Help: DecryptFinal error

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Help: DecryptFinal error

Li, David

Hi,

 

I am new to openssl C APIs. So I wrote a simple test to encrypt and decrypt a 15 byte ASCII string using AES128. The encryption seems OK and the encrypted length is 16. But the decryption always failed at EVP_DecryptFinal_ex(). The error code is 0 and means padding error. I have been searching on the web but so far nothing worked. Can anyone here suggest how to debug this error?

 

Thanks!

 

[ Code fragment]

=================

static int

my_decrypt(char* data, int datalen, char *debuf, int *delen)

{

 

// data is holding the cipher text

//  debuf is to hold the decrypted plain text

// datalen is 16

//

 

  int rc;

 

 

  printf (" Data len to be decrypted %d\n", datalen); // 16

  if (!( rc = EVP_DecryptUpdate(&ctx, debuf, delen, data, datalen))) {

    printf (" Decryption error: %d\n", rc);

    return -1;

  }

  printf (" DecryptUpdate delen = %d \n", *delen); // 16

 

  printf (" Finalizing \n");

  if ((rc = EVP_DecryptFinal_ex(&ctx, debuf, &datalen)) == 0) {

    printf (" Finalization error: %d\n", rc); // This is the failure! rc = 0

    return -1;

  }

 

 

 

David Li

 

Reply | Threaded
Open this post in threaded view
|

Re: Help: DecryptFinal error

Larry Bugbee



Sent from iTouch 

On Mar 7, 2014, at 11:42 AM, "Li, David" <[hidden email]> wrote:

Hi,

 

I am new to openssl C APIs. So I wrote a simple test to encrypt and decrypt a 15 byte ASCII string using AES128. The encryption seems OK and the encrypted length is 16. But the decryption always failed at EVP_DecryptFinal_ex(). The error code is 0 and means padding error. I have been searching on the web but so far nothing worked. Can anyone here suggest how to debug this error?

 

Thanks!

 

[ Code fragment]

=================

static int

my_decrypt(char* data, int datalen, char *debuf, int *delen)

{

 

// data is holding the cipher text

//  debuf is to hold the decrypted plain text

// datalen is 16

//

 

  int rc;

 

 

  printf (" Data len to be decrypted %d\n", datalen); // 16

  if (!( rc = EVP_DecryptUpdate(&ctx, debuf, delen, data, datalen))) {

    printf (" Decryption error: %d\n", rc);

    return -1;

  }

  printf (" DecryptUpdate delen = %d \n", *delen); // 16

 

  printf (" Finalizing \n");

  if ((rc = EVP_DecryptFinal_ex(&ctx, debuf, &datalen)) == 0) {

    printf (" Finalization error: %d\n", rc); // This is the failure! rc = 0

    return -1;

  }

 

 

 

David Li

 


It is not clear your encryption is valid, and as you suspect padding may be the cause.

In cases such as this I recommend firing up another crypto lib to encrypt on one and decrypt on the other, and visa versa.  You should be able to close in on the cause a lot faster than continually futzing with only the one lib.
Reply | Threaded
Open this post in threaded view
|

Re: Help: DecryptFinal error

Larry Bugbee-2

On Mar 8, 2014, at 11:23 AM, Larry Bugbee <[hidden email]> wrote:

On Mar 7, 2014, at 11:42 AM, "Li, David" <[hidden email]> wrote:

Hi,
 
I am new to openssl C APIs. So I wrote a simple test to encrypt and decrypt a 15 byte ASCII string using AES128. The encryption seems OK and the encrypted length is 16. But the decryption always failed at EVP_DecryptFinal_ex(). The error code is 0 and means padding error. I have been searching on the web but so far nothing worked. Can anyone here suggest how to debug this error?
 
Thanks!
 
[ Code fragment]
=================

[ snip ]


It is not clear your encryption is valid, and as you suspect padding may be the cause.

In cases such as this I recommend firing up another crypto lib to encrypt on one and decrypt on the other, and visa versa.  You should be able to close in on the cause a lot faster than continually futzing with only the one lib.

Besides, you can be better assured you have interoperability and not a case of two compensating errors.