeof(out)); \
+ CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out));} \
if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \
(P##n && memcmp(out,P##n,sizeof(out)))) \
ret++, printf ("decrypt test#%d failed.\n",n); \
} while(0)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic