Re: [openssl-users] EVP_DecryptUpdate: why is this failing when out == in?
I filed https://github.com/openssl/openssl/issues/7941 about this FYI. Cheers! On Wed, 2018-12-19 at 01:56 -0500, Paul Smith wrote: > As I understand it, it's legal to provide the exact same input and > output buffer to EVP_EncryptUpdate and EVP_DecryptUpdate, but it's not > legal to provide pointers into different parts of the same buffer. > That's a good check. > > However, my implementation is getting triggered by this code in > EVP_DecryptUpdate(): > > if (ctx->final_used) { > /* see comment about PTRDIFF_T comparison above */ > => if (((PTRDIFF_T)out == (PTRDIFF_T)in) > || is_partially_overlapping(out, in, b)) { > EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); > return 0; > } > > Can someone explain why, only in this specific situation where we're > decrypting the final block, we require that OUT and IN not be the same > buffer? Everywhere else we check is_partially_overlapping() only, > without equality. > > I read the comment about PTRDIFF_T but I didn't come up with a reason > for the equality check. This check was added back in 2016 in SHA > 5fc77684f1 FWIW. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] EVP_DecryptUpdate: why is this failing when out == in?
As I understand it, it's legal to provide the exact same input and output buffer to EVP_EncryptUpdate and EVP_DecryptUpdate, but it's not legal to provide pointers into different parts of the same buffer. That's a good check. However, my implementation is getting triggered by this code in EVP_DecryptUpdate(): if (ctx->final_used) { /* see comment about PTRDIFF_T comparison above */ => if (((PTRDIFF_T)out == (PTRDIFF_T)in) || is_partially_overlapping(out, in, b)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; } Can someone explain why, only in this specific situation where we're decrypting the final block, we require that OUT and IN not be the same buffer? Everywhere else we check is_partially_overlapping() only, without equality. I read the comment about PTRDIFF_T but I didn't come up with a reason for the equality check. This check was added back in 2016 in SHA 5fc77684f1 FWIW. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Non const input for EVP_EncryptUpdate and EVP_DecryptUpdate
On 11/22/2017 10:46 AM, Matt Caswell wrote: This is a bug in the docs. In the header files they are declared as const: int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); Please file a bug report! I filed an issue. It is now the 333th open issue. Thanks for the information. I guess I should have looked myself. https://github.com/openssl/openssl/issues Matt On 22/11/17 14:42, Edward Diener wrote: When calling EVP_EncryptUpdate with some plaintext to be encrypted the parameter for the plaintext is a pointer to a non-const array of unsigned char, as in the function prototype: int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); Similarly when calling EVP_DecryptUpdate with some ciphertext to be decrypted the parameter for the ciphertext is a pointer to a non-const array of unsigned char, as in the function prototype: int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); I have taken both these function prototypes from the OpenSSL documentation at https://wiki.openssl.org/index.php/Manual:EVP_EncryptInit(3). Does this mean that the input array in both cases actually is modified in any way by the functions ? Or is this just an error in that if the input remains unmodified the functions do not specify the parameter as 'const unsigned char * in' instead ? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Non const input for EVP_EncryptUpdate and EVP_DecryptUpdate
This is a bug in the docs. In the header files they are declared as const: int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); Please file a bug report! https://github.com/openssl/openssl/issues Matt On 22/11/17 14:42, Edward Diener wrote: > When calling EVP_EncryptUpdate with some plaintext to be encrypted the > parameter for the plaintext is a pointer to a non-const array of > unsigned char, as in the function prototype: > > int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, > int *outl, unsigned char *in, int inl); > > Similarly when calling EVP_DecryptUpdate with some ciphertext to be > decrypted the parameter for the ciphertext is a pointer to a non-const > array of unsigned char, as in the function prototype: > > int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, > int *outl, unsigned char *in, int inl); > > I have taken both these function prototypes from the OpenSSL > documentation at > https://wiki.openssl.org/index.php/Manual:EVP_EncryptInit(3). > > Does this mean that the input array in both cases actually is modified > in any way by the functions ? Or is this just an error in that if the > input remains unmodified the functions do not specify the parameter as > 'const unsigned char * in' instead ? > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Non const input for EVP_EncryptUpdate and EVP_DecryptUpdate
