crypto: possible autopadding bug

[kristoff-it]

var crypto = require('crypto');


key = '00000000000000000000000000000000'
iv = '0000000000000000'

text = "00000000000000000000000000000àäæàäXXXXæàäæ000000"
console.log('-> '+text);

myc = crypto.createCipheriv('aes-256-cbc', key, iv);
cyp = myc.update(text, 'utf8','hex');
cyp += myc.final('hex')

console.log('~~ '+cyp);

myd = crypto.createDecipheriv('aes-256-cbc', key, iv);
clear = myd.update(cyp, 'hex', 'utf8');
clear += myd.final();


console.log('<- '+clear);
console.log('== '+(text == clear));

When running that on osx mavericks + openssl 1.0.1g + node v0.10.5, the result is a corrupted string. Same thing happens using a Buffer instead of a string.

If you add 7 more single-byte-characters to the string (in order to make the string 64bytes long), the problem goes away.

I've read previous issues (like #738) but this behaviour isn't dependent on the cyphertext encoding, in fact the same happens with both 'base64' and 'binary'.

[indutny]

Could you please try latest node v0.10.28 please? There was a lot of bug fixes in crypto module since v0.10.5, would be cool to know if the problem is already fixed.

[kristoff-it]

Done, same thing.

[tonistiigi]

You are missing the utf8 output_encoding in the last call to final(). It should be clear += myd.final('utf8');.

At the moment it outputs a buffer and does not know that the previous update() didn't return the last byte to avoid corrupt utf8 string.

[kristoff-it]

Oh right, I got confused and tought it wasn't needed there.
Guess this is another useless issue, sorry :)

2014-05-20 11:04 GMT+02:00 Tõnis Tiigi notifications@github.com:

You are missing the utf8 output_encoding in the last call to final(). It
should be clear += myd.final('utf8');.

At the moment it outputs a buffer and does not know that the previous
update() didn't return the last byte to avoid corrupt utf8 string.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/7647#issuecomment-43602036
.

[indutny]

np