> On Nov 19, 2014, at 6:26 PM, William McGovern <w...@thaiglish.com> wrote: > > >> On Nov 19, 2014, at 6:09 PM, William McGovern <w...@thaiglish.com >> <mailto:w...@thaiglish.com>> wrote: >> >> >>> On Nov 19, 2014, at 5:03 PM, Maarten Bodewes <maarten.bode...@gmail.com >>> <mailto:maarten.bode...@gmail.com>> wrote: >>> >>> Hi all, >>> >>> I would be very grateful if somebody could explain why the following >>> problem occurs: >>> >>> a test vector with an AAD of 20 bytes created an authentication tag that is >>> not correct, >>> this could for instance be a padding bug in OpenSSL's GCM implementation. >>> >>> Ref: http://stackoverflow.com/q/27023287/589259 >>> <http://stackoverflow.com/q/27023287/589259> >>> >>> The Bouncy Castle implementation does seem to generate the correct value >>> for the same test vector. >>> >>> I'll try and execute the code, but currently my openssl development >>> environment is not up. >>> >>> Regards, >>> Maarten >> >> I built your code against 1.0.1j and got the expected result for the authtag >> on your test vector: >> >> should be: c75b7832b2a2d9bd827412b6ef5769db >> result is: c75b7832b2a2d9bd827412b6ef5769db >> >> $ openssl version >> OpenSSL 1.0.1j 15 Oct 2014 >> > > If I build against the native OpenSSL library in Ubuntu 12.04 that matches > your version I get the same failure you are seeing: > > should be: c75b7832b2a2d9bd827412b6ef5769db > result is: e5fb99cb5b9658aa5d2caa3308e0ce6c > > $ /usr/bin/openssl version > OpenSSL 1.0.1 14 Mar 2012 > > It does seem to work correctly and give expected output when built on Ubuntu > 14.04. >
Looks like the version that is failing still has this bug: http://rt.openssl.org/Ticket/Display.html?id=2859 <http://rt.openssl.org/Ticket/Display.html?id=2859> There is also a workaround detailed in the ticket that you might be able to utilize if you don’t want to build a newer library version.
