minor aes_encryptor.cpp cleanup

Brought to you by: artyom-beilis

#20 minor aes_encryptor.cpp cleanup

Milestone: Unstable_(example)

Status: open

Owner: nobody

Labels: patch (1)

Priority: 9

Updated: 2016-11-03

Created: 2016-11-03

Creator: CN Liou

Private: No

This patch cleans up aes_encryptor.cpp and makes rpc_json.cpp more informative.

1 Attachments

FILE.patch

Discussion

Artyom Beilis - 2016-11-03

Regarding AES Patch...

It is exactly the reason all cryptography stuff should be reviewed under magnifier

it is wrong:

IV isn't stored it is rundom. AES CBC is self syncrhonizing algorithms so even if you don't know IV - and you don't it is rundom. Once the first block is read you have valid data. So first block is not in use.

The memset exits for very good reason - make sure that the signature does not accidentially leak. Example of an attack. If user has a bug and shows some uninitialized stuff from allocated memory to user I can send invalid cache data to server. When calculated signature is "free" it may accidentially be taken by the another malloc and exposed via "harmless" bug to user and how can can put a valid signature on session...

Regarding 2nd - good stuff.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous