Date: Wed, 17 Sep 2003 17:20:30 +0900 From: Hajimu UMEMOTO <ume@FreeBSD.org> To: Lev Walkin <vlm@netli.com> Cc: core@kame.net Subject: Re: possible rijndael bug Message-ID: <ygeoexj7rn5.wl%ume@FreeBSD.org> In-Reply-To: <3F6816B4.10607@netli.com> References: <3F680C78.000003.13537@tide.yandex.ru> <ygepthz7sr7.wl%ume@bisd.hitachi.co.jp> <3F6816B4.10607@netli.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
>>>>> On Wed, 17 Sep 2003 01:09:24 -0700
>>>>> vlm@netli.com (Lev Walkin) said:
> I saw it during working on next KAME merge into 5-CURRENT.
> KAME/NetBSD uses assert() here like:
>
> assert(padLen > 0 && padLen <= 16);
>
> Since FreeBSD doesn't have assert() in kernel, this line was changed
> to:
>
> if (padLen > 0 && padLen <= 16)
> return BAD_CIPHER_STATE;
>
> for KAME/FreeBSD. Since if expression is true, the assert() macro
> does nothing, the expression seems wrong, and it should be:
>
> if (padLen <= 0 || padLen > 16)
> return BAD_CIPHER_STATE;
>
> as you pointed out.
vlm> Absolutely NOT.
vlm> According to RFC1423 and FIPS81, the padding length may be somewhere
vlm> in between 1 to 16 bytes, which translated into
vlm> if(padLen < 0 || padLen >= 16)
vlm> for this particular code.
Ah, yes. Then, `assert(padLen > 0 && padLen <= 16)'; should be wrong.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ygeoexj7rn5.wl%ume>