hi guys,
There is a bug in the implementation of AES_cbc_encrypt() on x86 architecture.
If the length of plaintext is not multiple of 16 bytes (must greater than 16),
the decoded message is different from the original. I tested it with a testcase
in the bottom of this letter, and the result is as follows:
in = abcdefghijklmnopqrstuvwxyz
in [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77
78 79 7a 00 00 00 00 00 00
result = abcdefghijklmnop���o��>�ʡ
result [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 e1 d5 d3 6f 03
e5 3e dc ca a1 00 00 00 00 00 00
The data in the last block is wrong. I also tested it in a x86_64 machine,
and the result is OK. My test is based on the master branch of openssl.
#include <stdio.h>
#include <string.h>
#include <openssl/aes.h>
int main()
{
char in[32] = {0};
char out[32] = {0};
char result[32] = {0};
AES_KEY key1, key2;
char *userKey = "wiodkemdusndjeik";
int len, i;
unsigned char ivec[16] = {0};
strcpy(in, "abcdefghijklmnopqrstuvwxyz");
len = strlen(in);
if (AES_set_encrypt_key(userKey, 128, &key1) != 0) {
printf("AES_set_encrypt_key() error.\n");
return 1;
}
if (AES_set_decrypt_key(userKey, 128, &key2) != 0) {
printf("AES_set_decrypt_key() error.\n");
return 1;
}
for (i = 0; i < 16; i++)
ivec[i] = i;
AES_cbc_encrypt(in, out, len, &key1, ivec, AES_ENCRYPT);
for (i = 0; i < 16; i++)
ivec[i] = i;
AES_cbc_encrypt(out, result, len, &key2, ivec, AES_DECRYPT);
printf("in = %s\n", in);
printf("in [hex] = ");
for (i = 0; i < 32; i++)
printf("%02x ", in[i]&0xff);
printf("\n");
printf("result = %s\n", result);
printf("result [hex] = ");
for (i = 0; i < 32; i++)
printf("%02x ", result[i]&0xff);
printf("\n");
return 0;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
