Compliance with RFC5647 section 7.1 in cipher_crypt()

Markus Friedl mfriedl at gmail.com
Thu Sep 28 00:19:30 AEST 2017


My understanding of the API is that the 1 means: copy out 1 byte of the IV
before incrementing

Peter P. <p.pan48711 at gmail.com> schrieb am Mo. 7. Nov. 2016 um 23:46:

> Hi,
>
> I noticed in the following snippet from cipher_crypt() that the requested
> value to increment the the invocation field by is one octet while section
> 7.1 in RFC5647 states that it should be eight. Under the covers in
> OpenSSL's aes_gcm_ctrl, I see that the value passed in of 1 is ignored and
> is substituted by a hard-coded 8.  If the value of arg is ever honored by
> the underlying OpenSSL code, the way this is coded may cause failures when
> using AES-GCM ciphers.
>
> Should cipher_crypt be updated to increment the value by 8 instead of 1?
>
> if (authlen)
> u_char lastiv[1];
> if (authlen != cipher_authlen(cc->cipher))
> return SSH_ERR_INVALID_ARGUMENT;
> /* increment IV */
> if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
> 1, lastiv))
> return SSH_ERR_LIBCRYPTO_ERROR;
> *snip*
>
> Thanks,
> Peter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>


More information about the openssh-unix-dev mailing list