This is a discussion on Re: [openssl.org #1548] - Openssl ; Openssl: OK, I had a chance to look at another implementation of the AES_CBC=20 operation and they were doing something similar (changing the IV) to what= =20 was being done in the original aes_cbc.c file. So I now think (I ...
OK, I had a chance to look at another implementation of the AES_CBC=20
operation and they were doing something similar (changing the IV) to what=
was being done in the original aes_cbc.c file. So I now think (I have=20
tested it) the original implementation was OK, given what was "probably"=20
intended (one wishes that the original authors had documented what they=20
The IV will always be overwritten on return from the call. The value it=20
will be "updated" with is the value that would be needed if you were=20
"chaining" the operations (making multiple calls to encrypt/decrypt a lar=
buffer by doing it in sections). For example, the single call:
AES_cbc_encrypt(in_data, out_data, len, &ekey, iv_cpy, AES_ENCRY=
can be done in two calls( assuming len >32 in this example):
AES_cbc_encrypt(in_data, out_data, 32, &ekey, iv_cpy, AES_ENCRYP=
AES_cbc_encrypt(&in_data, &out_data, len - 32, &ekey,=20
The restriction here is that only the "last" call may have an encryption=20
length that is not an integer multiple of AES_BLOCK_SIZE (16).
At 10:09 AM 6/21/2007 +0200, The default queue via RT wrote:
>This message has been automatically generated in response to the
>creation of a trouble ticket regarding:
> "bug report, file aes_cbc.c (from v 0.9.8e)",
>a summary of which appears below.
>There is no need to reply to this message right now. Your ticket has be=
>assigned an ID of [openssl.org #1548].
>Please include the string:
> [openssl.org #1548]
>in the subject line of all future correspondence about this issue. To do=
>you may reply to this message.
> Thank you,
>I have been playing with the AES encryption code that I have "cut out"
>of the sources and I recently tried using the AES_cbc_encrypt()
>routine (defined in aes_cbc.c) - comparing it to some "know results" in
>the WiMedia specifications. I found that the encryption operation was O=
>but the decryption operation gave the wrong result!! In either
>case, (encryption/decryption) the routine is also doing something that
>would appear to be wrong: it is overwriting the IV input string. I have
>included "my" version of this file (that appears to work correctly in my
> 1. Testing done using VC++ v6.0 in Windows, but I believe this=
> is not
> 2. file: aes_cbc.c (same version in 0.9.8d and 0.9.8e)
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager email@example.com