Hi, Sorry my mistake.
With such mode as OFB et CFB (sounds like CTR too) we could use block cipher as stream cipher (because of the specific mode scheme only IV and Key is used as input for Encryption Function). Here is a link about it. http://www.cacr.math.uwaterloo.ca/hac/ # Chapter 7 - Block Ciph regards, Fred -----Original Message----- From: Frédéric Donnat Sent: Thu 5/4/2006 5:04 PM To: openssl-dev@openssl.org; [EMAIL PROTECTED] Cc: openssl-dev@openssl.org Subject: RE: [openssl.org #1318] [PATCH] AES-CFB1 and DES-CFB1 mode only encrypts 1/8th of the source Hey May some explains the following result about AES OFB (sounds like a BUG)? I think that AES-128 block size is at 128 bits even for ECB or OFB mode but openssl output is different. INFO: Settings: alg: aes-128-cbc Algo Name: aes-128-cbc EVP_CIPHER: NID: 01a3, Name: AES-128-CBC, Blk len: 16, key len: 16, iv len: 16, flags: 2, mode: 2 INFO: Settings: alg: aes-128-ofb Algo Name: aes-128-ofb EVP_CIPHER: NID: 01a4, Name: AES-128-OFB, Blk len: 1, key len: 16, iv len: 16, flags: 4, mode: 4 INFO: Settings: alg: aes-128-ecb Algo Name: aes-128-ecb EVP_CIPHER: NID: 01a2, Name: AES-128-ECB, Blk len: 16, key len: 16, iv len: 16, flags: 1, mode: 1 here is the piece of code: const EVP_CIPHER *evp_ciph = NULL; evp_ciph = EVP_get_cipherbyname (alg_name); fprintf (stdout, "Algo Name: %s\n", alg_name); if (evp_ciph != NULL) { fprintf (stdout, "EVP_CIPHER: NID: %04x, Name: %s, " \ "Blk len: %d, key len: %d, iv len: %d, " \ "flags: %lx, mode: %lx\n", EVP_CIPHER_nid (evp_ciph), EVP_CIPHER_name (evp_ciph), EVP_CIPHER_block_size (evp_ciph), EVP_CIPHER_key_length (evp_ciph), EVP_CIPHER_iv_length (evp_ciph), EVP_CIPHER_flags (evp_ciph), EVP_CIPHER_mode (evp_ciph)); thanks in advance Fred -----Original Message----- From: Nils Larsch via RT [mailto:[EMAIL PROTECTED] Sent: Thu 4/20/2006 3:44 PM To: [EMAIL PROTECTED] Cc: openssl-dev@openssl.org Subject: Re: [openssl.org #1318] [PATCH] AES-CFB1 and DES-CFB1 mode only encrypts 1/8th of the source Michael McDougall wrote: > diff -ur openssl-SNAP-20060415/crypto/aes/aes_cfb.c > openssl-SNAP-20060415.changed/crypto/aes/aes_cfb.c > --- openssl-SNAP-20060415/crypto/aes/aes_cfb.c 2004-12-30 > 06:00:14.000000000 -0500 > +++ openssl-SNAP-20060415.changed/crypto/aes/aes_cfb.c 2006-04-17 > 22:18:11.000000000 -0400 > @@ -191,18 +191,20 @@ > } > > /* N.B. This expects the input to be packed, MS bit first */ > -void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, > +void > +AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, > const unsigned long length, const AES_KEY *key, > unsigned char *ivec, int *num, const int enc) > { > unsigned int n; > unsigned char c[1],d[1]; > + unsigned long length_in_bits = length * 8; > > assert(in && out && key && ivec && num); > assert(*num == 0); > > memset(out,0,(length+7)/8); > - for(n=0 ; n < length ; ++n) > + for(n=0 ; n < length_in_bits ; ++n) > { > c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; > AES_cfbr_encrypt_block(c,d,1,key,ivec,enc); the problem here is that that EVP layer specifies the length of the input in bytes whereas this functions expects the length in bits (although is not clearly specified somewhere). > diff -ur openssl-SNAP-20060415/crypto/evp/e_des.c > openssl-SNAP-20060415.changed/crypto/evp/e_des.c > --- openssl-SNAP-20060415/crypto/evp/e_des.c 2004-03-28 13:00:11.000000000 > -0500 > +++ openssl-SNAP-20060415.changed/crypto/evp/e_des.c 2006-04-17 > 22:17:39.000000000 -0400 > @@ -109,8 +109,9 @@ > { > unsigned int n; > unsigned char c[1],d[1]; > + unsigned int inl_bits = inl * 8; > > - for(n=0 ; n < inl ; ++n) > + for(n=0 ; n < inl_bits ; ++n) > { > c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; > DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, agree, with this one. Cheers, Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]