RFC 3394 section 2 states that we need at least two 64 bit blocks - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2018-10-20 15:53:09 +0000
committer	tb <>	2018-10-20 15:53:09 +0000
commit	108b29f9d3967dd1e6f2189a83fe627e333b132d (patch)
tree	c1c9cf6f754c100c2d8aadb09fc31faf71b335c2 /src/lib/libcrypto/asn1/a_bytes.c
parent	bd9d0fa01a7b5e725f3ae942e2d42284412f124f (diff)
download	openbsd-108b29f9d3967dd1e6f2189a83fe627e333b132d.tar.gz openbsd-108b29f9d3967dd1e6f2189a83fe627e333b132d.tar.bz2 openbsd-108b29f9d3967dd1e6f2189a83fe627e333b132d.zip

RFC 3394 section 2 states that we need at least two 64 bit blocks

for wrapping and, accordingly, three 64 bit blocks for unwrapping. That is: we need at least 16 bytes for wrapping and 24 bytes for unwrapping. This also matches the lower bounds that OpenSSL have in their CRYPTO_128_{un,}wrap() functions. In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(), this results in a segfault since then inlen -= 8 underflows. Found while playing with the Wycheproof keywrap test vectors. ok bcook

Diffstat (limited to 'src/lib/libcrypto/asn1/a_bytes.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: