Re: [openssl.org #2177] New CFB block length breaks old encrypted data

Mon, 01 Mar 2010 01:36:05 -0800 

I'm not sure the old code was wrong either.
It's unintuitive, but it is at least possible to pass the NIST compliance
tests with the old code - are you sure that's going to be possible with the
new code ?

Yes, I'm aware that there have been a lot of complaints about CFB in the
past - but it was at least functional for all the awkwardness.

Peter Waltenberg



                                                                                
                                                          
  From:       "Kurt Roeckx via RT" <r...@openssl.org>                           
                                                            
                                                                                
                                                          
  To:                                                                           
                                                          
                                                                                
                                                          
  Cc:         openssl-dev@openssl.org                                           
                                                          
                                                                                
                                                          
  Date:       03/01/2010 06:44 PM                                               
                                                          
                                                                                
                                                          
  Subject:    [openssl.org #2177] New CFB block length breaks old encrypted 
data                                                          
                                                                                
                                                          
  Sent by:    owner-openssl-...@openssl.org                                     
                                                          
                                                                                
                                                          





Hi,

With version 0.9.8m we're unable to read encrypted data written by
older versions.  The commit that breaks it has this changelog:
    The "block length" for CFB mode was incorrectly coded as 1 all the
time. It
    should be the number of feedback bits expressed in bytes. For CFB1 mode
set
    this to 1 by rounding up to the nearest multiple of 8.

And this diff:
--- crypto/evp/evp_locl.h
+++ crypto/evp/evp_locl.h
@@ -127,9 +127,9 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid,
block_size, key_len, \
 #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
                                          iv_len, cbits, flags, init_key,
cleanup, \
                                          set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
-                          key_len, iv_len, flags, init_key, cleanup,
set_asn1, \
-                          get_asn1, ctrl)
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, \
+                                    (cbits + 7)/8, key_len, iv_len, \
+                        flags, init_key, cleanup, set_asn1, get_asn1,
ctrl)

 #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
                                          iv_len, cbits, flags, init_key,
cleanup, \

I'm not really sure what to do with this, but I will probably revert
that change for the Debian package.


Kurt

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to