Closed Bug 95990 Opened 18 years ago Closed 18 years ago

rijndael.c: encrypt/decrypt use c2 and c3 without ever initializing.

Categories

(NSS :: Libraries, defect, P1)

x86
Linux
defect

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: mozilla-bugs, Assigned: bugz)

References

Details

Functions rijndael_encryptBlock and rijndael_decryptBlock both declare 

unsigned int c2, c3;

and then proceed to use those without even assigning anything to this variables!
Blocks: 59652
Assigned the bug to Ian.
Assignee: wtc → mcgreer
The two functions in question are not used, as the comment block above them
notes.  They are generic blocksize Rijndael encrypt/decrypt functions, and at
this time only 128-bit blocksizes have been adopted in any standard drafts.  The
128-bit blocksize routines are rijndael_encrypt128 and rijndael_decrypt128; they
are highly optimized.

I think there are possibly other problems with the generic encrypt/decrypt
functions.  I have intended to clean them up whenever I either have the time, or
NSS has the demand for > 128-bit AES.

For now, a more stringent comment, and initializing to 0, should do.

-Ian
Priority: -- → P1
Target Milestone: --- → 3.4
Can we just put the entire body of these unused functions inside of a big
#if 0
ifdef?
That will eliminate complaints and reduce library size until these
functions are vetted.
I did that a long time ago.

Because of that, I marking this WONTFIX.  See 100770 for the real bug.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.