Bug #103035 Wrong AES-128-CBC Encryption according to RFC for input length 16, 32,48, etc...
Submitted: 18 Mar 2021 10:58 Modified: 18 Mar 2021 12:27
Reporter: Michał Głębowski Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: Security: Encryption Severity:S3 (Non-critical)
Version:8.0.23, 5.7.33 OS:Windows
Assigned to: CPU Architecture:x86
Tags: aes, AES-128-CBC, CBC, encryption

[18 Mar 2021 10:58] Michał Głębowski
Unexpected result in comparison to RFC for AES-128-CBC encryption and decryption.
1) The result of encryption is 16 bytes longer than expected.
2) The decryption thus also fails with RFC samples (probably expecting 16 bytes longer input).

How to repeat:
-- https://tools.ietf.org/html/rfc3602
SET @@SESSION.block_encryption_mode = 'aes-128-cbc';

-- Case #1: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
SET @Key       = unhex('06a9214036b8a15b512e03d534120006');
SET @IV        = unhex('3dafba429d9eb430b422da802c9fac41');
SET @Plaintext = 'Single block msg';
SET @Result    = AES_ENCRYPT(@Plaintext, @Key, @IV);
SET @Expected = 'e353779c1079aeb82708942dbe77181a';
SELECT 'Result' AS Variable, HEX(@Result) AS Value, Length(@Result) AS Length UNION
SELECT 'Expected', Upper(@Expected), Length(UNHEX(@Ciphertext));

/* Result:
Result:   E353779C1079AEB82708942DBE77181AB97C825E1C785146542D396941BCE55D  (32)
Expected: E353779C1079AEB82708942DBE77181A                                  (16)

Suggested fix:
Fix alorithm.
[18 Mar 2021 12:11] Michał Głębowski
The problem seem to touch input strings of length being dividable by 16.
Probably there is "<=" instead of "<" in source code.
[18 Mar 2021 12:27] MySQL Verification Team
Hello Michał,

Thank you for the report!