[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: RE: problem with EVP_DecryptFinal_ex function
From: "Dave Thompson" <dthompson () prinpay ! com>
Date: 2011-06-23 21:12:27
Message-ID: 32CADFA1164C4C52B7DAFAA9EA02B444 () prinpay ! com
[Download RAW message or body]
> From: owner-openssl-users@openssl.org On Behalf Of Damir Musulin
> Sent: Wednesday, 22 June, 2011 08:46
> I'm brand new to programming against OpenSSL (EVP)
> so if i make any stupid mistake I'm sorry in advance.
>
This is really a C programming issue, not OpenSSL (or EVP).
> I use the blowfish algorithm from the OpenSSL page to encrypt
> a string in C.
> to code is from:
> http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
>
> I have created a decrypt function and it fails (how wonderful)
>
> The problem lies in the EVP_DecryptFinal_ex.
It is *reported* there but actually occurred earlier.
> I have made use of the ERR_print_errors_fp(stderr); option to see what
> is wrong but it is quite
> a cryptic message:
> 2621:error:0606506D:lib(6):func(101):reason(109):evp_enc.c:323:
>
As already answered or equivalently
http://www.openssl.org/support/faq.html#PROG7
> What i can find on the internet is that it is a wrong lenght
> block or i
> need extra padding.
For decrypt it's wrong length, period. Padding is added on the
*encrypt* side. If you use the lower level routines you may
need to do this yourself (depending on your mode and data)
but EVP normally handles it automatically.
<snip>
> EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
>
> if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext,
<snip>
> if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
<snip>
> EVP_CIPHER_CTX_cleanup(&ctx);
> /* Need binary mode for fopen because encrypted data is
> * binary data. Also cannot use strlen() on it because
> * it wont be null terminated and may contain embedded
> * nulls.
> */
You copied this comment correctly but apparently ignored it.
Ciphertext (for modern ciphers) is NOT a C string, and cannot
safely be manipulated as a C string, as your code tries to.
Use the actual length of the ciphertext, not strlen().
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic