Regarding migration from openssl 1.0.2j to openssl 3.0.12
manjunatha srinivasan
manjunathan.n at gmail.com
Wed Feb 21 11:24:29 UTC 2024
Hi
If I hard cipher hexa values which generated during openssl 1.0.2j support
and execute it with program for openssl 3.0.12, only with decryption part
like below
getting error "
--code change only for decryption in program for openssl 3.0.12---
hex2ascii((char
187
*)"EC17F58AACD00AFAFB77709DD0A94B03B4CD133A63A320284BBCEFDBCE59F9DFFB77709DD0A94B03FB77709DD0A94B03EC051AC36E395F20FB77709DD0A94B03",
188 (char *)asciitext, 128);
--------------8<-----------------
error:
3050FCB6:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad
decrypt:../openssl-3.0.12/providers/implementations/ciphers/ciphercommon_block.c:124:
Thanks
Manjunatha Srinivasan N
On Tue, 20 Feb 2024 at 22:48, manjunatha srinivasan <manjunathan.n at gmail.com>
wrote:
> Hi
> Below is code compiled against openssl 1.0.2j version where key size
> 192-bits and block size is 512-bits (BUFFER_LENGTH) (64 bytes).
> After making encryption, the hex value of 64 byte cipher stored. Now the
> system is migrated to openssl 3.0.12. With openssl 3.0.12
> it is necessary to reuse stored 64 bytes ciper for decryption. Below is
> second part of sample code used is openssl 3.0.12 for
> encryption/decryption.
> Here I don't have proper idea to handle 64 bytes cipher hex stored data of
> openssl 1.0.2j for decryption in openssl 3.0.12.
>
> by using the code for 3.0.12, with same 192-bit key, I don't know to
> define block size of cipher. In code for 3.0.12 openssl,
> the block size is generated as 16 bytes always.
>
> Please help me to proceed further. Thank you.
>
> Code used for encryption/decryption in openssl 1.0.2j:
> ------------------------------------------------------
>
> #define BUFFER_LENGTH 64
>
> unsigned char pltmp[BUFFER_LENGTH] = {'\0'};
> unsigned char citmp[BUFFER_LENGTH] = {'\0'};
> unsigned char plaintext[BUFFER_LENGTH] = {'\0'};
> EVP_CIPHER_CTX ctx;
> EVP_CIPHER_CTX_init(&ctx);
>
> if (isEncrpyption == true)
> {
> memcpy(plaintext, in, BUFFER_LENGTH);
> if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 1)
> <= 0)
> {
> EVP_CIPHER_CTX_cleanup(&ctx);
> return 0;
> }
> EVP_Cipher(&ctx, citmp, plaintext, BUFFER_LENGTH);
> memcpy(out, citmp, BUFFER_LENGTH);
> }
> else
> {
> memcpy(citmp, in, BUFFER_LENGTH);
> if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 0)
> <= 0)
> {
> EVP_CIPHER_CTX_cleanup(&ctx);
> return 0;
> }
> EVP_Cipher(&ctx, pltmp, citmp, BUFFER_LENGTH);
> memcpy(out, pltmp, BUFFER_LENGTH);
> }
>
> return 1;
>
> ---
>
> Code used in encryption/decryption in openssl 3.0.12:
> -----------------------------------------------------
>
> int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char
> *key,
> unsigned char *iv, unsigned char *plaintext)
> {
> EVP_CIPHER_CTX *ctx;
>
> int len;
>
> int plaintext_len;
>
> /* Create and initialise the context */
> if(!(ctx = EVP_CIPHER_CTX_new()))
> handleErrors();
>
> /*
> * Initialise the decryption operation. IMPORTANT - ensure you use a
> key
> * and IV size appropriate for your cipher
> * In this example we are using 256 bit AES (i.e. a 256 bit key). The
> * IV size for *most* modes is the same as the block size. For AES this
> * is 128 bits
> */
> if(1 != EVP_DecryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, iv))
> handleErrors();
>
> /*
> * Provide the message to be decrypted, and obtain the plaintext
> output.
> * EVP_DecryptUpdate can be called multiple times if necessary.
> */
> if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext,
> ciphertext_len))
> handleErrors();
> plaintext_len = len;
>
> /*
> * Finalise the decryption. Further plaintext bytes may be written at
> * this stage.
> */
> if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len))
> handleErrors();
> plaintext_len += len;
>
> /* Clean up */
> EVP_CIPHER_CTX_free(ctx);
>
> return plaintext_len;
> }
>
> ---
> int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char
> *key,
> unsigned char *iv, unsigned char *ciphertext)
> {
> EVP_CIPHER_CTX *ctx;
>
> int len;
>
> int ciphertext_len;
>
> /* Create and initialise the context */
> if(!(ctx = EVP_CIPHER_CTX_new()))
> handleErrors();
>
> /*
> * Initialise the encryption operation. IMPORTANT - ensure you use a
> key
> * and IV size appropriate for your cipher
> * In this example we are using 256 bit AES (i.e. a 256 bit key). The
> * IV size for *most* modes is the same as the block size. For AES this
> * is 128 bits
> */
> if(1 != EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, iv))
> handleErrors();
>
> /*
> * Provide the message to be encrypted, and obtain the encrypted
> output.
