Skip to content

Fix README encryption example: DES disabled in OpenSSL 3.x#340

Merged
zhaozg merged 2 commits into
masterfrom
copilot/fix-encryption-functions
Nov 9, 2025
Merged

Fix README encryption example: DES disabled in OpenSSL 3.x#340
zhaozg merged 2 commits into
masterfrom
copilot/fix-encryption-functions

Conversation

Copilot AI commented Nov 8, 2025

Copy link
Copy Markdown
Contributor

Description

Example 1 in README uses DES cipher, which is disabled by default in OpenSSL 3.x, causing encrypt() to return nil without clear error handling guidance.

Related Issue

Fixes #(issue number - encryption and decryption functions appear broken)

Type of Change

  • Bug fix
  • New feature
  • Documentation update
  • Code review/analysis
  • Performance improvement
  • Code refactoring
  • Other (please describe)

Changes Made

  • Replaced DES with AES-128-CBC in Example 1
  • Added error handling pattern showing how to capture and check nil returns
  • Added comment explaining DES is disabled in OpenSSL 3.x
  • Added proper 16-byte key and IV for AES-128

Before:

local evp_cipher = openssl.cipher.get('des')
m = 'abcdefghick'
key = m
cdata = evp_cipher:encrypt(m,key)  -- Returns nil in OpenSSL 3.x
m1  = evp_cipher:decrypt(cdata,key)

After:

local evp_cipher = openssl.cipher.get('aes-128-cbc')
local msg = 'abcdefghick'
local key = '1234567890123456'  -- 16 bytes for AES-128
local iv = '1234567890123456'   -- 16 bytes IV

local cdata, err = evp_cipher:encrypt(msg, key, iv)
if not cdata then
  print("Encryption failed: " .. (err or "unknown error"))
  return
end

Testing

  • Manual testing performed
    • Verified AES-128-CBC example executes successfully
    • Confirmed DES returns nil with "unsupported" error message
    • Validated error handling captures failure cases

Checklist

  • My code follows the style guidelines of this project (clang-format)
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas (N/A - documentation only)
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works (N/A - documentation only)
  • New and existing unit tests pass locally with my changes (N/A - documentation only)
  • Any dependent changes have been merged and published

OpenSSL Compatibility

  • OpenSSL 1.0.2u
  • OpenSSL 1.1.1w
  • OpenSSL 3.0.x (tested with 3.6.0)
  • OpenSSL 3.5+
  • LibreSSL 3.3.6+

Additional Notes

This addresses the root cause of the reported issue where users saw nil returns with no diagnostic output. The fix also improves security posture by steering users toward modern ciphers and demonstrates proper error handling as documented in "Howto 6: Handle fail or error" section.

Original prompt

This section details on the original issue you should resolve

<issue_title>Encryption and Decryption functions appear broken</issue_title>
<issue_description>- uname -a or OS info:
Linux Mothra 6.17.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 23 Oct 2025 18:49:03 +0000 x86_64 GNU/Linux

  • openssl version or OPENSSL_VERSION_TEXT in your opensslv.h:
    OpenSSL 3.6.0 1 Oct 2025 (Library: OpenSSL 3.6.0 1 Oct 2025)

  • lua -v or luajit -v:
    Lua 5.3.6 Copyright (C) 1994-2020 Lua.org, PUC-Rio

  • lua5.3 -e "print(require'openssl'.version())"
    0.9.2 Lua 5.3 OpenSSL 3.6.0 1 Oct 2025

Problem details

The response from encrypt() and decrypt return nil with no other printing or diagnostics.
This is even true using the example code from the Readme.

Steps/codes to reproduce the bug

  1. Create a lua file named example.lua with the following content:
openssl = require "openssl"
local evp_cipher = openssl.cipher.get('des')
m = 'abcdefghick'
key = m
cdata = evp_cipher:encrypt(m,key)
print("cdata is of type: " .. type(cdata))
m1  = evp_cipher:decrypt(cdata,key)
assert(m==m1)
  1. Run the script. I'm using 5.3:
$ lua5.3 example.lua
cdata is of type: nil
lua5.3: example.lua:7: bad argument zhaozg/lua-openssl#1 to 'decrypt' (string expected, got nil)
stack traceback:
        [C]: in method 'decrypt'
        example.lua:7: in main chunk
        [C]: in ?
  1. Observe that it's unable to decrypt because cdata is nil, not a string.

Additional context
I've installed this module using luarocks. I've been able to use the hmac functions in it successfully. It's unclear what's happening in decrypt. I suspect there's an openssl call returning 0 somewhere, but I have no idea where.
</issue_description>

Comments on the Issue (you are @copilot in this section)

@zhaozg `DES` too weak for security, It is disabled default in OpenSSL 3.x. You must explicit enable it or use old version OpenSSL. I advice you try to use aes-128 or aes-256. @zhaozg got,poor doc @zhaozg cdata = evp_cipher:encrypt(m,key) if not cdata then print(openssl.error()) end

and need check message, with padding </comment_new>


💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Co-authored-by: zhaozg <542599+zhaozg@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix broken encryption and decryption functions Fix README encryption example: DES disabled in OpenSSL 3.x Nov 8, 2025
Copilot AI requested a review from zhaozg November 8, 2025 08:45
@zhaozg
zhaozg marked this pull request as ready for review November 8, 2025 10:43
@zhaozg
zhaozg merged commit c39f9e4 into master Nov 9, 2025
142 checks passed
@zhaozg
zhaozg deleted the copilot/fix-encryption-functions branch November 9, 2025 05:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Encryption and Decryption functions appear broken

2 participants