Might be useful to people trying to use 'aes-256-cbc' cipher (and probably other cbc ciphers) in collaboration with other implementations of AES (C libs for example) that the openssl extension has a strict implementation regarding padding bytes. I found the solution only by manually going through the openssl source.
In C, you would want to pad plaintexts the following way (assuming all mem allocations are proper):
nPadding = ( 16 - ( bufferSize % 16 ) ) ? ( 16 - ( bufferSize % 16 ) ) : 16;
for( index = bufferSize; index < bufferSize + nPadding; index++ )
{
plaintext[ index ] = (char)nPadding;
}
while decryptions are validated like:
isSuccess = TRUE;
for( index = bufferSize - 1; index > ( bufferSize - nPadding ); index-- )
{
if( plaintext[ index ] != nPadding )
{
isSuccess = FALSE;
break;
}
}
decryptedSize = bufferSize - nPadding;
In plain english, the buffer must be padded up to blockSize. If the buffer is already a multiple of blockSize, you add an entire new blockSize bytes as padding.
The value of the padding bytes MUST be the number of padding bytes as a byte...
So 5 bytes of padding will result in the following bytes added at the end of the ciphertext:
[ 0x05 ][ 0x05 ][ 0x05 ][ 0x05 ][ 0x05 ]
Hope this saves someone else a few hours of their life.
