CAST5/CBC incorrect output

[guidovranken]

I subjected Botan to differential fuzzing (see https://github.com/guidovranken/cryptofuzz).

It found that the result for CAST5/CBC encryption differs from OpenSSL and Crypto++ for the same inputs (cleartext, key and iv).

operation name: SymmetricEncrypt
cleartext: {0x2b, 0x2b, 0x2e, 0x51, 0x17, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x80, 0xce, 0x00, 0x40, 0xd9} (16 bytes)
cipher iv: {0x38, 0xc2, 0x69, 0xb1, 0xcd, 0x42, 0xdd, 0x27} (8 bytes)
cipher key: {0x0a, 0xb0, 0xaa, 0xbb, 0x24, 0xff, 0x01, 0x05, 0xb6, 0xaa, 0x6d, 0x28, 0x20} (13 bytes)
cipher: CAST5_CBC

Module OpenSSL result:

ciphertext = {0x93, 0xf6, 0xff, 0xd5, 0x33, 0x00, 0x4f, 0x1d, 0xaf, 0x35, 0x2b, 0xeb, 0xa0, 0x68, 0x17, 0xfc, 
              0xf2, 0x6d, 0x99, 0xb9, 0x10, 0x73, 0x33, 0x21} (24 bytes)

Module Botan result:

ciphertext = {0x75, 0xb7, 0xcc, 0x97, 0x55, 0x22, 0x93, 0x31, 0xbe, 0xd1, 0x66, 0x89, 0xd0, 0x7d, 0x76, 0x49, 
              0xfb, 0xf2, 0xa9, 0x3e, 0xce, 0xbb, 0x9d, 0xf4} (24 bytes)

Module Crypto++ result:

ciphertext = {0x93, 0xf6, 0xff, 0xd5, 0x33, 0x00, 0x4f, 0x1d, 0xaf, 0x35, 0x2b, 0xeb, 0xa0, 0x68, 0x17, 0xfc, 
              0xf2, 0x6d, 0x99, 0xb9, 0x10, 0x73, 0x33, 0x21} (24 bytes)

[randombit]

Thanks - it is probably some bug with short key lengths. I will investigate this soon.

[randombit]

Fixed in master thanks again

[guidovranken]

You're welcome!