Cristina Nita-Rotaru wrote: > > Hello, > > I am writing an application where I need to do encryption > in place, on a data which is splitted on multiple buffers, avoiding > the solution where everything is copied in one big buffer, encrypted > and then copied back. I want to use the EVP interface and not > lower level functions. > > I am using the EVP interface with Blowfish as encryption algorithm. > I wrote a very simple test program where EVP_EncryptUpdate (each of the > > calls encrypts 16 bytes) is called two consecutive times, followed by > an > EVP_EncryptFinal which addes 8 more bytes, so the total size is 40 > bytes. > Decryption is done in a similar manner, EVP_Decrypt update called twice > and then > Decrypt Final. However, the first EVP_DecryptUpdate called on the first > 16 bytes > returns 8 when decrypting so in the end the EVP_DecryptFinal fails. > > Any ideas what might be the problem? >
That's expected behaviour. Because of the padding checks the EVP_Decrypt*() routines need to store up to one block of data internally. As a result you may get less data from EVP_DecryptUpdate() (up to one block less) or more data (one byte less than one block more) than is supplied. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]