Home/ Questions/Q 7726391
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T05:12:09+00:00

i’m working with OpenSSL lib and get very strange effect with AES encrypt/decrypt: if

  • 0

i’m working with OpenSSL lib and get very strange effect with AES encrypt/decrypt: if i’ll change some byte in encrypted message and decrypt it, i will see the part of original message, that isn’t suppose to be. This is source code:

#include <openssl/evp.h> 
#include <string.h>

int do_crypt(void) 
{  
 int outlen, inlen;  
 FILE *in, *out;  
 in = fopen("in.txt", "r"); 
 out = fopen("out.txt", "w"); 
 unsigned char key[32];
 strcpy(key, "10000000000000000000000000000002"); 
 unsigned char iv[8];
 unsigned char inbuf[BUFSIZE], outbuf[BUFSIZE];  
 EVP_CIPHER_CTX ctx;  
 const EVP_CIPHER * cipher;    


 EVP_CIPHER_CTX_init(&ctx);   
 cipher = EVP_aes_256_cfb(); 
 EVP_EncryptInit(&ctx, cipher, key, 0); 

while(1) {                    
 inlen = fread(inbuf, 1, BUFSIZE, in);  
 if(inlen <= 0) break;  
 if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) return 0;  
 fwrite(outbuf, 1, outlen, out);  
 }    

if(!EVP_EncryptFinal(&ctx, outbuf, &outlen)) return 0;  
 fwrite(outbuf, 1, outlen, out);  
 EVP_CIPHER_CTX_cleanup(&ctx);  
 return 1;  
} 

int do_decrypt(char *infile) 
{  
 int outlen, inlen;  
 FILE *in, *out;  
 in = fopen("out.txt", "r"); 
 out = fopen("out2.txt", "w"); 
 unsigned char key[32];
 strcpy(key, "10000000000000000000000000000002"); 
 unsigned char iv[8];  
 unsigned char inbuf[BUFSIZE], outbuf[BUFSIZE];  
 EVP_CIPHER_CTX ctx;  

 EVP_CIPHER_CTX_init(&ctx);  
 EVP_DecryptInit(&ctx, EVP_aes_256_cfb(), key, 0);  

 while(1) {  
 inlen = fread(inbuf, 1, BUFSIZE, in);  
 if(inlen <= 0) break;  
 if(!EVP_DecryptUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) return 0; 
 fwrite(outbuf, 1, outlen, out);  
 }  

 if(!EVP_DecryptFinal(&ctx, outbuf, &outlen)) return 0;  
 fwrite(outbuf, 1, outlen, out);  
 EVP_CIPHER_CTX_cleanup(&ctx);  
 return 1;  
} 

main(int argc, char **argv){ 
if(atoi(argv[1]) == 1) 
    do_crypt(0); 
if(atoi(argv[1]) == 2) 
    do_decrypt(0);    
}

What could be wrong?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What’s wrong is your expectation that the whole message becomes unreadable because a single byte was changed.

    Which parts of the message become unreadable depends on the chosen encryption mode. You’re using CFB. This means if you change a single byte in the ciphertext, the corresponding byte and the block after that get corrupted, and the cipher recovers from the error afterwards.

    PCBC will corrupt all output after the error. But it still does not detect the error.

    I recommend adding authentication (either a MAC, or a mode with integrated authentication such as AES-GCM).

    • 0