Thanks for the response, Jeffrey. I've now discovered that using just plain CFB_Mode<AES> allows me to use input blocks of any size. Only the FIPS variant imposes the size constraint.
Rereading the FIPS NIST 800-38A document, I see that it requires the input to be a multiple of what it calls segment size. I believe segment size is equivalent to what Crypto++ calls feed_back_size, except that segment size is in bits while the feed_back_size parameter is in bytes. The constraint for CFB_FIPS_Mode<AES> requires multiples of this feed_back_size, not multiples of the block size as I thought at first. My test had feed_back_size equal to the block size. It all makes sense, and I guess it is not a bug. For some reason, the older version didn't seem to enforce this constraint, not sure why. In my system I will have to use plain CFB_Mode, can't have the assert() in CFB_FIPS_Mode crash the whole application. Thanks, Joachim On Tuesday, January 17, 2017 at 5:09:22 PM UTC-8, Jeffrey Walton wrote: > > > > On Tuesday, January 17, 2017 at 5:39:28 PM UTC-5, Joachim Achtzehnter > wrote: >> >> In older versions of Crypto++, for example v5.2.3, the ProcessData() >> function of CFB_FIPS_Mode<AES>::Decryption worked with arbitrary sizes of >> input packets. In recent versions, at last since v5.5.2, it causes an >> assertion if the input packet is not a multiple of the block size. CFB >> should not require this constraint. Is this a known bug? >> > > Wow, that's going back in time. > > Rijndael::ProcessData requires a full block size. I'm not sure what > CFB_FIPS_Mode::ProcessData is doing at the moment. The mode can clearly > process bytes at a time, but it should ensure a full block is being sent to > Rijndael for processing. > > Do you have some sample code so I can inspect things under your setup? > > Jeff > -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.