Correct serious bug in AES-CBC decryption when the message length isn't

a multiple of AES_BLOCK_SIZE. Optimize decryption of all complete blocks in AES-CBC by removing an unnecessary memcpy(). The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>. The unnecessary memcpy() was found as an effect of investigating that error.

Correct serious bug in AES-CBC decryption when the message length isn't
a multiple of AES_BLOCK_SIZE. Optimize decryption of all complete blocks in AES-CBC by removing an unnecessary memcpy(). The error was notified by James Fernandes <jf210032@exchange.DAYTONOH.NCR.com>. The unnecessary memcpy() was found as an effect of investigating that error.
0b6956b4 · Richard Levitte · 0bb6187e · 0b6956b4
隐藏空白更改
内联并排

Showing with 4 addition and 5 deletion

crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c +4 -5

未找到文件。
--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@@ -91,21 +91,20 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 		}			
 	} else {
 		while (len >= AES_BLOCK_SIZE) {
-			memcpy(tmp, in, AES_BLOCK_SIZE);
 			AES_decrypt(in, out, key);
 			for(n=0; n < AES_BLOCK_SIZE; ++n)
 				out[n] ^= ivec[n];
-			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+			memcpy(ivec, in, AES_BLOCK_SIZE);
 			len -= AES_BLOCK_SIZE;
 			in += AES_BLOCK_SIZE;
 			out += AES_BLOCK_SIZE;
 		}
 		if (len) {
 			memcpy(tmp, in, AES_BLOCK_SIZE);
-			AES_decrypt(tmp, tmp, key);
+			AES_decrypt(in, tmp, key);
 			for(n=0; n < len; ++n)
-				out[n] ^= ivec[n];
-			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+				out[n] = tmp[n] ^ ivec[n];
+			memcpy(ivec, in, AES_BLOCK_SIZE);
 		}			
 	}
 }