rijndael_encryptECB. rijndael_encryptCBC, etc. do not set the *outputLen output argument.

NEW
Unassigned

Status

NSS
Libraries
P2
normal
5 years ago
3 years ago

People

(Reporter: Wan-Teh Chang, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 obsolete attachment)

(Reporter)

Description

5 years ago
rijndael_encryptECB, rijndael_encryptCBC, rijndael_decryptECB, and rijndael_decryptCBC
do not set the *outputLen output argument. This violates the NSS convention.

These functions are relying on their callers to set *outputLen on entry. Right now the
only callers are AES_Encrypt and AES_Decrypt. They set *outputLen = inputLen before
calling these functions.

Comment 1

4 years ago
Created attachment 8414292 [details] [diff] [review]
bug791875_v1.patch
Attachment #8414292 - Flags: review?(wtc)

Comment 2

3 years ago
Comment on attachment 8414292 [details] [diff] [review]
bug791875_v1.patch

Cancelling review. After revisiting this, I'm no longer comfortable with making changes to what looks to me like rather important sensitive code.
Attachment #8414292 - Attachment is obsolete: true
Attachment #8414292 - Flags: review?(wtc)
You need to log in before you can comment on or make changes to this bug.