Bug #103035 | Wrong AES-128-CBC Encryption according to RFC for input length 16, 32,48, etc... | ||
---|---|---|---|
Submitted: | 18 Mar 2021 10:58 | Modified: | 18 Mar 2021 12:27 |
Reporter: | Michał Głębowski | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: Security: Encryption | Severity: | S3 (Non-critical) |
Version: | 8.0.23, 5.7.33 | OS: | Windows |
Assigned to: | CPU Architecture: | x86 | |
Tags: | aes, AES-128-CBC, CBC, encryption |
[18 Mar 2021 10:58]
Michał Głębowski
[18 Mar 2021 12:11]
Michał Głębowski
The problem seem to touch input strings of length being dividable by 16. Probably there is "<=" instead of "<" in source code.
[18 Mar 2021 12:27]
MySQL Verification Team
Hello Michał, Thank you for the report! regards, Umesh