Date: Wed, 17 Sep 2003 01:25:48 -0700 From: Lev Walkin <vlm@netli.com> To: Hajimu UMEMOTO <ume@FreeBSD.org> Cc: core@kame.net Subject: Re: possible rijndael bug Message-ID: <3F681A8C.4030603@netli.com> In-Reply-To: <ygeoexj7rn5.wl%ume@FreeBSD.org> References: <3F680C78.000003.13537@tide.yandex.ru> <ygepthz7sr7.wl%ume@bisd.hitachi.co.jp> <3F6816B4.10607@netli.com> <ygeoexj7rn5.wl%ume@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hajimu UMEMOTO wrote: > Hi, > > >>>>>>On Wed, 17 Sep 2003 01:09:24 -0700 >>>>>>vlm@netli.com (Lev Walkin) said: > > >>I saw it during working on next KAME merge into 5-CURRENT. >>KAME/NetBSD uses assert() here like: >> >> assert(padLen > 0 && padLen <= 16); >> >>Since FreeBSD doesn't have assert() in kernel, this line was changed >>to: >> >> if (padLen > 0 && padLen <= 16) >> return BAD_CIPHER_STATE; >> >>for KAME/FreeBSD. Since if expression is true, the assert() macro >>does nothing, the expression seems wrong, and it should be: >> >> if (padLen <= 0 || padLen > 16) >> return BAD_CIPHER_STATE; >> >>as you pointed out. > > > > vlm> Absolutely NOT. > > vlm> According to RFC1423 and FIPS81, the padding length may be somewhere > vlm> in between 1 to 16 bytes, which translated into > > vlm> if(padLen < 0 || padLen >= 16) > > vlm> for this particular code. > > Ah, yes. Then, `assert(padLen > 0 && padLen <= 16)'; should be wrong. Nope, you're completely right: the original assert() code is correct. -- Lev Walkin vlm@netli.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F681A8C.4030603>