Correct serious bug in AES-CBC decryption when the message length isn't
authorRichard Levitte <levitte@openssl.org>
Wed, 15 Oct 2003 09:00:14 +0000 (09:00 +0000)
committerRichard Levitte <levitte@openssl.org>
Wed, 15 Oct 2003 09:00:14 +0000 (09:00 +0000)
a multiple of AES_BLOCK_SIZE.
Optimize decryption of all complete blocks in AES-CBC by removing an
unnecessary memcpy().

The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>.
The unnecessary memcpy() was found as an effect of investigating that error.

crypto/aes/aes_cbc.c

index 86b27b1..0a28ab8 100644 (file)
@@ -91,21 +91,20 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                }                       
        } else {
                while (len >= AES_BLOCK_SIZE) {
-                       memcpy(tmp, in, AES_BLOCK_SIZE);
                        AES_decrypt(in, out, key);
                        for(n=0; n < AES_BLOCK_SIZE; ++n)
                                out[n] ^= ivec[n];
-                       memcpy(ivec, tmp, AES_BLOCK_SIZE);
+                       memcpy(ivec, in, AES_BLOCK_SIZE);
                        len -= AES_BLOCK_SIZE;
                        in += AES_BLOCK_SIZE;
                        out += AES_BLOCK_SIZE;
                }
                if (len) {
                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                       AES_decrypt(tmp, tmp, key);
+                       AES_decrypt(in, tmp, key);
                        for(n=0; n < len; ++n)
-                               out[n] ^= ivec[n];
-                       memcpy(ivec, tmp, AES_BLOCK_SIZE);
+                               out[n] = tmp[n] ^ ivec[n];
+                       memcpy(ivec, in, AES_BLOCK_SIZE);
                }                       
        }
 }