Sent from iTouch
> On Mar 7, 2014, at 11:42 AM, "Li, David" <l...@cloudshield.com> wrote:
>
> Hi,
>
> I am new to openssl C APIs. So I wrote a simple test to encrypt and decrypt a
> 15 byte ASCII string using AES128. The encryption seems OK and the encrypted
> length is 16. But the decryption always failed at EVP_DecryptFinal_ex(). The
> error code is 0 and means padding error. I have been searching on the web but
> so far nothing worked. Can anyone here suggest how to debug this error?
>
> Thanks!
>
> [ Code fragment]
> =================
> static int
> my_decrypt(char* data, int datalen, char *debuf, int *delen)
> {
>
> // data is holding the cipher text
> // debuf is to hold the decrypted plain text
> // datalen is 16
> //
>
> int rc;
>
>
> printf (" Data len to be decrypted %d\n", datalen); // 16
> if (!( rc = EVP_DecryptUpdate(&ctx, debuf, delen, data, datalen))) {
> printf (" Decryption error: %d\n", rc);
> return -1;
> }
> printf (" DecryptUpdate delen = %d \n", *delen); // 16
>
> printf (" Finalizing \n");
> if ((rc = EVP_DecryptFinal_ex(&ctx, debuf, &datalen)) == 0) {
> printf (" Finalization error: %d\n", rc); // This is the failure! rc = 0
> return -1;
> }
>
>
>
> David Li
>
It is not clear your encryption is valid, and as you suspect padding may be the
cause.
In cases such as this I recommend firing up another crypto lib to encrypt on
one and decrypt on the other, and visa versa. You should be able to close in
on the cause a lot faster than continually futzing with only the one lib.