[openssl-dev] [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation
Loic Etienne via RT
rt at openssl.org
Mon Jun 13 09:37:59 UTC 2016
My claim about portability issues was wrong (sorry): The C-standard ensures that positive values are handled in the two's complement system, indeed.
However, inl % block_size == inl & (block_size-1) is true if and only if block_size is a power of two, which happens to be true under the current implementation, but may change in the future.
If block_size should be 48, then 48 % block_size == 0, but 48 & (block_size-1) == 32.
For this reason and for stylistic reasons, it may be worth considering to use consistently inl % ctx->block_size instead of inl & ctx->block_mask and int & (bl-1). Then the member block_mask could probably be removed.
Otherwise, an OPENSSL_assert or an appropriate comment may document the essential precondition that block_size is a power of two.
Cheers, Loic
________________________________
From: Matt Caswell via RT <rt at openssl.org>
Sent: Friday, June 10, 2016 12:16:02 AM
To: Loic Etienne
Cc: openssl-dev at openssl.org
Subject: [openssl.org #4561] BUG: openssl-1.0.2h, evp_enc.c, non-portable bitwise operation
On Mon Jun 06 18:26:50 2016, loic.etienne at qnective.com wrote:
> crypto/evp/evp_enc.c, EVP_EncryptUpdate
> line 337: inl & (ctx->block_mask)
> line 367: inl & (bl - 1) /* with bl = ctx->cipher->block_size */
Why do you consider this a problem?
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4561
Please log in as guest with password guest if prompted
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4561
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list