[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug & Fix: blowfish.c:blf_cbc_decrypt() XORed with wrong data



When I tried to use OpenBSD's blowfish.c (Version 1.12) in cipherblock
chaining mode, I noticed that the result of blf_cbc_decrypt() was
wrong. After some tracking I found that decrypted bytes were XORed
with the wrong data, because `iv' was updated the wrong way.

With the following fix it seems to work:

--- /home/ni/incoming/blowfish.c        Mon May 10 19:08:33 1999
+++ blowfish.c  Tue May 11 17:14:20 1999
@@ -711,7 +711,7 @@
                data[7] = r & 0xff;
                for (j = 0; j < 8; j++)
                        data[j] ^= iv[j];
-               iv = data;
+               iv -= 8 ;
                data -= 8;
        }
        l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];


I would appreciate it if someone could verify this fix; please reply
to my e-mail address as I don't read the OpenBSD lists.

Ah well, and thanks for making OpenBSD!

Greetings, Juergen.

-- 
Juergen Nickelsen <ni_(_at_)_tellique_(_dot_)_de>
Tellique Kommunikationstechnik GmbH
Gustav-Meyer-Allee 25, 13355 Berlin, Germany
Tel. +49 30 46307-552 / Fax +49 30 46307-579