[SOLVED]OpenSSL encryption in Qt sometimes return zero length on decryption.

antonyprojr

I'm trying this code to encrypt and decrypt some data. The problem is sometimes the result length of decrypted data is zero. I don't understand why.

@AES* aes = new AES;

void MainWindow::on_pushButton_2_clicked()
{
QByteArray source = ui->lineEdit->text().toLatin1();
QString password = QString::number(qrand());
QByteArray enc = aes->Encrypt(source, password);
QByteArray dec = aes->Decrypt(enc, password);
QString text(dec);
}
QByteArray AES::Encrypt(QByteArray source, QString password)
{
EVP_CIPHER_CTX en;

unsigned int salt[] = {12345, 54321};
unsigned char *key_data;
int key_data_len;

QByteArray ba = password.toLatin1();
key_data = (unsigned char*)ba.data();
key_data_len = strlen((char*)key_data);

int i, nrounds = 5;
unsigned char key[32], iv[32];

i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), (unsigned char )salt, key_data, key_data_len, nrounds, key, iv);
if (i != 32) {
qDebug() << "Key size is " + QString::number(i8) + " bits - should be 256 bits";
}

EVP_CIPHER_CTX_init(&en);
EVP_EncryptInit_ex(&en, EVP_aes_256_cbc(), NULL, key, iv);

char *input = source.data();
char *out;
int len;

len = strlen(input);

int c_len = len + AES_BLOCK_SIZE, f_len = 0;
unsigned char *ciphertext = (unsigned char *)malloc(c_len);

EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL);
EVP_EncryptUpdate(&en, ciphertext, &c_len, (unsigned char *)input, len);
EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len);

len = c_len + f_len;

out = (char*)ciphertext;

qDebug() << QString::number(len);

EVP_CIPHER_CTX_cleanup(&en);

return QByteArray(out, len);
}

QByteArray AES::Decrypt(QByteArray source, QString password)
{
EVP_CIPHER_CTX de;

unsigned int salt[] = {12345, 54321};
unsigned char *key_data;
int key_data_len;

QByteArray ba = password.toLatin1();
key_data = (unsigned char*)ba.data();
key_data_len = strlen((char*)key_data);

int i, nrounds = 5;
unsigned char key[32], iv[32];

i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), (unsigned char )salt, key_data, key_data_len, nrounds, key, iv);
if (i != 32) {
qDebug() << "Key size is " + QString::number(i8) + " bits - should be 256 bits";
}

EVP_CIPHER_CTX_init(&de);
EVP_DecryptInit_ex(&de, EVP_aes_256_cbc(), NULL, key, iv);

char *input = source.data();
char *out;
int len;

len = strlen(input);

int p_len = len, f_len = 0;
unsigned char *plaintext = (unsigned char *)malloc(p_len + AES_BLOCK_SIZE);

EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL);
EVP_DecryptUpdate(&de, plaintext, &p_len, (unsigned char *)input, len);
EVP_DecryptFinal_ex(&de, plaintext+p_len, &f_len);

len = p_len + f_len;

out = (char*)plaintext;

qDebug() << QString::number(len);

EVP_CIPHER_CTX_cleanup(&de);

return QByteArray(out, len);
}@

antonyprojr

Now i'm using botan and i have no trouble.

oyefremov

Following code fragment is incorrect:
@
char *input = source.data();
char *out;
int len;

len = strlen(input);
@

it must be replaced with:

@
char *input = source.data();
char *out;
int len = source.size();
@

data in input array can include zero bytes and strlen can not be used to measure it.