Hmm, I just noticed this problem yesterday, as well. As a temporary work-around, you can turn off padding with OFB mode, and everything works as expected. I'm pretty sure I got an error related to block alignment when I turned off padding in CFB mode.
However, the CFB mode behavior is now technically CORRECT whereas it never was in previous versions, at least according to things like the NIST specification of the mode, because the shift register is always supposed to fill up before doing an encryption (Appendix A of the new modes document explicitly states that CFB needs to be padded, reinforcing this interpretation). Yes, there are protocols that rely on the streaming version of CFB, though. OpenSSL should clearly support both, but it's not as clear to me what the default should be for CFB. For OFB, the default is clear (and the current state of affairs is clearly wrong :). John On Thu, Oct 17, 2002 at 11:44:47AM +0200, Olaf Kirch via RT wrote: > > Hi all, > > yesterday I came across a bug in OpenSSL 0.9.7-beta3. When getting > an EVP_CIPHER in OFB/CFB mode, it reports as its block size the > block size of the underlying encryption algorithm, rather than 1. > Needless to say, this makes any application fail that uses a > cipher in CFB/OFB stream mode. > > If this isn't a bug, it's at least a departure from the behavior > of previous versions... :) > > Looking at evp_locl.h, there are two monster macros for setting > up an EVP_CIPHER suite - the one that's commented out at the > moment seems to do the right thing. > > Cheers, > Olaf > -- > Olaf Kirch | Anyone who has had to work with X.509 has probably > [EMAIL PROTECTED] | experienced what can best be described as > ---------------+ ISO water torture. -- Peter Gutmann > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
