Re: [naviserver-devel] ns_crypto::aead::decrypt "could not set tag value" error

Mon, 05 May 2025 08:08:33 -0700 

Yes, now it works with -encoding binary:
% set d [ns_crypto::aead::encrypt string -cipher aes-128-gcm -iv 123456789 -key secret -encoding binary "Hello world!"] % set r [ns_crypto::aead::decrypt string -cipher aes-128-gcm -iv 123456789 -key secret -tag [dict get $d tag] -encoding binary [dict get $d bytes]] 
> Hello World!

Regards,

Wolfgang

Am 05.05.25 um 15:38 schrieb Gustaf Neumann (sslmail):

Please check, if the following helps also for your environment:
https://github.com/naviserver-project/naviserver/commit/08e5d8ffc22d403bcd31b0be1c9eb592e8e583d0 

all the best
-gn
On 05.05.2025, at 14:13, Gustaf Neumann (sslmail) <neum...@wu.ac.at> wrote: 

Hi Wolfgang,
At first sight, It looks to me as if there was a change in OpenSSL leading to the problem. The error is triggered by OpenSSL’s  EVP_CIPHER_CTX_ctrl(). The docu states [1] 


    /EVP_CIPHER_CTX_ctrl(): This is a legacy method…./


… in versions starting with 3.0.

When time permits, i will check out the details,
- how the new parameter setting mechanism effect the code (we have 4 occurrences of this call) 
- whether replacing it solves the issue,
- how to make it work with different versions of OpenSSL (pre 3.0.0)
The strange part is that the aead encrypt/decrypt sequence is in the regression test, where it continues to work. … So, maybe this is (also) related with the handling of binary strings in Tcl. 

-g
PS: Is your code for Passkeys and WebAuthn with NaviServer already available on GithHub, as you mentioned in January? 


[1] https://docs.openssl.org/3.5/man3/EVP_EncryptInit/#description





_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel

--

*Wolfgang Winkler*
Geschäftsführung
wolfgang.wink...@digital-concepts.com
mobil +43.699.19971172

dc:*büro*
digital concepts Novak Winkler OG
Software & Design
Landstraße 68, 5. Stock, 4020 Linz
www.digital-concepts.com <http://www.digital-concepts.com>
tel +43.732.997117.72
tel +43.699.1997117.2

Firmenbuchnummer: 192003h
Firmenbuchgericht: Landesgericht Linz


_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel






















					Reply via email to