From: owner-openssl-us...@openssl.org On Behalf Of emyr
Sent: Friday, 15 October, 2010 12:23
The program fails when I try to decrypt an encrypted buffer
and fails on the EVP_CipherFinal_ex() call.
int do_crypt(unsigned char *inbuf, int inlen,
unsigned char *outbuf, int *outlen, int do_encrypt) {
outbuf=(unsigned char*) malloc(inlen+EVP_MAX_BLOCK_LENGTH);
Asides: you need up to an extra block on CBC *encrypt*.
You don't need extra space on *decrypt*, but it does no harm.
And you don't need to cast the return of malloc if it has been
properly declared by #include'ing<stdlib.h> which it should be;
there are some systems where the C89-default declaration as int()
doesn't work, and on C99 'implicit int' is gone altogether.
<snip: EVP setup, Update>
if(!EVP_CipherFinal_ex(&ctx, outbuf+db,&tmplen)) {
Whenever you get an error from libcrypto routines (and
in most cases libssl routines also) you should display
the OpenSSL error queue. The simplest way is just call
ERR_print_errors_fp(stderr);
after having done SSL_load_error_strings() at startup.
Or there are more customizable options.
int main(int argc, char **argv) {
char *plain="the quick brown fox jumps over the lazy dog";
int plain_len=strlen(plain);
printf("plain_len=%d\n",plain_len);
unsigned char *cipher;
int cipher_len;
printf("***** ENCRYPT *****\n");
if (!do_crypt((unsigned char*) plain, strlen(plain), cipher,
&cipher_len, 1)) {
printf("failed to encrypt\n");
return 1;
}
printf("cipher_len=%d\n",cipher_len);
But this is your problem. You call do_crypt(,,,,1) with an
uninitialized output pointer 'cipher'. do_crypt allocates
the buffer and puts the data there, but 'cipher' in main()
has no idea about this buffer so ...
char *decrypt;
int decrypt_len;
printf("***** DECRYPT *****\n");
if(!do_crypt(cipher, cipher_len, decrypt,&decrypt_len, 0)) {
printf("failed to decrypt\n");
return 1;
}
... this call at best passes garbage to be decrypted,
and could easily even cause SEGV or similar faults.
And similarly even if 'cipher' had been good on that call
'decrypt' wouldn't be for the same reason.
And if decrypt really is char*, the compiler should have required
a cast to unsigned char* there (like for plain in the encrypt call).
printf("decrypt=\"%s\"\n",decrypt);
printf("decrypt_len=%d\n",decrypt_len);
return 0;
See www.c-faq.com number 4.8.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
