Hello, > I want to decrypt using 3DES and want to use the EVP api. > Here's what i'm doing, it will be nice someone could validate if my approach > is correct. here's the code that i have come up with... > > > int 3desDecrypt(unsigned char * pEncData, int pDataSize) > { > int dec_data_size = 0; > > EVP_CIPHER_CTX *dec_ctx = (EVP_CIPHER_CTX *) > malloc(sizeof(EVP_CIPHER_CTX)); > EVP_CIPHER_CTX_init(dec_ctx); > EVP_DecryptInit(dec_ctx, EVP_des_ede3_cbc(), myStruct->key, > myStruct->IV); > > char *decrypt_data = do_decrypt(dec_ctx, pEncData, pDataSize, > &dec_data_size); > > // use the decrypt_data .... > free(decrypt_data); > EVP_CIPHER_CTX_cleanup(dec_ctx); > return 0; > } > > > unsigned char *do_decrypt(EVP_CIPHER_CTX * ctx, unsigned char *data, int > inl, int *dec_data_size) > { > unsigned char *buf; > int ol; > int bl = EVP_CIPHER_CTX_block_size (ctx); > > buf = (unsigned char *) malloc (inl + bl); > > EVP_DecryptUpdate (ctx, buf, &ol, data, inl); > *dec_data_size = *dec_data_size + ol; > > EVP_DecryptFinal(ctx, buf + ol, &ol); > *dec_data_size = *dec_data_size + ol; > > // return the decrypted buffer. > return buf; > } > Looks good, but my proposition is to add some error code checking (for bad padding for example) something like that: if(!EVP_DecryptFinal(...)){ /* error handling routine */ }
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]