DES_ede3_cbc_encrypt and padding

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

DES_ede3_cbc_encrypt and padding

Alicia da Conceicao
Greetings:

The DES_ede3_cbc_encrypt() routine does not appear to properly pad
data to fill out the last block.

Consider, if the last block contains 4 bytes for the unencrypted
text "test", DES_ede3_cbc_encrypt() is only padding the remaining
characters with NULL characters:

        74:65:73:74:00:00:00:00

But shouldn't it be padded as follow:

        74:65:73:74:00:00:00:04

with the last byte containing the number of padded bytes.  Note that
if the last block is full, then an additional block of padding is
added with 00:00:00:00:00:00:00:08.

Is CBC padding in OpenSSL handled by a separate routine?  Shouldn't
CBC padding be handled by the CBC routine?

Thanks in advance.
Alicia.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: DES_ede3_cbc_encrypt and padding

Rabellino Sergio
Alicia da Conceicao wrote:

>Greetings:
>
>The DES_ede3_cbc_encrypt() routine does not appear to properly pad
>data to fill out the last block.
>
>Consider, if the last block contains 4 bytes for the unencrypted
>text "test", DES_ede3_cbc_encrypt() is only padding the remaining
>characters with NULL characters:
>
> 74:65:73:74:00:00:00:00
>
>But shouldn't it be padded as follow:
>
> 74:65:73:74:00:00:00:04
>
>with the last byte containing the number of padded bytes.  Note that
>if the last block is full, then an additional block of padding is
>added with 00:00:00:00:00:00:00:08.
>
>Is CBC padding in OpenSSL handled by a separate routine?  Shouldn't
>CBC padding be handled by the CBC routine?
>
>Thanks in advance.
>Alicia.
>
>  
>
I noticed also a make test persistent failure if DES is enabled in
Sparc/Solaris9/gcc342 hosts (4host tested) in 0.9.8.
In my journey around 0.9.8 to solve the problem, a segmentation fault is
done calling des cbc encrypt/decrypt.....

Note also that i'd no problems at all to compile&test openssl until this
last release.

--
Dott. Mag. Sergio Rabellino

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: DES_ede3_cbc_encrypt and padding

Nils Larsch
In reply to this post by Alicia da Conceicao
Alicia da Conceicao wrote:

> Greetings:
>
> The DES_ede3_cbc_encrypt() routine does not appear to properly pad
> data to fill out the last block.
>
> Consider, if the last block contains 4 bytes for the unencrypted
> text "test", DES_ede3_cbc_encrypt() is only padding the remaining
> characters with NULL characters:
>
> 74:65:73:74:00:00:00:00

yep, afaik that's documented in manual page

>
> But shouldn't it be padded as follow:
>
> 74:65:73:74:00:00:00:04

according to pkcs#5 (6.1.1) it should be "74:65:73:74:04:04:04:04"

>
> with the last byte containing the number of padded bytes.  Note that
> if the last block is full, then an additional block of padding is
> added with 00:00:00:00:00:00:00:08.
>
> Is CBC padding in OpenSSL handled by a separate routine?  Shouldn't
> CBC padding be handled by the CBC routine?

try EVP_EncryptInit_ex() etc.

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]