> * EVP_EncryptUpdate can be called multiple times if necessary
> */
> if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext,
> plaintext_len))
> handleErrors();
> ciphertext_len = len;
>
> /*
> * Finalise the encryption. Further ciphertext bytes may be written at
> * this stage.
> */
> if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
> handleErrors();
> ciphertext_len += len;
>
> /* Clean up */
> EVP_CIPHER_CTX_free(ctx);
>
> return ciphertext_len;
> }
> int ascii2hex(unsigned char *buf, int len, string & hex)
> {
> int i,n;
> char buff[3]={0};
> for (i = 0, n = 0; i < len; i++)
> {
> if (n > 7)
> {
> printf("\n");
> n = 0;
> }
> printf("%02x ", buf[i]);
> sprintf(buff, "%02x", buf[i]);
> // strcat((char *)hex.c_str(), (const char *)buff);
> hex = hex + buff;
> n++;
> }
> printf("\n");
> return (0);
> }
>
>
> //int hex2ascii(unsigned char *buf, int len, string & hex)
> void hex2ascii(char *hexString, char *asciiString, int size)
> {
>
> char *ptrBuffer=NULL;
> char buff[3]={0};
> unsigned long int ul=0;
> ptrBuffer = asciiString;
>
> for (int i = 0; i < size; i += 2)
> {
> strncpy(buff, hexString + i, 2);
> ul = strtoul(buff, NULL, 16);
> *ptrBuffer = char(ul);
> ptrBuffer++;
> }
> }
>
> int main (void)
> {
> /*
> * Set up the key and iv. Do I need to say to not hard code these in a
> * real application? :-)
> */
>
> /* A 192 bit key */
> //unsigned char *key; Here is key size is 192-bits as said before.
>
>
> /* IV is NULL */
> unsigned char *iv = NULL;
>
> /* Message to be encrypted */
> unsigned char *plaintext =
> (unsigned char *)"The quick brown fox jumps over the lazy dog -
> Yes ";
>
> printf("plaintext length is : %d\n", (int) strlen((const char
> *)plaintext));
> /*
> * Buffer for ciphertext. Ensure the buffer is long enough for the
> * ciphertext which may be longer than the plaintext, depending on the
> * algorithm and mode.
> */
> unsigned char ciphertext[128];
> //unsigned char hextext[128];
> string hextext;
>
>
> /* Buffer for the decrypted text */
> unsigned char decryptedtext[128];
>
> int decryptedtext_len, ciphertext_len;
>
> /* Encrypt the plaintext */
> ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key,
> iv,
> ciphertext);
>
> /* Do something useful with the ciphertext here */
> printf("Ciphertext is:\n");
> BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len);
>
> //printf("AES Encrypted: \"%s\"\n", (char *)ciphertext);
>
> printf("Ciphertext length is :%d\n", ciphertext_len);
> hextext.clear();
> ascii2hex(ciphertext, ciphertext_len, hextext);
>
>
> unsigned char asciitext[128];
> cout << "Hex " << hextext << endl;
>
> hex2ascii((char *)hextext.c_str(), (char *)asciitext,
> hextext.length());
>
> //printf("Hextext length is :%s\n", hextext.c_str());
>
> //char hexString[128]={0};
> // Convert encrypted => hexString
> //ascii2hex((char *) ciphertext, hexString, ciphertext_len);
>
> // unsigned char ciphertext1[128];
> //int ciphertext1_len;
>
> //hex2ascii(hexString, (char *)ciphertext1, 128);
> //ciphertext1_len = 128;
>
>
>
>
> //unsigned char hexString[128]={0}, encryptedString[64]={0};
> //ascii2hex(ciphertext, hexString, ciphertext_len);
> /* Decrypt the ciphertext */
> // decryptedtext_len = decrypt(ciphertext, ciphertext_len, key, iv,
> // decryptedtext);
>
> decryptedtext_len = decrypt(asciitext, hextext.length()/2, key, iv,
> decryptedtext);
>
> /* Add a NULL terminator. We are expecting printable text */
> decryptedtext[decryptedtext_len] = '\0';
>
> /* Show the decrypted text */
> printf("Decrypted text is:\n");
> printf("%s\n", decryptedtext);
> printf("Decrypted text length is: %d\n", decryptedtext_len);
>
>
>
> return 0;
> }
>
>
> Regards
> Manjunatha Srinivasan N
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240221/825b6b12/attachment-0001.htm>
More information about the openssl-users
mailing list