[MDEV-39509] cryptographic functions broken (OpenSSL 4.0) - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

When building MariaDB with OpenSSL 4.0, the aes-t unit test suite fails specifically for all AES modes that utilize an Initialization Vector (IV). Electronic Codebook (ECB) mode, which does not use an IV, continues to pass.

Capturing the internal OpenSSL error queue reveals the specific failure point:

error:1C80006D:Provider routines:ossl_cipher_generic_initiv:invalid iv length - ciphercommon.c:680

The failures in modes requiring an IV (CBC, CTR, GCM) appear to be caused by memory misalignment and/or incorrect buffer sizing of the EVP_CIPHER_CTX when managed manually.
Replacing the manual stack allocation (alloca + placement new) with the library-managed EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() resolves all test failures.

$ ./aes-t

1..122

ok 1 - encrypt MY_AES_ECB 200 pad

ok 2 - my_aes_get_size

ok 3 - md5 len

ok 4 - md5

ok 5 - decrypt MY_AES_ECB 208

ok 6 - memcmp

ok 7 - encrypt MY_AES_ECB 128 pad

ok 8 - my_aes_get_size

ok 9 - md5 len

ok 10 - md5

ok 11 - decrypt MY_AES_ECB 144

ok 12 - memcmp

not ok 13 - encrypt MY_AES_CBC 159 pad

ok 14 - my_aes_get_size

not ok 15 - md5 len

not ok 16 - md5

not ok 17 - decrypt MY_AES_CBC 144

not ok 18 - memcmp

not ok 19 - encrypt MY_AES_CBC 192 pad

ok 20 - my_aes_get_size

not ok 21 - md5 len

not ok 22 - md5

not ok 23 - decrypt MY_AES_CBC 144

not ok 24 - memcmp

ok 25 - encrypt MY_AES_ECB 200 nopad

ok 26 - encrypt bytewise MY_AES_ECB 200

ok 27 - memcmp bytewise  MY_AES_ECB 200

ok 28 - md5 len

ok 29 - md5

ok 30 - decrypt MY_AES_ECB 200

ok 31 - memcmp

ok 32 - encrypt MY_AES_ECB 128 nopad

ok 33 - encrypt bytewise MY_AES_ECB 128

ok 34 - memcmp bytewise  MY_AES_ECB 128

ok 35 - md5 len

ok 36 - md5

ok 37 - decrypt MY_AES_ECB 128

ok 38 - memcmp

not ok 39 - encrypt MY_AES_CBC 159 nopad

not ok 40 - encrypt bytewise MY_AES_CBC 159

ok 41 - memcmp bytewise  MY_AES_CBC 159

not ok 42 - md5 len

not ok 43 - md5

not ok 44 - decrypt MY_AES_CBC 128

not ok 45 - memcmp

not ok 46 - encrypt MY_AES_CBC 192 nopad

not ok 47 - encrypt bytewise MY_AES_CBC 192

ok 48 - memcmp bytewise  MY_AES_CBC 192

not ok 49 - md5 len

not ok 50 - md5

not ok 51 - decrypt MY_AES_CBC 128

not ok 52 - memcmp

not ok 53 - encrypt MY_AES_CTR 200 pad

ok 54 - my_aes_get_size

not ok 55 - md5 len

not ok 56 - md5

not ok 57 - decrypt MY_AES_CTR 128

not ok 58 - memcmp

not ok 59 - encrypt MY_AES_GCM 128 pad

ok 60 - my_aes_get_size

not ok 61 - md5 len

not ok 62 - md5

not ok 63 - decrypt MY_AES_GCM 128

ok 64 - memcmp

ok 65 - encrypt MY_AES_ECB 1 pad

ok 66 - my_aes_get_size

ok 67 - md5 len

ok 68 - md5

ok 69 - decrypt MY_AES_ECB 16

ok 70 - memcmp

ok 71 - encrypt MY_AES_ECB 2 pad

ok 72 - my_aes_get_size

ok 73 - md5 len

ok 74 - md5

ok 75 - decrypt MY_AES_ECB 16

ok 76 - memcmp

not ok 77 - encrypt MY_AES_CBC 3 pad

ok 78 - my_aes_get_size

ok 79 - md5 len

not ok 80 - md5

not ok 81 - decrypt MY_AES_CBC 16

not ok 82 - memcmp

not ok 83 - encrypt MY_AES_CBC 4 pad

ok 84 - my_aes_get_size

ok 85 - md5 len

not ok 86 - md5

not ok 87 - decrypt MY_AES_CBC 16

not ok 88 - memcmp

ok 89 - encrypt MY_AES_ECB 5 nopad

ok 90 - encrypt bytewise MY_AES_ECB 5

ok 91 - memcmp bytewise  MY_AES_ECB 5

ok 92 - md5 len

ok 93 - md5

ok 94 - decrypt MY_AES_ECB 5

ok 95 - memcmp

ok 96 - encrypt MY_AES_ECB 6 nopad

ok 97 - encrypt bytewise MY_AES_ECB 6

ok 98 - memcmp bytewise  MY_AES_ECB 6

ok 99 - md5 len

ok 100 - md5

ok 101 - decrypt MY_AES_ECB 6

ok 102 - memcmp

not ok 103 - encrypt MY_AES_CBC 7 nopad

not ok 104 - encrypt bytewise MY_AES_CBC 7

ok 105 - memcmp bytewise  MY_AES_CBC 7

not ok 106 - md5 len

not ok 107 - md5

not ok 108 - decrypt MY_AES_CBC 6

not ok 109 - memcmp

not ok 110 - encrypt MY_AES_CBC 8 nopad

not ok 111 - encrypt bytewise MY_AES_CBC 8

ok 112 - memcmp bytewise  MY_AES_CBC 8

not ok 113 - md5 len

not ok 114 - md5

not ok 115 - decrypt MY_AES_CBC 6

not ok 116 - memcmp

not ok 117 - encrypt MY_AES_GCM 9 pad

ok 118 - my_aes_get_size

not ok 119 - md5 len

not ok 120 - md5

not ok 121 - decrypt MY_AES_GCM 6

not ok 122 - memcmp

# Failed 56 tests!

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Georg Richter

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2026-05-01 10:07

Updated:: 2 days ago 12:23

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.