When calling EVP_EncryptUpdate with some plaintext to be encrypted the parameter for the plaintext is a pointer to a non-const array of unsigned char, as in the function prototype: int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); Similarly when calling EVP_DecryptUpdate with some ciphertext to be decrypted the parameter for the ciphertext is a pointer to a non-const array of unsigned char, as in the function prototype: int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); I have taken both these function prototypes from the OpenSSL documentation at https://wiki.openssl.org/index.php/Manual:EVP_EncryptInit(3). Does this mean that the input array in both cases actually is modified in any way by the functions ? Or is this just an error in that if the input remains unmodified the functions do not specify the parameter as 'const unsigned char * in' instead ? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
EVP_DecryptUpdate
Hello, Can I use the same input and output buffer in calls to EVP_DecryptUpdate and the EVP_DecryptUpdate_final_ex functions? The padding is on by default. And my application will always feed 8k chunks in the update and the final calls? Is it safe to then do the decrypt in place?
EVP_DecryptUpdate returns zero length
In a larger application (Qt Cryptographic Architecture), I'm trying to wrap some OpenSSL crypto primitives in C++. However I'm having a problem with EVP_DecryptUpdate(). I've done up a quick'n'dirty test case, see below. Now for EVP_EncryptUpdate, this gives me 16. But for EVP_DecryptUpdate(), it gives back zero. That isn't what I expected from the man page. Now the data is there (ie result points to a filled in char array), I just can't tell how long it is. Can anyone give me a hint? Brad #include string.h #include stdlib.h #include openssl/evp.h int main() { unsigned char *key; unsigned char *iv; unsigned char *data; unsigned char *result; EVP_CIPHER_CTX context; unsigned int outputSize; key = (unsigned char *)malloc(16); memset( key, 0x0, 16 ); iv = (unsigned char *)malloc(16); memset( iv, 0x0, 16 ); data = (unsigned char *)malloc(16); memset( data, 0x0, 16 ); result = (unsigned char *)malloc(16); EVP_CIPHER_CTX_init( context ); EVP_DecryptInit_ex( context, EVP_aes_128_ecb(), 0, key,iv ); if (0 == EVP_DecryptUpdate( context, result, (outputSize), data, 16 ) ) abort(); printf( Output len: %u\n,outputSize ); free(key); free(data); free(iv); free(result); return 0; } pgpVLnQpYbgz0.pgp Description: PGP signature
Re: EVP_DecryptUpdate returns zero length
On Mon, Nov 15, 2004, Brad Hards wrote: In a larger application (Qt Cryptographic Architecture), I'm trying to wrap some OpenSSL crypto primitives in C++. However I'm having a problem with EVP_DecryptUpdate(). I've done up a quick'n'dirty test case, see below. Now for EVP_EncryptUpdate, this gives me 16. But for EVP_DecryptUpdate(), it gives back zero. That isn't what I expected from the man page. Now the data is there (ie result points to a filled in char array), I just can't tell how long it is. Can anyone give me a hint? Its telling you how long it is: zero length! The final block has padding included and the decryption algorithm has no way of knowing which block is the final one until it has processed all the data. As a result it always buffers one block. If you have called EVP_EncryptFinal() in the encrypt program and EVP_DecryptFinal() in the decrypt program this will be handled properly. The other alternative is to turn off padding. The manual pages describe how to do all of these. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE : EVP_DecryptUpdate Problem
