RE: AES 256 EVP APIs for encrypting files

Thu, 25 Apr 2013 16:32:34 -0700 

>From: owner-openssl-us...@openssl.org On Behalf Of Taraniteja Vishwanatha
>Sent: Thursday, 25 April, 2013 16:43

>I was using the low level aes APIs and now have switched to EVP ones. 
>My string encryption and decryption always work fine. But when it comes 
>to files, I am getting malloc errors: malloc: *** error for object 
>: incorrect checksum for freed object - object was probably modified 
>after being freed.

Actually your encrypt is wrong; you just didn't notice the error.

>unsigned char* encryptBlockAES(unsigned char *plainText, int dataLength, 
>int *outLength,const unsigned char* keyData, int pageNo)
>{
>    unsigned char key[AES_BLOCK_SIZE*2], iv[AES_BLOCK_SIZE*2];

The fact that an AES-256 key is twice the size of an AES data block (128) 
-- and a -128 or -192 key is the same or half more -- is just coincidence. 
Use 256/8, or create your own name (#define or enum).

OTOH the IV for (any) CBC is ONE data block. Allocating and setting 
a second block is just wasted -- and if you use values that differ 
only in the second block they won't actually protect against some 
attacks as intended.

>    enLength = dataLength + (AES_BLOCK_SIZE);

>    encryptedString = (unsigned char*)calloc(enLength, sizeof(unsigned
char));

Nit: you don't need this buffer zeroed; malloc() would be fine.
            
>    EVP_CIPHER_CTX_init(&enCtx);
>    EVP_EncryptInit_ex(&enCtx, EVP_aes_256_cbc(), NULL, key, iv);
>    EVP_EncryptUpdate(&enCtx, encryptedString, &outLen, plainText,
enLength);

The length of plainText is dataLength not enLength. Using enLength creates 
a ciphertext that is longer than the buffer you allocated, usually 
corrupting your "heap" (malloc arena) with symptoms like the above, 
and is not the correct ciphertext for your data anyway.

>    EVP_EncryptFinal_ex(&enCtx, encryptedString + outLen, &tempLen);
>    *outLength = outLen + tempLen;
>    EVP_CIPHER_CTX_cleanup(&enCtx);
>    return encryptedString;

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to