rijndael.c: encrypt/decrypt use c2 and c3 without ever initializing.

RESOLVED WONTFIX

Status

NSS
Libraries
P1
normal
RESOLVED WONTFIX
17 years ago
17 years ago

People

(Reporter: Aleksey Nogin, Assigned: Ian McGreer)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

17 years ago
Functions rijndael_encryptBlock and rijndael_decryptBlock both declare 

unsigned int c2, c3;

and then proceed to use those without even assigning anything to this variables!
(Reporter)

Updated

17 years ago
Blocks: 59652

Comment 1

17 years ago
Assigned the bug to Ian.
Assignee: wtc → mcgreer
(Assignee)

Comment 2

17 years ago
The two functions in question are not used, as the comment block above them
notes.  They are generic blocksize Rijndael encrypt/decrypt functions, and at
this time only 128-bit blocksizes have been adopted in any standard drafts.  The
128-bit blocksize routines are rijndael_encrypt128 and rijndael_decrypt128; they
are highly optimized.

I think there are possibly other problems with the generic encrypt/decrypt
functions.  I have intended to clean them up whenever I either have the time, or
NSS has the demand for > 128-bit AES.

For now, a more stringent comment, and initializing to 0, should do.

-Ian

Updated

17 years ago
Priority: -- → P1
Target Milestone: --- → 3.4
Can we just put the entire body of these unused functions inside of a big
#if 0
ifdef?
That will eliminate complaints and reduce library size until these
functions are vetted.
(Assignee)

Comment 4

17 years ago
I did that a long time ago.

Because of that, I marking this WONTFIX.  See 100770 for the real bug.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.