EVP_CipherFinal_ex fails

[Nico Flink]

Hello,

 

I am using EVP to encrypt and decrypt some files. This works pretty well. But now I restructured my code in order to be able to decrypt data streams so I don’t have to save an unencrypted version of a file on the hd before computing it. To do that I initialize the cipher context before the use of data streams and use the same one until all streams are done. According to the notes regarding EVP_CipherFinal_ex() this is okay (“… because they can reuse an existing context without allocating and freeing it up on each call”).

 

A stream data package can be a whole file or just parts of an encrypted file and is divided into chunks that are multiples of 32. As the last chunk can be less than 32 bytes padding is enabled. Now my problem is that EVP_CipherFinal_ex, which is called when a stream data package is done, fails with the following error:

 

error:06065064:lib(6):func(101):reason(100):.\crypto\evp\evp_enc.c:467 or 474

 

There are a few observations I made that seem strange to me:

 

-          If I disable padding I don’t get any errors but data seems to be missing.

-          If padding is enabled I get the above described error but no data seems to be missing.

-          Even if the data chunk is a multiple of 32 bytes EVP_DecryptUpdate() copies a block of data to “ctx->final” and sets “ctx->final_used” as true because “ctx->buf_len” equals 0

 

The general structure of my code looks like this:

 

InitCipherContext()

For each stream data package do

    While(dataChunk)

        EVP_CipherUpdate(dataChunk)

    EndWhile

    EVP_CipherFinal_ex()

EndFor

ClearCipherContext()

 

Does anyone have any idea what might be the problem here?

 

Thanks a lot for your help.

 

Cheers

Nico