EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate
Norm Green
norm.green at gemtalksystems.com
Tue Oct 1 01:11:39 UTC 2019
Hi all,
I'm using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in
order to write database/disk encryption software.
When encrypting, I have problems if I call EVP_CipherUpdate() and
encrypt the data in chunks. Encrypting only works when I encrypt the
entire payload with one and only one call to EVP_CipherUpdate.
If I try to break the data into chunks (and make more than one call to
EVP_CipherUpdate), then decrypting the data produces garbage after the
first chunk that was encrypted
When decrypting, I always decrypt all data in one call to EVP_CipherUpdate .
For example, when encrypting 1024 bytes, this pseudo-code sequence works:
char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, &destSize, payload, sizeof(payload));
EVP_CipherFinal(); (produces no additional data)
However if I break the 1024 payload into 2 x 512 byte chunks, decrypting
the entire 1024 bytes of cipher text produces garbage every time:
char payload[1024];
char encrypted[1024];
int destSize = sizeof(encrypted);
EVP_CipherInit_ex();
EVP_CipherUpdate(ctx, encrypted, &destSize, payload, 512); // first chunk
destSize -= 512;
EVP_CipherUpdate(ctx, &encrypted[512], &destSize, &payload[512], 512);
// second chunk
EVP_CipherFinal(); (produces no additional data)
I have a short C program that demonstrates the problem that I can post
if necessary.
Can anyone explain what's going on?
Norm Green
CTO, GemTalk Systems Inc.
More information about the openssl-users
mailing list