Re: Regarding migration from openssl 1.0.2j to openssl 3.0.12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi 

If I hard cipher hexa values which generated during openssl 1.0.2j support   and execute it with program for openssl 3.0.12, only with decryption part  like below 
getting error "
--code change only for decryption in program for openssl 3.0.12---
hex2ascii((char
187   *)"EC17F58AACD00AFAFB77709DD0A94B03B4CD133A63A320284BBCEFDBCE59F9DFFB77709DD0A94B03FB77709DD0A94B03EC051AC36E395F20FB77709DD0A94B03",
188   (char *)asciitext, 128);
--------------8<-----------------
error: 
3050FCB6:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:../openssl-3.0.12/providers/implementations/ciphers/ciphercommon_block.c:124:


Thanks
Manjunatha Srinivasan N


On Tue, 20 Feb 2024 at 22:48, manjunatha srinivasan <manjunathan.n@xxxxxxxxx> wrote:
Hi 
Below is code compiled against openssl 1.0.2j  version where key size 192-bits and block size is 512-bits (BUFFER_LENGTH) (64 bytes).
After making encryption, the hex value of 64 byte cipher stored. Now the system is migrated to openssl 3.0.12. With openssl 3.0.12
it is necessary to reuse stored 64 bytes ciper for decryption. Below is second part of sample code used is openssl 3.0.12 for encryption/decryption.  
Here I don't have proper idea to handle 64 bytes cipher hex stored data of openssl 1.0.2j for decryption in openssl 3.0.12.

by using the code for 3.0.12, with same 192-bit key, I don't know to define block size of cipher. In code for 3.0.12 openssl,
the block size is generated as 16 bytes always.  
  
Please help me to proceed further.    Thank you. 

Code used for encryption/decryption in openssl 1.0.2j:
------------------------------------------------------

#define BUFFER_LENGTH 64

  unsigned char pltmp[BUFFER_LENGTH] = {'\0'};
  unsigned char citmp[BUFFER_LENGTH] = {'\0'};
  unsigned char plaintext[BUFFER_LENGTH] = {'\0'};
  EVP_CIPHER_CTX ctx;
  EVP_CIPHER_CTX_init(&ctx);

  if (isEncrpyption == true)
  {
      memcpy(plaintext, in, BUFFER_LENGTH);
      if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 1) <= 0)
      {
          EVP_CIPHER_CTX_cleanup(&ctx);
          return 0;
      }
      EVP_Cipher(&ctx, citmp, plaintext, BUFFER_LENGTH);
      memcpy(out, citmp, BUFFER_LENGTH);
  }
  else
  {
      memcpy(citmp, in, BUFFER_LENGTH);
      if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 0) <= 0)
      {
          EVP_CIPHER_CTX_cleanup(&ctx);
          return 0;
      }
      EVP_Cipher(&ctx, pltmp, citmp, BUFFER_LENGTH);
      memcpy(out, pltmp, BUFFER_LENGTH);
  }

  return 1;

---

Code used in encryption/decryption in openssl 3.0.12:
-----------------------------------------------------

int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key,
            unsigned char *iv, unsigned char *plaintext)
{
    EVP_CIPHER_CTX *ctx;

    int len;

    int plaintext_len;

    /* Create and initialise the context */
    if(!(ctx = EVP_CIPHER_CTX_new()))
        handleErrors();

    /*
     * Initialise the decryption operation. IMPORTANT - ensure you use a key
     * and IV size appropriate for your cipher
     * In this example we are using 256 bit AES (i.e. a 256 bit key). The
     * IV size for *most* modes is the same as the block size. For AES this
     * is 128 bits
     */
    if(1 != EVP_DecryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, iv))
        handleErrors();

    /*
     * Provide the message to be decrypted, and obtain the plaintext output.
     * EVP_DecryptUpdate can be called multiple times if necessary.
     */
    if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
        handleErrors();
    plaintext_len = len;

    /*
     * Finalise the decryption. Further plaintext bytes may be written at
     * this stage.
     */
    if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len))
        handleErrors();
    plaintext_len += len;

    /* Clean up */
    EVP_CIPHER_CTX_free(ctx);

    return plaintext_len;
}

---
int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,
            unsigned char *iv, unsigned char *ciphertext)
{
    EVP_CIPHER_CTX *ctx;

    int len;

    int ciphertext_len;

    /* Create and initialise the context */
    if(!(ctx = EVP_CIPHER_CTX_new()))
        handleErrors();

