AES-CFB1 and DES-CFB1 mode only encrypts 1/8th of the source file. To reproduce, run the following commands:
echo I Love OpenSSL so much. > test.txt openssl enc -in test.txt -out test.encssl -K 0123456789abcdef0123456789abcdef -iv 000000000000000000000000 openssl enc -in test.encssl -K 0123456789abcdef0123456789abcdef -iv 00000000000000000000000000000000 -des-cfb1 -d Expected output:"I Love OpenSSL so much." (plus a newline) Actual ouput:"I L" (no newline) The results are the same if you substitute "-aes-128-cfb1" for "-des-cfb1" in the above commands. I tracked the problem down and have a patch that fixes it, but I'm in the US and don't want to go through the formalities of notifying whatever authorities need to be notified. The problem is that a parameter is set to the number of *bytes* to encrypt/decrypt, but the parameter is interpreted as the number of *bits* to encrypt/decrypt. In the example above, the input is 24 bytes but only 3 bytes (=24 bits) is encrypted and decrypted. The fix is very simple: replace "X" by "X * 8" in 2 places, where X is the relevant parameter to the cfb1 respective functions. cfb8 seems to work ok for DES and AES. Contents of 'testlog' generated by 'make report' OpenSSL self-test report: OpenSSL version: 0.9.9-dev Last change: Add support for key derivation (agreement) in the API, ... Options: no-asm no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-zlib no-zli b-dynamic OS (uname): Darwin gato.local 8.6.0 Darwin Kernel Version 8.6.0: Tue Mar 7 16:58:48 PST 2006; root:xnu-792.6.70.obj~1/RELEASE_PPC Power Macintosh powerpc OS (config): ppc-apple-darwinDarwin Kernel Version 8.6.0: Tue Mar 7 16:58:4 8 PST 2006; root:xnu-792.6.70.obj~1/RELEASE_PPC Target (default): darwin-ppc-cc Target: darwin-ppc-cc Compiler: Using built-in specs. Target: powerpc-apple-darwin8 Configured with: /private/var/tmp/gcc/gcc-5250.obj~12/src/configure --disable-ch ecking -enable-werror --prefix=/usr --mandir=/share/man --enable-languages=c,obj c,c++,obj-c++ --program-transform-name=/^[cg][^.-]*$/s/$/-4.0/ --with-gxx-includ e-dir=/include/c++/4.0.0 --build=powerpc-apple-darwin8 --host=powerpc-apple-darw in8 --target=powerpc-apple-darwin8 Thread model: posix gcc version 4.0.1 (Apple Computer, Inc. build 5250) Test passed. The same behavior was oberved with the OpenSSL 0.9.7i version that is installed in my Mac as well as v0.9.8a on my Mac, and on a linux system (version unknown). Michael ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
