Does AES_cbc_encrypt add padding?

Question

Consider the following snippet of C++ code:

#include 
#include 

#define AES_KEY_LENGTH 32

using namespace std;

int ma         


        

Answer 1

Proper PKCS#7 padding:

• rounds the length up to a multiple of the blocksize if it wasn´t a multiple before
• and it adds a whole block otherwise

Else, when decrypting, you couldn´t possibly know if the last ciperhtext block is "real" or only padding. (The actual byte values to pad with are specified too, but your real last block could contain these => again not possible to recognize it).

There are other schemes than PKCS#7, but this is not relevant here.

However, with AES_cbc_encrypt, you´ll have to implement this yourself, ie. pad before encrypting and remove the padding after decrypting. The encrypting itself will work with non-multiple lengths, but the used "padding" has the problem mentioned above. To answer your original question, AES_cbc_encrypt won´t add blocks, rounding up the length is the only thing it does.

For functions with proper padding (and without several other disadvantages of AES_cbc_encrypt, like missing AESNI support etc.etc.), look into the EVP part of OpenSSL. AES_cbc_encrypt is a more lowlevel part, depending on the situation it´s used by the highlevel function too.

Btw., something about C++: If you don´t get a segmentation fault,
it doesn´t mean that the code is correct.