On Mon, 17 Sep 2001, Dr S N Henson wrote:
>
>
> [EMAIL PROTECTED] wrote:
> >
> > Hello,
> >
> > I got a problem related to EVP primitives, and i can't find where the
> > problem is.
> >
> > in the docs, it says :
> > "..EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the
> > corresponding decryption operations. EVP_DecryptFinal() will return an
> > error code if padding is enabled and the final block is not correctly
> > formatted. ..."
> >
> > I don't understand "the final block is not correctly formatted", what is
> > the format ?! or what are the wrong format which make this function to fail ?.
> > (excepted null)
> >
>
> The output of EVP_EncryptFinal() uses the correct format. Its
> effectively saying that the only place it will notice something wrong
> (due to the wrong key, corrupted data etc) is in the final block and
> then not always.
>
Ok the thing is i'm armoring the crypted datas, to use for display
using base[64|128] encoding.
Here are the functions i told you about :
...
#define ALGO EVP_bf_cbc()
...
char *crypt(char *str, unsigned char *key)
{
unsigned char outbuf[1024];
unsigned char iv[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
int outlen, tmplen;
EVP_CIPHER_CTX ctx;
EVP_EncryptInit(&ctx, ALGO, key, iv);
EVP_EncryptUpdate(&ctx, outbuf, &outlen, str, strlen(str));
EVP_EncryptFinal(&ctx, outbuf + outlen, &tmplen);
outlen += tmplen;
EVP_CIPHER_CTX_cleanup(&ctx);
return base128_encode(outbuf, outlen);
}
int decrypt(char *dest, char *str, char *key)
{
unsigned char iv[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
int outlen, tmplen, b128_len;
char *b128;
EVP_CIPHER_CTX ctx;
b128 = base128_decode(str, &b128_len);
EVP_DecryptInit(&ctx, ALGO, key, iv);
if(!EVP_DecryptUpdate(&ctx, dest, &outlen, b128, b128_len))
{
perror("EVP error");
return 0;
}
if(!EVP_DecryptFinal(&ctx, dest + outlen, &tmplen))
{
perror("EVP_errors");
return 0;
}
EVP_CIPHER_CTX_cleanup(&ctx);
return 1;
}
when i define ALGO as EVP_enc_null() it works fine, no encryption
just base128 encoded.
If i switch back to EVP_bf_cbc(), it just fails on the decryption routine
and return nothing..(null) string.
base128_[encode|decode] does the allocation & return ptr to the encoded
string.
i might have done a stupid error, but obviously i can't see it :)
thanks for feedback.
> > I've just coded 2 functions,
> >
> > char *crypt(char *str, char *key) (which works fine)
> > int decrypt(char *dest, char *str, char *key)
> >
> > using EVP primitives, i've done the test by using EVP_enc_null()
> > as encryption/decryption algorithm, which mean that my text was only
> > base128 armored, and it was working fine, but as long as i put a real
> > algorithm like EVP_bf_cbc or EVP_bf_cfb (blowfish is the one i want)
> > it just fails, the length returned by both EVP_DecryptUpdate and Final
> > is 0, but the input is non null.
> >
> > any ideas ?!
> >
>
> Impossible to do anything other than guess without seeing your code.
> However a common mistake is to assume that functions like strlen() can
> be used on the output of EVP_Encrypt*(). They can't because the result
> is not null terminated ASCII data, its binary and can contain embedded
> nulls.
I did this error and corrected already using what the EVP primitives
returns me for memcpy|strncpy.
the code is above.
Thanks.
>
> Steve.
-rival.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
