Re: beginner question.

Sun, 16 Sep 2001 17:12:38 -0700 



[EMAIL PROTECTED] wrote:
> 
> Hello,
> 
> I got a problem related to EVP primitives, and i can't find where the
> problem is.
> 
> in the docs, it says :
> "..EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the
> corresponding decryption operations. EVP_DecryptFinal() will return an
> error code if padding is enabled and the final block is not correctly
> formatted. ..."
> 
> I don't understand "the final block is not correctly formatted", what is
> the format ?! or what are the wrong format which make this function to fail ?.
> (excepted null)
> 

The output of EVP_EncryptFinal() uses the correct format. Its
effectively saying that the only place it will notice something wrong
(due to the wrong key, corrupted data etc) is in the final block and
then not always.

> I've just coded 2 functions,
> 
> char *crypt(char *str, char *key) (which works fine)
> int decrypt(char *dest, char *str, char *key)
> 
> using EVP primitives, i've done the test by using EVP_enc_null()
> as encryption/decryption algorithm, which mean that my text was only
> base128 armored, and it was working fine, but as long as i put a real
> algorithm like EVP_bf_cbc or EVP_bf_cfb (blowfish is the one i want)
> it just fails, the length returned by both EVP_DecryptUpdate and Final
> is 0, but the input is non null.
> 
> any ideas ?!
> 

Impossible to do anything other than guess without seeing your code.
However a common mistake is to assume that functions like strlen() can
be used on the output of EVP_Encrypt*(). They can't because the result
is not null terminated ASCII data, its binary and can contain embedded
nulls.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to