Andy Brown wrote:
> I believe I've found a bug with the UNIX command-line "openssl enc"
It's not a bug, it's a feature... ;-)
> utility. If you specify the hex key (with -K) on the command line, the IV
> is some randomish garbage, probably whatever happens to be in memory.
> Shouldn't the default IV be zero in this case?
No. As long the IV is not set, the program selects one.
> When the hex key (-K) is specified:
> 1) A garbage salt is presented
> 2) A garbage IV is presented
That is OK...
> The garbage salt and IVs are sometimes different on different shell
> instances. They are also sometimes different if I specify the base64
> output (-a) option:
>
> $ openssl enc -des -K AAAAAAAAAAAAAAAA -P
> salt=00000000FFBEFB68
> key=AAAAAAAAAAAAAAAA
> iv =FFBEF568000277FC
>
> $ openssl enc -des -a -K AAAAAAAAAAAAAAAA -P
> salt=00000000FFBEFB60
> key=AAAAAAAAAAAAAAAA
> iv =FFBEF560000277FC
>
> This leads me to believe it's an allocation problem.
It is not.
If no IV is set, it is undefined and some random value is used.
(an uninitialized part of the memory...)
Perhaps it would be better to fill it with random data...
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
