Yes, cfb1 is just plain ugly. Because the EVP layer expects bytes, but cfb1
(by design) expects bits it gets really nasty.
I did manage to get cfb1 to pass the NIST AES test suite, but only by
messing with the data at input and output - and even then I doubt that it's
really working properly via the EVp layer.
It won't just be AES cfb1 that has "issues" here, DES and Camellia have the
same problems.
Peter
From: Yair Elharrar <[EMAIL PROTECTED]>
To: "'[email protected]'" <[email protected]>
Date: 14/11/2007 01:30
Subject: RE: aes-128-cfb1 bug
It's a length thing. CFB1 expects the length in bits, not bytes.
If you multiply the length by 8 inside crypto/aes/aes_cfb.c
AES_cfb1_encrypt, it works fine.
-----Original Message-----
From: [EMAIL PROTECTED] [
mailto:[EMAIL PROTECTED] On Behalf Of RenYiqun
Sent: Tuesday, November 13, 2007 7:01 AM
To: [email protected]
Subject: aes-128-cfb1 bug
Hi developers,
I find a bug of aes-128-cfb1: If key is
"2b7e151628aed2a6abf7158809cf4f3c" , iv is
"000102030405060708090a0b0c0d0e0f", plain-text is "a" or "abc",
aes-128-cfb1 can not encrypt/decrypt correctly.
The following is the log file. We can see that decryption result is
different from original plain-text.
[EMAIL PROTECTED] uname -all
HP-UX sshia1 B.11.23 U ia64 3432702471 unlimited-user license
[EMAIL PROTECTED] openssl version
OpenSSL 0.9.7m 23 Feb 2007
[EMAIL PROTECTED] echo "a\c" > filea
[EMAIL PROTECTED] cat filea
[EMAIL PROTECTED] od -x filea
0000000 6100
0000001
[EMAIL PROTECTED] openssl enc -aes-128-cfb1 -in filea -out filea.enc.97m \
> -K 2b7e151628aed2a6abf7158809cf4f3c -iv
000102030405060708090a0b0c0d0e0f
[EMAIL PROTECTED] openssl enc -aes-128-cfb1 -d -in filea.enc.97m -out
filea.dec.97m \
> -K 2b7e151628aed2a6abf7158809cf4f3c -iv
000102030405060708090a0b0c0d0e0f
[EMAIL PROTECTED] cat filea.dec.97m
[EMAIL PROTECTED] od -x filea.dec.97m
0000000 0
0000001
[EMAIL PROTECTED]
[EMAIL PROTECTED] echo "abc\c" > fileabc
[EMAIL PROTECTED] cat fileabc
[EMAIL PROTECTED] od -x fileabc
0000000 6162 6300
0000003
[EMAIL PROTECTED] openssl enc -aes-128-cfb1 -in fileabc -out
fileabc.enc.97m \
> -K 2b7e151628aed2a6abf7158809cf4f3c -iv
000102030405060708090a0b0c0d0e0f
[EMAIL PROTECTED] openssl enc -aes-128-cfb1 -d -in fileabc.enc.97m -out
fileabc.dec.97m \
> -K 2b7e151628aed2a6abf7158809cf4f3c -iv
000102030405060708090a0b0c0d0e0f
[EMAIL PROTECTED] cat fileabc.dec.97m
[EMAIL PROTECTED] od -x fileabc.dec.97m
0000000 606f 6e00
0000003
[EMAIL PROTECTED] a1#
The bug at least exists in openssl-0.9.7m, openssl-0.9.7l and
openssl-0.9.8b.
I do the test on following platform:
openssl-0.9.7m + HP-UX 11.23 + Itanium CPU
openssl-0.9.7m + HP-UX 11.23 + PA-RISC CPU
openssl-0.9.7l + HP-UX 11.11 + PA-RISC CPU
openssl-0.9.8b + Redhat Enterprise Linux 5 + x86 CPU
Would you please study this bug?
Best Regards
Yiqun Ren
使用新一代 Windows Live Messenger 轻松交流和共享! 立即体验!
