Re: [openssl.org #3195] [bug] aes-cbc encryption on x86 is not working
On 11.12.2013 17:14, Yanchuan Nian via RT wrote: hi guys, There is a bug in the implementation of AES_cbc_encrypt() on x86 architecture. If the length of plaintext is not multiple of 16 bytes (must greater than 16), the decoded message is different from the original. I tested it with a testcase in the bottom of this letter, and the result is as follows: in = abcdefghijklmnopqrstuvwxyz in [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 result = abcdefghijklmnop���o��ʡ result [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 e1 d5 d3 6f 03 e5 3e dc ca a1 00 00 00 00 00 00 The data in the last block is wrong. I also tested it in a x86_64 machine, and the result is OK. My test is based on the master branch of openssl. Cannot confirm. x86_64, gcc 4.6.3, tested with 1.0.1e and with latest git (e3bc1f495522aac84dc7ebdd7da2dc503110394b). Both show in = abcdefghijklmnopqrstuvwxyz in [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 result = abcdefghijklmnopqrstuvwxyz result [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 Valgrind also reports nothing. I'm not sure, but is calling AES_cbc_encrypt() with a blocksize not a multiple of 16 even allowed by the API? Wouldn't be surprised if that were undefined behavior. Best regards, Johannes __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3195] [bug] aes-cbc encryption on x86 is not working
On 11.12.2013 17:14, Yanchuan Nian via RT wrote: hi guys, There is a bug in the implementation of AES_cbc_encrypt() on x86 architecture. If the length of plaintext is not multiple of 16 bytes (must greater than 16), the decoded message is different from the original. I tested it with a testcase in the bottom of this letter, and the result is as follows: in = abcdefghijklmnopqrstuvwxyz in [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 result = abcdefghijklmnop���o��ʡ result [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 e1 d5 d3 6f 03 e5 3e dc ca a1 00 00 00 00 00 00 The data in the last block is wrong. I also tested it in a x86_64 machine, and the result is OK. My test is based on the master branch of openssl. Cannot confirm. x86_64, gcc 4.6.3, tested with 1.0.1e and with latest git (e3bc1f495522aac84dc7ebdd7da2dc503110394b). Both show in = abcdefghijklmnopqrstuvwxyz in [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 result = abcdefghijklmnopqrstuvwxyz result [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 Valgrind also reports nothing. I'm not sure, but is calling AES_cbc_encrypt() with a blocksize not a multiple of 16 even allowed by the API? Wouldn't be surprised if that were undefined behavior. Best regards, Johannes __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #3195] [bug] aes-cbc encryption on x86 is not working
On 11 December 2013 16:14, Yanchuan Nian via RT r...@openssl.org wrote: hi guys, There is a bug in the implementation of AES_cbc_encrypt() on x86 architecture. If the length of plaintext is not multiple of 16 bytes (must greater than 16), the decoded message is different from the original. If you are going to use the low level AES routines rather than the high level EVP interface then you must also handle all padding issues yourself. It is undefined behaviour to call AES_cbc_encrypt when the input is not a multiple of the block size. This has been previously discussed here: https://rt.openssl.org/Ticket/Display.html?id=3182user=guestpass=guest Unless there's a really good reason to use the low level routines I would suggest EVP is what you should be using. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org