Hi aunt.jomamma, You have ignored every return value. You should probably start by checking all return values.
If you check all return values *and* assert all the checks, you will have self debugging code. I find self debugging code the best code of all, but I'm kind of lazy. > 2) Is there purposely a difference in behavior between the FIPS and non-FIPS > versions,... Did FIPS_mode_set succeed? It returns 1 on success. Jeff On Fri, Oct 12, 2012 at 4:40 PM, AJ <[email protected]> wrote: > Hi, > > I've noticed an inconsistency between the behavior of AES_CTR in FIPS and > non-FIPS modes. > I am using openssl-1.0.1c and openssl-fips-2.0. > > The following code demonstrates the issue: > > 1 #include <stdio.h> > 2 #include <string.h> > 3 #include "openssl/evp.h" > 4 > 5 #define MSG_SIZE 14 > 6 const unsigned char *key = (unsigned char *)"1234567890123456"; > 7 const unsigned char *iv = (unsigned char *)"0101010101010101"; > 8 > 9 int main(void) { > 10 > 11 unsigned char in_1[MSG_SIZE]; > 12 unsigned char in_2[MSG_SIZE]; > 13 unsigned char out_1[MSG_SIZE]; > 14 unsigned char out_2[MSG_SIZE]; > 15 int out_len_1, out_len_2; > 16 > 17 EVP_CIPHER_CTX ctx_1, ctx_2; > 18 > 19 memset ( in_1, 0, MSG_SIZE ); > 20 memset ( in_2, 0, MSG_SIZE ); > 21 > 22 EVP_CIPHER_CTX_init( &ctx_1 ); > 23 EVP_EncryptInit( &ctx_1, EVP_aes_128_ctr(), key, iv ); > 24 EVP_EncryptUpdate( &ctx_1, out_1, &out_len_1, in_1, MSG_SIZE ); > 25 EVP_EncryptInit( &ctx_1, NULL, NULL, iv ); > 26 EVP_EncryptUpdate( &ctx_1, out_1, &out_len_1, in_1, MSG_SIZE ); > 27 > 28 FIPS_mode_set(1); /* Enable FIPS mode */ > 29 > 30 EVP_CIPHER_CTX_init( &ctx_2 ); > 31 EVP_EncryptInit( &ctx_2, EVP_aes_128_ctr(), key, iv ); > 32 EVP_EncryptUpdate( &ctx_2, out_2, &out_len_2, in_2, MSG_SIZE ); > 33 EVP_EncryptInit( &ctx_2, NULL, NULL, iv ); > 34 EVP_EncryptUpdate( &ctx_2, out_2, &out_len_2, in_2, MSG_SIZE ); > 35 > 36 if ( memcmp( out_1, out_2, MSG_SIZE ) == 0 ) { > 37 printf("Buffers are equal.\n\n"); > 38 } else { > 39 printf("Buffers are not equal.\n\n"); > 40 } > 41 > 42 return 0; > 43 } > > The reason for the difference outputs is that there is a difference in the > EVP_EncryptInit code (lines 25 and 33) for the 2 modes. > > In the non-FIPS mode, line 25 will reset the ctx_1->num to zero. This is > done in EVP_CipherInit_ex(), line 240: > 239 case EVP_CIPH_CTR_MODE: > 240 ctx->num = 0; > 241 /* Don't reuse IV for CTR mode */ > 242 if(iv) > 243 memcpy(ctx->iv, iv, > EVP_CIPHER_CTX_iv_length(ctx)); > 244 break; > 245 > > However, in FIPS mode, the equivalent line does not reset ctx_2->num. This > is from FIPS_cipherinit(), lines 210-215: > 210 case EVP_CIPH_CTR_MODE: > 211 /* Don't reuse IV for CTR mode */ > 212 if(iv) > 213 memcpy(ctx->iv, iv, > M_EVP_CIPHER_CTX_iv_length(ctx)); > 214 break; > 215 > > > I can make my program work if I change line 33 from: > EVP_EncryptInit( &ctx_2, NULL, NULL, iv ); > to: > EVP_EncryptInit( &ctx_2, EVP_aes_128_ctr(), key, iv ); > > This explicitly specifies the cipher and key again. From the docs, it > appears that I should be able to set them to NULL and have it work, if they > don't need to be updated, and that is how it works in the non-FIPS mode. > > Questions: > ======== > 1) Should I need to explicitly specifies the cipher and key again in > EVP_EncryptInit(), if I am only updating the IV? (i.e. should I be able to > put NULL for key and cipher). > 2) Is there purposely a difference in behavior between the FIPS and non-FIPS > versions, or is this a bug? My understanding was that they *should* work > interchangeably. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
