Compliance with RFC5647 section 7.1 in cipher_crypt()

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I noticed in the following snippet from cipher_crypt() that the requested
value to increment the the invocation field by is one octet while section
7.1 in RFC5647 states that it should be eight. Under the covers in
OpenSSL's aes_gcm_ctrl, I see that the value passed in of 1 is ignored and
is substituted by a hard-coded 8.  If the value of arg is ever honored by
the underlying OpenSSL code, the way this is coded may cause failures when
using AES-GCM ciphers.

Should cipher_crypt be updated to increment the value by 8 instead of 1?

if (authlen)
u_char lastiv[1];
if (authlen != cipher_authlen(cc->cipher))
return SSH_ERR_INVALID_ARGUMENT;
/* increment IV */
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
1, lastiv))
return SSH_ERR_LIBCRYPTO_ERROR;
*snip*

Thanks,
Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux