Re: EVP_EncryptUpdate

Dr S N Henson Mon, 18 Dec 2000 04:58:02 -0800
See below...

Pawe� Krawczyk wrote:
> 
> Hello, I'm having problems with the EVP_Encrypt/Decrypt interface.
> The following program doesn't work as expected. It does simple
> data->encrypt->decrypt->in. Specifically, I get some garbage mixed with
> the plaintext in the final buffer.
> 
> It seems like the EVP_DncryptUpdate decrypts (n-1) blocks of 8 bytes,
> which is OK, but the EVP_DncryptFinal doesn't decrypt the remaining
> block and returns `bad_decrypt' error - everything is in the comments
> below. What am I doing wrong?
> 
....

> 
>         /* Encrypt from data to out */
>         /* Length of the data is 36 */
>         EVP_EncryptUpdate( &ectx, out, &outl, data, strlen(data));
After this call 'outl' bytes of encrypted data have been written to
'out' thereform you *must* update the pointer passed to
EVP_EncrytpFinal() so it doesn't overwrite the data:



>         toutl = outl;   /* Now outl is 32 */
>         EVP_EncryptFinal( &ectx, out, &outl);

i.e. instead use something like:

        EVP_EncryptFinal(&ectx, out + outl, &outl);     

>         toutl += outl;  /* Now outl is 8 */
> 
>         /* Clean up and reinitialize */
>         EVP_CIPHER_CTX_cleanup(&ectx);
>         EVP_DecryptInit( &ectx, EVP_des_ede3_cbc(), enckey, NULL );
> 
>         /* Decrypt from out to in */
>         /* toutl is 40 */
>         EVP_DecryptUpdate( &ectx, in, &inl, out, toutl);
>         /* inl is 32 - correct, but the result in `in' is garbage,
>          * and then some plaintext (starting with `qrst...'
>          */
>         ret = EVP_DecryptFinal( &ectx, in, &inl);

Similarly this should be:

        ret = EVP_DecryptFinal(&ectx, in + inl, &inl);

>         /* This fails, inl is 0 and error `bad_decrypt' is set */
> 
>         if (ret != 1)
>         {
>                 ERR_print_errors(bio_err);
>         }
> 
>         return 0;
> }

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: EVP_EncryptUpdate

Reply via email to