Hi, Ithink you should provide all the code. This is not enough to see if the parameters you used are correctly initialized. For example, I'd like to see how you handle the multiple call. Fred -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Gorelik, Slava Envoyé : mercredi 30 juin 2004 17:14 À : [EMAIL PROTECTED] Objet : EVP_DecryptUpdate Problem Hi. I use openSSL (version 0.9.7d) for RC4 algorithm. I use EVP_DecryptUpdate function as explained in manual. First call is successful, but the second call for this function in next chunk of the data is return garbage in the encrypted buffer. There is a code: bool rc = false; int outlen = 0, tmplen = 0; EVP_DecryptUpdate(m_DeryptCtx, (unsigned char *)out, outlen, (unsigned char *)in, inSize)); What I do wrong? Thank You. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: EVP_DecryptUpdate Problem
In message [EMAIL PROTECTED] on Wed, 30 Jun 2004 17:14:07 +0200, Gorelik, Slava [EMAIL PROTECTED] said: slava.gorelik Hi. slava.gorelik slava.gorelik I use openSSL (version 0.9.7d) for RC4 algorithm. slava.gorelik slava.gorelik I use EVP_DecryptUpdate function as explained in manual. slava.gorelik slava.gorelik First call is successful, but the second call for this function in next chunk of the data is return garbage in the encrypted buffer. slava.gorelik slava.gorelik There is a code: slava.gorelik slava.gorelik bool rc = false; slava.gorelik slava.gorelik int outlen = 0, tmplen = 0; slava.gorelik slava.gorelik EVP_DecryptUpdate(m_DeryptCtx, (unsigned char *)out, outlen, (unsigned char *)in, inSize)); slava.gorelik slava.gorelik slava.gorelik slava.gorelik What I do wrong? Not giving us an example that actually shows the problem. According to your description, there should be two calls to EVP_DecryptUpdate(), not just one. - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: multiple calls of EVP_EncryptUpdate/EVP_DecryptUpdate
That's expected behaviour. Because of the padding checks the EVP_Decrypt*() routines need to store up to one block of data internally. As a result you may get less data from EVP_DecryptUpdate() (up to one block less) or more data (one byte less than one block more) than is supplied. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. Got it. Everything works nice now. thanks a lot, -- Cristina Nita-Rotaru __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
multiple calls of EVP_EncryptUpdate/EVP_DecryptUpdate
Hello, I am writing an application where I need to do encryption in place, on a data which is splitted on multiple buffers, avoiding the solution where everything is copied in one big buffer, encrypted and then copied back. I want to use the EVP interface and not lower level functions. I am using the EVP interface with Blowfish as encryption algorithm. I wrote a very simple test program where EVP_EncryptUpdate (each of the calls encrypts 16 bytes) is called two consecutive times, followed by an EVP_EncryptFinal which addes 8 more bytes, so the total size is 40 bytes. Decryption is done in a similar manner, EVP_Decrypt update called twice and then Decrypt Final. However, the first EVP_DecryptUpdate called on the first 16 bytes returns 8 when decrypting so in the end the EVP_DecryptFinal fails. Any ideas what might be the problem? thanks, -- Cristina __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: multiple calls of EVP_EncryptUpdate/EVP_DecryptUpdate
Cristina Nita-Rotaru wrote: Hello, I am writing an application where I need to do encryption in place, on a data which is splitted on multiple buffers, avoiding the solution where everything is copied in one big buffer, encrypted and then copied back. I want to use the EVP interface and not lower level functions. I am using the EVP interface with Blowfish as encryption algorithm. I wrote a very simple test program where EVP_EncryptUpdate (each of the calls encrypts 16 bytes) is called two consecutive times, followed by an EVP_EncryptFinal which addes 8 more bytes, so the total size is 40 bytes. Decryption is done in a similar manner, EVP_Decrypt update called twice and then Decrypt Final. However, the first EVP_DecryptUpdate called on the first 16 bytes returns 8 when decrypting so in the end the EVP_DecryptFinal fails. Any ideas what might be the problem? That's expected behaviour. Because of the padding checks the EVP_Decrypt*() routines need to store up to one block of data internally. As a result you may get less data from EVP_DecryptUpdate() (up to one block less) or more data (one byte less than one block more) than is supplied. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]