0

For some reason, I am getting 0 from EVP_DecryptUpdate() function when I am passing 32 as its last parameter but when I changed it to 64 it returns 1. The buffer size is 32.

According to the documentation, I should get a 1 if the decrypt is successful.

#include <openssl/evp.h>
#include <stdio.h>
#include <string.h>

void dump_head(unsigned char *buf, size_t len)
{
    unsigned end, i;
    for (end = len; end > 0; end--)
        if (buf[end-1] != 0)
            break;
    printf("buf = {");
    for (i = 0; i < end; i++)
        printf(" %02hhx,", buf[i]);
    printf(" }\n");
}

int main(void)
{
    unsigned char key[] = "0123456789abcdef";
    unsigned char iv[] = "1234567887654321";
    unsigned char indata[32] = "0123456789abcdeffedcba9876543210";
    unsigned char buf[4096];
    unsigned pos;
    int cipher_len;
    EVP_CIPHER_CTX *ctx;

    ctx = EVP_CIPHER_CTX_new();
    EVP_CIPHER_CTX_init(ctx);
    EVP_CIPHER_CTX_set_padding(ctx, 0);
    EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);  
    printf("decrypt init: %d\n", EVP_DecryptInit_ex(ctx, EVP_aes_256_wrap_pad(), NULL, key, iv));

    printf("decrypt update: %d\n", EVP_DecryptUpdate(ctx, (unsigned char *)buf, &cipher_len, indata, 32));
        
    printf("Got %d\n", cipher_len);
    dump_head(buf, sizeof(buf));
        
    printf("Final!\n");
    memset(buf, 0, sizeof(buf));
    EVP_DecryptFinal_ex(ctx, buf, &cipher_len);
    printf("Got %d\n", cipher_len);
    dump_head(buf, sizeof(buf));

    return 0;
}

In both cases, I am getting cipher_len as 0. Are there some parameters I am missing?

Kivuos
  • 13
  • 4
  • Fyi, `unsigned char indata[32] = "0123456789abcdeffedcba9876543210";` breaches the declared length of `indata`. That string is actually 33 chars wide; not 32. Just sayin. – WhozCraig Jun 15 '22 at 09:04
  • @WhozCraig That is allowed and it means the compiler does not add a null terminator. – user253751 Jun 15 '22 at 09:13
  • 1
    @user253751 Sure, it just pukes warnings at me, which are irritating at best. – WhozCraig Jun 15 '22 at 09:14
  • @WhozCraig if valid code activates a warning you don't like, that's on your warning settings, not the code – user253751 Jun 15 '22 at 09:30
  • @user253751 I'll keep that in mind, and disable -Wall accordingly. – WhozCraig Jun 15 '22 at 09:32
  • Is there any reason @WhozCraig why I am not getting cipher_len as 0 always? – Kivuos Jun 15 '22 at 09:48
  • 2
    I can reproduce the issue. However, the ciphertext does not look like it is valid. During decryption, an integrity check is performed, which generally fails if the ciphertext is not valid. If I use a valid ciphertext, the code works as expected. – Topaco Jun 15 '22 at 10:11

0 Answers0