[openssl-users] AES encrypt expanded key is different with no-asm

Hemant Ranvir hemantranvir at gmail.com
Mon Dec 10 10:30:05 UTC 2018

Dear all,
    After extracting openssl-1.1.1.tar.gz, openssl can be configured
without asm by passing no-asm flag during config command.

    The expanded key can be obtained like follows:
//Getting expanded key from inside openssl
//Copied from crypto/evp/e_aes.c
typedef struct {
    union {
        double align;
        AES_KEY ks;
    } ks;
    block128_f block;
    union {
        cbc128_f cbc;
        ctr128_f ctr;
    } stream;

  EVP_CIPHER_CTX *cipher_ctx = ssl->enc_write_ctx;
  EVP_AES_KEY * cipher_data = EVP_CIPHER_CTX_get_cipher_data(cipher_ctx);
  printf("Encrypted Expanded Key is : ");

      printf("%08x", cipher_data->ks.ks.rd_key[i]);

 To get the 128 bit encrypted key :
unsigned char* key = unsigned char* malloc(16);
    int i;
    for (i=0; i<4; i++) {
        key[4*i]   = cipher_data->ks.ks.rd_key[i] >> 24;
        key[4*i+1] = cipher_data->ks.ks.rd_key[i] >> 16;
        key[4*i+2] = cipher_data->ks.ks.rd_key[i] >> 8;
        key[4*i+3] = cipher_data->ks.ks.rd_key[i];

I am using this 128 bit key and using it in *Rijndael* Key Schedule
function to get the expanded key. The expanded key will be 128*11 bit long.
This expanded key is equal to the expanded key obtained from accessing
structures inside openssl(shown in section "Getting expanded key from
inside openssl" ) which is expected.

Now if I configure openssl without no-asm flag and get the expanded key
from inside openssl and compare it with the expanded key calculated using
the function I wrote. They are not equal. As far as I know there is only
one way to calculate expanded key. I have even checked whether the expanded
key inside openssl is inverse cipher expanded key but yet it is different.
Can someone point me in the right direction.

Best Regards,
Hemant Ranvir

*"To live a creative life, we must lose our fear of being wrong.**" -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181210/e6e179e0/attachment.html>

More information about the openssl-users mailing list