On 16/05/18 18:55, Luís Martins wrote: > Hi, > > I'm trying to use the EVP AES wrap implementations from openssl > (e.g. EVP_aes_128/192/256_wrap()) but I'm getting the following error in > EVP_EncryptInit_ex() f: > error:0607B0AA:digital envelope routines:EVP_CipherInit_ex:wrap mode > not allowed > I've search the documentation for examples or guidance but I > couldn't find anything related to this. > Any experienced the same issue ?
You need to enable wrap mode: EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); The EVP encrypt routines set an expectation about how long the output might be for a given input: "EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and writes the encrypted version to B<out>. This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1) so B<out> should contain sufficient room." The wrap modes do not obey this rule and may return more data, so you have to explicitly enable the mode to say that you are prepared for the output. Matt > > My pseudo code is: > > EVP_CIPHER_CTX ctx; > EVP_CIPHER_CTX_init(&ctx); > if (EVP_EncryptInit_ex(&ctx, EVP_aes_128_wrap(), 0, > keyEncriptionKey, iv) != 1) > // process error > if ( EVP_EncryptUpdate(&ctx, bufferOut, &processedSize, > plaintext, plaintextSize) != 1) > // process error > if (EVP_EncryptFinal_ex(&ctx, bufferOut + processedSize, > &tmpSize) != 1) > // process error > EVP_CIPHER_CTX_cleanup(&ctx); > > Regards, > Luís > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users