Hi,
I am performing an AES encryption with 16 bytes of data with a 128
bit key, CBC mode, and PKCS5 padding enabled through OpenSSL 0.9.8a.
When trying to decrypt the data (with different code), I was receiving
padding errors, so I decrypted the data without padding to take a look
Turns out the pad byte was computed correctly (16), but was only
applied to the last 8 bytes (maybe the AES block size of 16 is being
ignored?):
(32) 66, 66, 83, 101, 110, 100, 101, 114, 67, 45, 48, 45, 49, 48, 48,
49, -57, 37, 16, -82, 115, -25, 23, 96, 16, 16, 16, 16, 16, 16, 16,
16,
this of course, should be:
(32) 66, 66, 83, 101, 110, 100, 101, 114, 67, 45, 48, 45, 49, 48, 48,
49, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
A snippit of the code I'm calling:
/*************************************************************/
int encryptAES(...)
/*************************************************************/
{
unsigned char *encryptedData = NULL;
int size = strlen(dataToEncrypt);
int size2 = 0;
if(DEBUG > 2) fprintf(logfile, "\nStarting encryptAES");
EVP_CIPHER *cipher = NULL;
EVP_CIPHER_CTX *ctx=NULL;
ctx = (EVP_CIPHER_CTX *) malloc (sizeof(EVP_CIPHER_CTX));
memset ( ctx,0x00 ,sizeof(EVP_CIPHER_CTX));
EVP_CIPHER_CTX_init(ctx);
if(DEBUG > 2) fprintf(logfile, "\ncleartext data size is %d", size);
cipher = EVP_aes_128_cbc();
encryptedData = (char *) malloc(size);
if(!EVP_CipherInit_ex(ctx, cipher, NULL, /*license*/key, theIV16,
AES_ENCRYPT))
{
printf ( "\nError in EVP_CipherInit step 1 (return.c).");
return(-1000);
}
if(!EVP_CipherUpdate(ctx, encryptedData, &size, dataToEncrypt, size))
{
printf("\nError in EVP_CipherUpdate"); return (-1001);
}
if(!EVP_CipherFinal_ex(ctx, encryptedData + size, &size2))
{
printf("\nError in EVP_CipherFinal"); return (-1002);
}
size += size2;
Thanks
Dave
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
