RFC 3394 section 2 states that we need at least two 64 bit blocks - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2018-10-20 15:53:09 +0000
committer	tb <>	2018-10-20 15:53:09 +0000
commit	030940374172037385e4db118b4bec57b798f314 (patch)
tree	c1c9cf6f754c100c2d8aadb09fc31faf71b335c2 /src/lib/libssl/ssl_both.c
parent	9a0b1fb2a2110ac6df630feaf0b27291182c2854 (diff)
download	openbsd-030940374172037385e4db118b4bec57b798f314.tar.gz openbsd-030940374172037385e4db118b4bec57b798f314.tar.bz2 openbsd-030940374172037385e4db118b4bec57b798f314.zip

RFC 3394 section 2 states that we need at least two 64 bit blocks

for wrapping and, accordingly, three 64 bit blocks for unwrapping. That is: we need at least 16 bytes for wrapping and 24 bytes for unwrapping. This also matches the lower bounds that OpenSSL have in their CRYPTO_128_{un,}wrap() functions. In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(), this results in a segfault since then inlen -= 8 underflows. Found while playing with the Wycheproof keywrap test vectors. ok bcook

Diffstat (limited to 'src/lib/libssl/ssl_both.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: