>From the BIO_f_cipher() man page: BIO_flush() on an encryption BIO that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the BIO. . ... . NOTES When encrypting BIO_flush() must be called to flush the final block through the BIO. If it is not then the final block will fail a subsequent decrypt ====================== Greg Stark [EMAIL PROTECTED] ====================== ----- Original Message ----- From: "Shaheed Bacchus" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, September 04, 2001 4:55 PM Subject: Re: > hello, > i am trying to write a piece of code that will take an unsigned char* > (called Data) and 3DES encode it and then store it in another > unsigned char *. at the bottom of this message are two code > snippets, #1 writes the encrypted data to a file BIO while #2 > writes it to a mem BIO. #1 appears to work perfectly, if i use > the "openssl des3" command with the appropiate flags and key > i can decrypt the file that was written. #2 does not work, the > encrypted data produced is always shorter than the data > produced by #1 and i cannot decrypt it. any ideas on why > #2 will not work? > > code snippet #1: > ------------------------------------------------------------------------ > const EVP_CIPHER *cipher=NULL; > unsigned char *SaltPtr=NULL; > unsigned char Salt[PKCS5_SALT_LEN]; > unsigned char Key[24], MD[MD5_DIGEST_LENGTH]; > BIO *OutData, *EncBio=NULL; > BUF_MEM *OutDataBuf=NULL; > static const char magic[]="Salted__"; > int DataLen=0; > > OpenSSL_add_all_algorithms(); > cipher = EVP_get_cipherbyname("des3"); > OutData = BIO_new(BIO_s_file()); > if (BIO_write_filename(OutData, "mytest.des") <= 0) > { > printf("Error with BIO_write\n"); > goto end; > } > if (RAND_pseudo_bytes(Salt, PKCS5_SALT_LEN) < 0) > { > printf("Error with RAND_pseudo_bytes\n"); > return (1); > } > if ((BIO_write(OutData, magic, sizeof(magic)-1) != sizeof(magic)-1) > || (BIO_write(OutData, (char *) Salt, PKCS5_SALT_LEN) != > PKCS5_SALT_LEN)) > { > printf("Error writing salt\n"); > goto end; > } > SaltPtr = Salt; > EVP_BytesToKey(cipher, EVP_md5(), SaltPtr, > (unsigned char *) Passwd, > strlen(Passwd), 1, Key, MD); > if (!(EncBio=BIO_new(BIO_f_cipher()))) > goto end; > BIO_set_cipher(EncBio, cipher, Key, MD, 1); > if (EncBio) > { > OutData = BIO_push(EncBio, OutData); > } > if (BIO_write(OutData, (char *)Data, strlen(Data)) != strlen(Data)) > { > printf("Error writing Data\n"); > goto end; > } > --------------------------------------------------------------------- > > code snippet #2: > ---------------------------------------------------------------------- > const EVP_CIPHER *cipher=NULL; > unsigned char *SaltPtr=NULL; > unsigned char Salt[PKCS5_SALT_LEN]; > unsigned char Key[24], MD[MD5_DIGEST_LENGTH]; > BIO *OutData, *EncBio=NULL; > BUF_MEM *OutDataBuf=NULL; > static const char magic[]="Salted__"; > int DataLen=0, ret=0; > > OpenSSL_add_all_algorithms(); > cipher = EVP_get_cipherbyname("des3"); > OutData = BIO_new(BIO_s_mem()); > if (RAND_pseudo_bytes(Salt, PKCS5_SALT_LEN) < 0) > { > printf("Error with RAND_pseudo_bytes \n"); > return (1); > } > > if ((BIO_write(OutData, magic, sizeof(magic)-1) != sizeof(magic)-1) || > (BIO_write(OutData, (char *) Salt, PKCS5_SALT_LEN) != > PKCS5_SALT_LEN)) > { > printf("Error writing salt\n"); > goto end; > } > EVP_BytesToKey(cipher, EVP_md5(), SaltPtr, > (unsigned char *) Passwd, > strlen(Passwd), 1, Key, MD); > if (!(EncBio=BIO_new(BIO_f_cipher()))) > goto end; > BIO_set_cipher(EncBio, cipher, Key, MD, 1); > if (EncBio) > { > OutData = BIO_push(EncBio, OutData); > } > if (BIO_write(OutData, (char *)Data, strlen(Data)) != strlen(Data)) > { > printf("Error writing Data\n"); > goto end; > } > BIO_get_mem_ptr(OutData, &OutDataBuf); > DataLen = OutDataBuf->length; > OutBuf = OutDataBuf->data; > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]