Hi,
=09I am performing an AES encryption with 16 bytes of data with a 128
bit key, CBC mode, and PKCS5 padding enabled through OpenSSL 0.9.8a.=20
When trying to decrypt the data (with different code), I was receiving
padding errors, so I decrypted the data without padding to take a look
=09
=09Turns out the pad byte was computed correctly (16), but was only
applied to the last 8 bytes (maybe the AES block size of 16 is being
ignored?):
=09
=09(32) 66, 66, 83, 101, 110, 100, 101, 114, 67, 45, 48, 45, 49, 48, 48,
49, -57, 37, 16, -82, 115, -25, 23, 96, 16, 16, 16, 16, 16, 16, 16,
16,
=09
=09this of course, should be:
=09
=09(32) 66, 66, 83, 101, 110, 100, 101, 114, 67, 45, 48, 45, 49, 48, 48,
49, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
=09
A snippit of the code I'm calling:

/************************************************** ***********/
int encryptAES(...)
/************************************************** ***********/
{
=09unsigned char *encryptedData =3D NULL;
=09int size =3D strlen(dataToEncrypt);
=09int size2 =3D 0;
=09
=09if(DEBUG > 2) fprintf(logfile, "\nStarting encryptAES");
EVP_CIPHER *cipher =3D NULL;
=09EVP_CIPHER_CTX *ctx=3DNULL;
=09ctx =3D (EVP_CIPHER_CTX *) malloc (sizeof(EVP_CIPHER_CTX));
=09memset ( ctx,0x00 ,sizeof(EVP_CIPHER_CTX));
=09EVP_CIPHER_CTX_init(ctx);

=09if(DEBUG > 2) fprintf(logfile, "\ncleartext data size is %d", size);=09

=09cipher =3D EVP_aes_128_cbc();
=09encryptedData =3D (char *) malloc(size);
=09if(!EVP_CipherInit_ex(ctx, cipher, NULL, /*license*/key, theIV16,
=09=09=09AES_ENCRYPT))
{
printf ( "\nError in EVP_CipherInit step 1 (return.c).");
return(-1000);
}
=09if(!EVP_CipherUpdate(ctx, encryptedData, &size, dataToEncrypt, size))
=09{

=09=09printf("\nError in EVP_CipherUpdate"); return (-1001);
=09}
=09if(!EVP_CipherFinal_ex(ctx, encryptedData + size, &size2))
=09{
=09=09printf("\nError in EVP_CipherFinal"); return (-1002);
=09}

=09size +=3D size2;=09



Thanks
Dave
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org