Set padding in OpenSSL for AES_ecb_encrypt

Question

I'm decrypting some java encrypted text with OpenSSL. Reading this post I wrote the following code.

unsigned int i = 0;
printf("Out array - Before\n");
for(i = 0; i < sizeof(out); i++) {
    if(i % 32 == 0)
        printf("\n");
    printf("%02X", out[i]);
}
printf("\n");

AES_set_decrypt_key((const unsigned char *)a.at(3).c_str(), 128, &aesKey_);
for(i = 0; i < sizeof(bytes); i += AES_BLOCK_SIZE) {
    std::cout << "Decrypting at " << i << " of " << sizeof(bytes) << "\n";
    AES_ecb_encrypt(bytes + i, out + i, &aesKey_, AES_DECRYPT);
}

std::cout << "HEX        : " << a.at(2).c_str() << "\n"
<< "Decrypting : " << bytes << "\n"
<< "With Key   : " << a.at(3).c_str() << "\n"
<< "Becomes    : " << out << "\n";

printf("Out array - AFTER\n");
for(i = 0; i < sizeof(out); i++) {
    if(i % 32 == 0)
        printf("\n");
    printf("%02X", out[i]);
}
printf("\n");

It appears to decrypt the data fine, though the PKCS5-padding gets decrypted along and some extra garbage (I'm assuming this is due to the PKCS5-padding).

Out array - BEFORE 0000000000000000000000000000000000000000000000000000000000000000
Decrypting at 0 of 18
Decrypting at 16 of 18
HEX        : B00FE0383F2E3CBB95A5A28FA91923FA00
Decrypting : ��8?.<������#�
With Key   : I'm a secret key
Becomes    : no passwordHQ�EZ��-�=%.7�n
Out array - AFTER 6E6F2070617373776F72644851030303C7457F5ACCF12DAA053D252E3708846E

The above is output from my code, no passwordHQ (6E6F2070617373776F72644851) is the expected output, but you can see the padding is decoded 030303 followed by the garbage C7457F5ACCF12DAA053D252E3708846E.

So how do I set the padding in OpenSSL?

I expected there to be an AES_set_padding (or similar) function, but I'm obviously missing it in the documentation.

`AES_ecb_encrypt(bytes + i, out + i, &aesKey_, AES_DECRYPT);` This decrypts it. Note `AES_DECRYPT` — Ne0, Nov 06 '13 at 14:08
@andrewcooke after all your help and your white space edits, we are no closer to answering the question. But thanks for your invaluable knowledge. — Ne0, Nov 06 '13 at 14:44
i would have helped, but i used up my spare time just sorting this mess out. maybe next time... — andrew cooke, Nov 06 '13 at 14:47

score 0 · Answer 1 · edited Apr 13 '17 at 12:48

0

Please try and use the higher level function defined in EVP_*. For those functions PKCS#7 padding is standard. Note that PKCS#5 padding officially is only for 8 byte block ciphers.

After some searching I found that evp.h should contain:

const EVP_CIPHER *EVP_aes_128_ecb(void);

which you should be able to use with

int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
     unsigned char *key, unsigned char *iv);

additional information about EVP functions does suggest that it shoud automatically use the correct padding. The IV is of course ignored for ECB mode, so any pointer should do.

edited Apr 13 '17 at 12:48

Community

1
1

answered Nov 06 '13 at 16:59

Maarten Bodewes

90,524
13
150
263

Thanks. I may be mistaken, but I cannot find an EVP function for AES EBC in the documentation. I have the same issue as the linked post, some legacy (java) code that needs supporting does it this way. I have moved all code to use AES CPC and do use the EVP functions without issue. It would appear that the java code is using PKCS#5 by default for AES ECB (128). – Ne0 Nov 07 '13 at 08:58
1

I'll have a look later on for the EVP functionality. By default Java uses "cipher/ECB/PKCS5Padding" in the Sun provider, but it is much better to explicitly define what mode of operation and padding mode should be used (no need for guessing). Especially since ECB mode is insecure. – Maarten Bodewes Nov 07 '13 at 09:02
Do you know if I can set a zero padding to EVP_EncryptInit_ex instead of PKCS padding? – Alex Terente Jun 27 '14 at 15:11
1

You should be able to use `EVP_CIPHER_CTX_set_padding` on the now initialized context. – Maarten Bodewes Jun 27 '14 at 15:20

Set padding in OpenSSL for AES_ecb_encrypt

1 Answers1

Linked