[PATCH] AES-KW: fix in-place encryption
Stephan Mueller
smueller at chronox.de
Mon Mar 12 22:24:37 CET 2018
In case AES-KW in-place encryption is performed, the plaintext must be
moved to the correct destination location before the first semiblock of
the destination buffer is modified. Without the patch, the first
semiblock of the plaintext is overwritten with a6a6a6a6a6a6a6a6.
* cipher/cipher-aeswrap.c: move memove call before KW IV setting
Signed-off-by: Stephan Mueller <smueller at chronox.de>
---
cipher/cipher-aeswrap.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c
index 698742df..a8d0e03e 100644
--- a/cipher/cipher-aeswrap.c
+++ b/cipher/cipher-aeswrap.c
@@ -70,6 +70,9 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
a = outbuf; /* We store A directly in OUTBUF. */
b = c->u_ctr.ctr; /* B is also used to concatenate stuff. */
+ /* Copy the inbuf to the outbuf. */
+ memmove (r+8, inbuf, inbuflen);
+
/* If an IV has been set we use that IV as the Alternative Initial
Value; if it has not been set we use the standard value. */
if (c->marks.iv)
@@ -77,9 +80,6 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
else
memset (a, 0xa6, 8);
- /* Copy the inbuf to the outbuf. */
- memmove (r+8, inbuf, inbuflen);
-
memset (t, 0, sizeof t); /* t := 0. */
for (j = 0; j <= 5; j++)
--
2.14.3
More information about the Gcrypt-devel
mailing list