Openssl:

OK, I had a chance to look at another implementation of the AES_CBC=20
operation and they were doing something similar (changing the IV) to what=
=20
was being done in the original aes_cbc.c file. So I now think (I have=20
tested it) the original implementation was OK, given what was "probably"=20
intended (one wishes that the original authors had documented what they=20
intended...):

The IV will always be overwritten on return from the call. The value it=20
will be "updated" with is the value that would be needed if you were=20
"chaining" the operations (making multiple calls to encrypt/decrypt a lar=
ge=20
buffer by doing it in sections). For example, the single call:

AES_cbc_encrypt(in_data, out_data, len, &ekey, iv_cpy, AES_ENCRY=
PT);

can be done in two calls( assuming len >32 in this example):

AES_cbc_encrypt(in_data, out_data, 32, &ekey, iv_cpy, AES_ENCRYP=
T);
AES_cbc_encrypt(&in_data[32], &out_data[32], len - 32, &ekey,=20
iv_cpy, AES_ENCRYPT);

The restriction here is that only the "last" call may have an encryption=20
length that is not an integer multiple of AES_BLOCK_SIZE (16).


=
-Bruce



At 10:09 AM 6/21/2007 +0200, The default queue via RT wrote:

>Greetings,
>
>This message has been automatically generated in response to the
>creation of a trouble ticket regarding:
> "bug report, file aes_cbc.c (from v 0.9.8e)",
>a summary of which appears below.
>
>There is no need to reply to this message right now. Your ticket has be=

en
>assigned an ID of [openssl.org #1548].
>
>Please include the string:
>
> [openssl.org #1548]
>
>in the subject line of all future correspondence about this issue. To do=

so,
>you may reply to this message.
>
> Thank you,
> rt@openssl.org
>
>------------------------------------------------------------------------=

-
>openssl:
>
>I have been playing with the AES encryption code that I have "cut out"
>of the sources and I recently tried using the AES_cbc_encrypt()
>routine (defined in aes_cbc.c) - comparing it to some "know results" in
>the WiMedia specifications. I found that the encryption operation was O=

K,
>but the decryption operation gave the wrong result!! In either
>case, (encryption/decryption) the routine is also doing something that
>would appear to be wrong: it is overwriting the IV input string. I have
>included "my" version of this file (that appears to work correctly in my
>tests).
>
>The details:
>
> 1. Testing done using VC++ v6.0 in Windows, but I believe this=

=20
> is not
>relevant.
> 2. file: aes_cbc.c (same version in 0.9.8d and 0.9.8e)
>
>=20
>-Bruce



__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org