Skip to content

AES-256 and 192 produce garbage output with -engine padlock (VIA Padlock) #20073

New issue
New issue
Closed
Closed
AES-256 and 192 produce garbage output with -engine padlock (VIA Padlock)#20073
Labels
branch: 1.1.1Applies to OpenSSL_1_1_1-stable branch (EOL)branch: 3.0Applies to openssl-3.0 branchbranch: 3.1Applies to openssl-3.1 (EOL)branch: masterApplies to master branchhelp wantedtriaged: bugThe issue/pr is/fixes a bug
@ValdikSS

Description

@ValdikSS
ValdikSS
opened on Jan 18, 2023

OpenSSL fail to properly encrypt or decrypt AES-192 and AES-256 data (tested CTR and CBC modes), producing garbage output, without any errors, when using VIA Padlock hardware accelerator on VIA Eden Esther CPU.
128 key size modes return correct results.

Tested on OpenSSL 1.1.1n, 1.1.1s, 3.0.7

Without -engine padlock:

$ echo 12345678 | openssl enc -aes-256-ctr -e -nosalt -K 8d06b54b75a39a2ec1147871b4cdcb589525cde68034d39439183feedcf5e79a -iv 84eb471441a65cf6a27b3d6976728227 | hexdump -C
00000000  67 5b 8d ba 61 e2 07 84  79                       |g[..a...y|

$ echo -ne "\x67\x5b\x8d\xba\x61\xe2\x07\x84\x79" | openssl enc -aes-256-ctr -d -nosalt -K 8d06b54b75a39a2ec1147871b4cdcb589525cde68034d39439183feedcf5e79a -iv 84eb471441a65cf6a27b3d6976728227 | hexdump -C
00000000  31 32 33 34 35 36 37 38  0a                       |12345678.|

With -engine padlock:

# Encryption WITH engine padlock
$ echo 12345678 | openssl enc -aes-256-ctr -e -nosalt -K 8d06b54b75a39a2ec1147871b4cdcb589525cde68034d39439183feedcf5e79a -iv 84eb471441a65cf6a27b3d6976728227 -engine padlock | hexdump -C
engine "padlock" set.
00000000  79 86 a0 04 c7 c6 9f 36  80                       |y......6.|

# Decrypting result produced by engine padlock (garbage) WITH engine padlock
$ echo -ne "\x79\x86\xa0\x04\xc7\xc6\x9f\x36\x80" | openssl enc -aes-256-ctr -d -nosalt -K 8d06b54b75a39a2ec1147871b4cdcb589525cde68034d39439183feedcf5e79a -iv 84eb471441a65cf6a27b3d6976728227 -engine padlock | hexdump -C
engine "padlock" set.
00000000  31 32 33 34 35 36 37 38  0a                       |12345678.|

# Decrypting result produced by engine padlock (garbage) WITHOUT engine padlock
$ echo -ne "\x79\x86\xa0\x04\xc7\xc6\x9f\x36\x80" | openssl enc -aes-256-ctr -d -nosalt -K 8d06b54b75a39a2ec1147871b4cdcb589525cde68034d39439183feedcf5e79a -iv 84eb471441a65cf6a27b3d6976728227 | hexdump -C
00000000  2f ef 1e 8a 93 12 af 8a  f3                       |/........|

# Decrypting result produced WITHOUT engine padlock (proper AES) WITH engine padlock
$ echo -ne "\x67\x5b\x8d\xba\x61\xe2\x07\x84\x79" | openssl enc -aes-256-ctr -d -nosalt -K 8d06b54b75a39a2ec1147871b4cdcb589525cde68034d39439183feedcf5e79a -iv 84eb471441a65cf6a27b3d6976728227 -engine padlock | hexdump -C
engine "padlock" set.
00000000  2f ef 1e 8a 93 12 af 8a  f3                       |/........|

Metadata

Metadata

Assignees

No one assigned

    Labels

    branch: 1.1.1Applies to OpenSSL_1_1_1-stable branch (EOL)branch: 3.0Applies to openssl-3.0 branchbranch: 3.1Applies to openssl-3.1 (EOL)branch: masterApplies to master branchhelp wantedtriaged: bugThe issue/pr is/fixes a bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions