I'm not sure the old code was wrong either. It's unintuitive, but it is at least possible to pass the NIST compliance tests with the old code - are you sure that's going to be possible with the new code ?
Yes, I'm aware that there have been a lot of complaints about CFB in the past - but it was at least functional for all the awkwardness. Peter Waltenberg From: "Kurt Roeckx via RT" <r...@openssl.org> To: Cc: openssl-dev@openssl.org Date: 03/01/2010 06:44 PM Subject: [openssl.org #2177] New CFB block length breaks old encrypted data Sent by: owner-openssl-...@openssl.org Hi, With version 0.9.8m we're unable to read encrypted data written by older versions. The commit that breaks it has this changelog: The "block length" for CFB mode was incorrectly coded as 1 all the time. It should be the number of feedback bits expressed in bytes. For CFB1 mode set this to 1 by rounding up to the nearest multiple of 8. And this diff: --- crypto/evp/evp_locl.h +++ crypto/evp/evp_locl.h @@ -127,9 +127,9 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ iv_len, cbits, flags, init_key, cleanup, \ set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) +BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, \ + (cbits + 7)/8, key_len, iv_len, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ iv_len, cbits, flags, init_key, cleanup, \ I'm not really sure what to do with this, but I will probably revert that change for the Debian package. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org