[openssl-users] EVP_DecryptUpdate: why is this failing when out == in?

Paul Smith paul at mad-scientist.net
Fri Dec 21 00:33:12 UTC 2018

I filed https://github.com/openssl/openssl/issues/7941 about this FYI.


On Wed, 2018-12-19 at 01:56 -0500, Paul Smith wrote:
> As I understand it, it's legal to provide the exact same input and
> output buffer to EVP_EncryptUpdate and EVP_DecryptUpdate, but it's not
> legal to provide pointers into different parts of the same buffer. 
> That's a good check.
> However, my implementation is getting triggered by this code in
> EVP_DecryptUpdate():
>     if (ctx->final_used) {
>         /* see comment about PTRDIFF_T comparison above */
> =>      if (((PTRDIFF_T)out == (PTRDIFF_T)in)
>             || is_partially_overlapping(out, in, b)) {
>             return 0;
>         }
> Can someone explain why, only in this specific situation where we're
> decrypting the final block, we require that OUT and IN not be the same
> buffer?  Everywhere else we check is_partially_overlapping() only,
> without equality.
> I read the comment about PTRDIFF_T but I didn't come up with a reason
> for the equality check.  This check was added back in 2016 in SHA
> 5fc77684f1 FWIW.

More information about the openssl-users mailing list