Re: [openssl.org #3195] [bug] aes-cbc encryption on x86 is not working

[Johannes Bauer]

On 11.12.2013 17:14, Yanchuan Nian via RT wrote:
> hi guys,
> There is a bug in the implementation of AES_cbc_encrypt() on x86 architecture.
> If the length of plaintext is not multiple of 16 bytes (must greater than 16),
> the decoded message is different from the original. I tested it with a 
> testcase
> in the bottom of this letter, and the result is as follows:
> 
> in = abcdefghijklmnopqrstuvwxyz
> in [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 
> 77 78 79 7a 00 00 00 00 00 00 
> result = abcdefghijklmnop���o�>�ʡ
> result [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 e1 d5 d3 6f 03 
> e5 3e dc ca a1 00 00 00 00 00 00
> 
> The data in the last block is wrong. I also tested it in a x86_64 machine,
> and the result is OK. My test is based on the master branch of openssl.

Cannot confirm. x86_64, gcc 4.6.3, tested with 1.0.1e and with latest
git (e3bc1f495522aac84dc7ebdd7da2dc503110394b). Both show

in = abcdefghijklmnopqrstuvwxyz
in [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74
75 76 77 78 79 7a 00 00 00 00 00 00
result = abcdefghijklmnopqrstuvwxyz
result [hex] = 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73
74 75 76 77 78 79 7a 00 00 00 00 00 00

Valgrind also reports nothing.

I'm not sure, but is calling AES_cbc_encrypt() with a blocksize not a
multiple of 16 even allowed by the API? Wouldn't be surprised if that
were undefined behavior.

Best regards,
Johannes
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org