    /*
     * Initialise the encryption operation. IMPORTANT - ensure you use a key
     * and IV size appropriate for your cipher
     * In this example we are using 256 bit AES (i.e. a 256 bit key). The
     * IV size for *most* modes is the same as the block size. For AES this
     * is 128 bits
     */
    if(1 != EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, iv))
        handleErrors();

    /*
     * Provide the message to be encrypted, and obtain the encrypted output.
     * EVP_EncryptUpdate can be called multiple times if necessary
     */
    if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
        handleErrors();
    ciphertext_len = len;

    /*
     * Finalise the encryption. Further ciphertext bytes may be written at
     * this stage.
     */
    if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
        handleErrors();
    ciphertext_len += len;

    /* Clean up */
    EVP_CIPHER_CTX_free(ctx);

    return ciphertext_len;
}
int ascii2hex(unsigned char *buf, int len, string & hex)
{
    int i,n;
    char buff[3]={0};
    for (i = 0, n = 0; i < len; i++)
    {
        if (n > 7)
        {
            printf("\n");
            n = 0;
        }
        printf("%02x ", buf[i]);
        sprintf(buff, "%02x", buf[i]);
       // strcat((char *)hex.c_str(), (const char *)buff);
         hex = hex + buff;
        n++;
    }
    printf("\n");
    return (0);
}


//int hex2ascii(unsigned char *buf, int len, string & hex)
void hex2ascii(char *hexString, char *asciiString, int size)
{

     char *ptrBuffer=NULL;
     char buff[3]={0};
     unsigned long int ul=0;
     ptrBuffer = asciiString;

     for (int i = 0; i < size; i += 2)
     {
          strncpy(buff, hexString + i, 2);
          ul = strtoul(buff, NULL, 16);
          *ptrBuffer = char(ul);
          ptrBuffer++;
     }
}

int main (void)
{
    /*
     * Set up the key and iv. Do I need to say to not hard code these in a
     * real application? :-)
     */

    /* A 192 bit key */
    //unsigned char *key;  Here is key size is 192-bits as said before.
   

    /* IV is NULL */
    unsigned char *iv = NULL;

    /* Message to be encrypted */
    unsigned char *plaintext =
        (unsigned char *)"The quick brown fox jumps over the lazy dog - Yes ";

     printf("plaintext length is : %d\n", (int) strlen((const char *)plaintext));
    /*
     * Buffer for ciphertext. Ensure the buffer is long enough for the
     * ciphertext which may be longer than the plaintext, depending on the
     * algorithm and mode.
     */
    unsigned char ciphertext[128];
    //unsigned char hextext[128];
    string hextext;


    /* Buffer for the decrypted text */
    unsigned char decryptedtext[128];

    int decryptedtext_len, ciphertext_len;

    /* Encrypt the plaintext */
    ciphertext_len = encrypt (plaintext, strlen ((char *)plaintext), key, iv,
                              ciphertext);

    /* Do something useful with the ciphertext here */
    printf("Ciphertext is:\n");
    BIO_dump_fp (stdout, (const char *)ciphertext, ciphertext_len);

    //printf("AES Encrypted: \"%s\"\n", (char *)ciphertext);

    printf("Ciphertext length is :%d\n",  ciphertext_len);
   hextext.clear();
    ascii2hex(ciphertext, ciphertext_len, hextext);


    unsigned char asciitext[128];
    cout << "Hex " << hextext << endl;

    hex2ascii((char *)hextext.c_str(), (char *)asciitext, hextext.length());

    //printf("Hextext length is :%s\n",  hextext.c_str());

    //char hexString[128]={0};
    // Convert encrypted => hexString
    //ascii2hex((char *) ciphertext, hexString, ciphertext_len);

   // unsigned char ciphertext1[128];
    //int ciphertext1_len;

    //hex2ascii(hexString, (char *)ciphertext1, 128);
    //ciphertext1_len = 128;




    //unsigned char hexString[128]={0}, encryptedString[64]={0};
    //ascii2hex(ciphertext, hexString, ciphertext_len);
    /* Decrypt the ciphertext */
//    decryptedtext_len = decrypt(ciphertext, ciphertext_len, key, iv,
 //                               decryptedtext);

     decryptedtext_len = decrypt(asciitext, hextext.length()/2, key, iv,
                                decryptedtext);

    /* Add a NULL terminator. We are expecting printable text */
    decryptedtext[decryptedtext_len] = '\0';

    /* Show the decrypted text */
    printf("Decrypted text is:\n");
    printf("%s\n", decryptedtext);
    printf("Decrypted text length is: %d\n", decryptedtext_len);



    return 0;
}


Regards
Manjunatha Srinivasan N

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux