Re: [openssl.org #306] EVP_xxx_{cfb,ofb} problems in openssl 0.9.7-beta3

Thu, 17 Oct 2002 16:20:51 -0700 

Yes, it does indeed seem to be fixed.  Seeing that OFB and CFB are 
pretty fundamental, shouldn't a fix like that merit a b4 release, 
particularly considering how long it's been since b3? :)

John

On Thursday, October 17, 2002, at 05:34 PM, Richard Levitte - VMS 
Whacker wrote:

> In message <[EMAIL PROTECTED]> 
> on Thu, 17 Oct 2002 16:34:55 -0400, John Viega 
> <[EMAIL PROTECTED]> said:
>
> viega> Perhaps it would help to show you how things work differently 
> in 0.9.6
> viega> and 0.9.7.  Try this code out in each one:
> viega>
> viega> #include <openssl/evp.h>
> viega>
> viega> int main(int argc, char **argv) {
> viega>    EVP_CIPHER_CTX c;
> viega>    char key[128] = {0,};
> viega>    char iv[128] = {0,};
> viega>    char in[256]={0,};
> viega>    char out[256];
> viega>    int olen,i, o2;
> viega>
> viega> #define CIPHER() EVP_bf_cfb()
> viega> #define HOWMANY 148
> viega>    EVP_EncryptInit(&c, CIPHER(), (char *)key, iv);
> viega>    EVP_EncryptUpdate(&c, out, &olen, in, HOWMANY);
> viega>    EVP_EncryptFinal(&c, out+olen,&o2);
> viega>    olen += o2;
> viega>    printf("Olen = %d\n", olen);
> viega>    for(i=0;i<olen;i++) {
> viega>      printf("%02x ", (unsigned char)out[i]);
> viega>    }
> viega>    printf("\n");
> viega> }
> viega>
> viega> This returns 148 in 0.9.6, and it returns 152 in 0.9.7 (b3 at 
> least).
> viega> The same thing happens in OFB mode.  What's going on is that 
> PKCS
> viega> padding is getting added when it never was previously.
>
> Ah, yeah, right, that's a bug in beta3.  It has been fixed, however.
> Please try the latest 0.9.7 snapshot, and you'll see the difference.
>
> -- 
> Richard Levitte   \ Spannv�gen 38, II \ [EMAIL PROTECTED]
> Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
>                     \      SWEDEN       \ or +46-708-26 53 44
> Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
> Member of the OpenSSL development team: http://www.openssl.org/
>
> Unsolicited commercial email is subject to an archival fee of $400.
> See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to