Re: [openssl-users] BIO_seek() on bio_f_cipher with EVP_aes_256_ctr
On Thu, Aug 11, 2016, William King wrote: > > > Does the BIO_seek() not handle incrementing or decrementing the IV > counter? is there a callback that needs to be set to calculate what the > IV counter value should be for a given file position for the cipher? > Calling BIO_seek() on a chain of BIOs can have unpredictable results especially if any buffer data or have internal state. I'd suggest you use the cipher directly instead of through a cipher BIO. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BIO_seek() on bio_f_cipher with EVP_aes_256_ctr
> Does the BIO_seek() not handle incrementing or decrementing the IV > counter? is there a callback that needs to be set to calculate what the IV > counter value should be for a given file position for the cipher? It does not. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BIO_seek() on bio_f_cipher with EVP_aes_256_ctr
Same decryption issue happens if I run something like:
char buffer[1024] = {}, buffer2[1024] = {0};
size_t pos = BIO_tell(enc);
BIO_read(enc, buffer, 1024);
BIO_seek(enc, pos);
BIO_read(enc, buffer2, 1024);
if (memcmp(buffer, buffer2, 1024)) {
printf("Mismatched\n");
} else {
printf("Matched\n");
}
Does the BIO_seek() not handle incrementing or decrementing the IV
counter? is there a callback that needs to be set to calculate what the
IV counter value should be for a given file position for the cipher?
William King
Senior Engineer
Quentus Technologies, INC
1037 NE 65th St Suite 273
Seattle, WA 98115
Main: (877) 211-9337
Office: (206) 388-4772
Cell: (253) 686-5518
william.k...@quentustech.com
On 8/11/16 10:29 AM, William King wrote:
> Without any of the error checking code in place, this is what I'm testing:
>
> /* START CODE BLOCK */
> const EVP_CIPHER *cipher = EVP_aes_256_ctr();
> const EVP_MD *digest = EVP_sha256();
> BIO *enc = BIO_new(BIO_f_cipher());
> BIO *in = BIO_new(BIO_s_file());
> EVP_CIPHER_CTX *ctx = NULL;
> char *path = "/path/to/file.wav", *key = "fake secret key", *iv = "fake iv";
>
> BIO_get_cipher_ctx(enc, >ctx);
>
> if (BIO_read_filename(in, path) <= 0 ) {
> assert(0);
> }
>
> BIO_push(enc, in);
>
> BIO_set_cipher(enc, cipher, key, iv, 0);
>
> BIO_seek(enc, 2056);
>
> BIO_read(enc, buffer, 128);
>
> /* END CODE BLOCK */
>
> What I'm finding is that using fread() of the unencrypted file and
> comparing that to the BIO_seek() then BIO_read(), the data is not
> properly decrypted. Comparing fread() of the unencrypted file, to just
> doing BIO_read()'s does decrypt the file correctly.
>
> William King
> Senior Engineer
> Quentus Technologies, INC
> 1037 NE 65th St Suite 273
> Seattle, WA 98115
> Main: (877) 211-9337
> Office: (206) 388-4772
> Cell: (253) 686-5518
> william.k...@quentustech.com
>
> On 8/9/16 2:10 PM, William King wrote:
>> What is needed to be able to BIO_seek() on a bio_f_cipher() with a
>> cipher of EVP_aes_256_ctr() without the counter, or IV or another
>> internal state getting corrupted?
>>
>> It seems that doing a seek any direction results in corrupted output.
>>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] BIO_seek() on bio_f_cipher with EVP_aes_256_ctr
Without any of the error checking code in place, this is what I'm testing:
/* START CODE BLOCK */
const EVP_CIPHER *cipher = EVP_aes_256_ctr();
const EVP_MD *digest = EVP_sha256();
BIO *enc = BIO_new(BIO_f_cipher());
BIO *in = BIO_new(BIO_s_file());
EVP_CIPHER_CTX *ctx = NULL;
char *path = "/path/to/file.wav", *key = "fake secret key", *iv = "fake iv";
BIO_get_cipher_ctx(enc, >ctx);
if (BIO_read_filename(in, path) <= 0 ) {
assert(0);
}
BIO_push(enc, in);
BIO_set_cipher(enc, cipher, key, iv, 0);
BIO_seek(enc, 2056);
BIO_read(enc, buffer, 128);
/* END CODE BLOCK */
What I'm finding is that using fread() of the unencrypted file and
comparing that to the BIO_seek() then BIO_read(), the data is not
properly decrypted. Comparing fread() of the unencrypted file, to just
doing BIO_read()'s does decrypt the file correctly.
William King
Senior Engineer
Quentus Technologies, INC
1037 NE 65th St Suite 273
Seattle, WA 98115
Main: (877) 211-9337
Office: (206) 388-4772
Cell: (253) 686-5518
william.k...@quentustech.com
On 8/9/16 2:10 PM, William King wrote:
> What is needed to be able to BIO_seek() on a bio_f_cipher() with a
> cipher of EVP_aes_256_ctr() without the counter, or IV or another
> internal state getting corrupted?
>
> It seems that doing a seek any direction results in corrupted output.
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
