Hi guys,
I think I may have discovered a bug in OpenSSL's AES though EVP, or perhaps I
don't know how it is supposed to work. I want to encrypt with padding
disabled, but it seems my output data is padded regardless. For instance, if
I am using AES128 and I give a 16 byte input, I get a 32 byte output (16 from
EncryptUpdate and 16 from EncryptFinal).
Am I not allowed to use AES without padding? I have tried with both 0.9.7 and
the snapshot of today.
Below is a small example to demonstrate the problem. As you can see, I get an
extra block in my result. Commenting/Uncommenting out the lines regarding
padding does nothing.
Thanks,
-Justin
#include<openssl/evp.h>
#include<stdio.h>
int main()
{
char key[] = {
0xbf,0xf9,0x7e,0x06,0x86,0xca,0xa8,0x78,0x64,0xdb,0xba,0xa7,0x1c,0xd4,0x2e,0x1c
};
char dat[] = {
0x3d,0x6f,0xa3,0x11,0x10,0x07,0xe6,0x2e,0x52,0x44,0xf4,0xad,0x14,0xcb,0xdd,0x4d
};
unsigned char result[64];
unsigned char last[32];
int len, len2;
int n;
const EVP_CIPHER *type;
type = EVP_aes_128_cbc();
EVP_CIPHER_CTX c;
// trying two ways to disable padding, but no luck
c.flags |= EVP_CIPH_NO_PADDING;
EVP_CIPHER_CTX_set_padding(&c, 0);
if(!EVP_EncryptInit(&c, type, key, NULL)) {
printf("err 1\n");
return 0;
}
if(!EVP_EncryptUpdate(&c, result, &len, dat, 16)) {
printf("err 2\n");
return 0;
}
printf("len=%d\n", len);
if(!EVP_EncryptFinal(&c, last, &len2)) {
printf("err 3\n");
return 0;
}
printf("len2=%d\n", len2);
memcpy(result + len, last, len2);
len += len2;
printf("enc: ");
for(n = 0; n < len; ++n)
printf("%02x", (unsigned char)result[n]);
printf("\n");
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
