Hello,
> I want to decrypt using 3DES and want to use the EVP api.
> Here's what i'm doing, it will be nice someone could validate if my approach
> is correct. here's the code that i have come up with...
>
>
> int 3desDecrypt(unsigned char * pEncData, int pDataSize)
> {
> int dec_data_size = 0;
>
> EVP_CIPHER_CTX *dec_ctx = (EVP_CIPHER_CTX *)
> malloc(sizeof(EVP_CIPHER_CTX));
> EVP_CIPHER_CTX_init(dec_ctx);
> EVP_DecryptInit(dec_ctx, EVP_des_ede3_cbc(), myStruct->key,
> myStruct->IV);
>
> char *decrypt_data = do_decrypt(dec_ctx, pEncData, pDataSize,
> &dec_data_size);
>
> // use the decrypt_data ....
> free(decrypt_data);
> EVP_CIPHER_CTX_cleanup(dec_ctx);
> return 0;
> }
>
>
> unsigned char *do_decrypt(EVP_CIPHER_CTX * ctx, unsigned char *data, int
> inl, int *dec_data_size)
> {
> unsigned char *buf;
> int ol;
> int bl = EVP_CIPHER_CTX_block_size (ctx);
>
> buf = (unsigned char *) malloc (inl + bl);
>
> EVP_DecryptUpdate (ctx, buf, &ol, data, inl);
> *dec_data_size = *dec_data_size + ol;
>
> EVP_DecryptFinal(ctx, buf + ol, &ol);
> *dec_data_size = *dec_data_size + ol;
>
> // return the decrypted buffer.
> return buf;
> }
>
Looks good, but my proposition is to add some error code checking
(for bad padding for example) something like that:
if(!EVP_DecryptFinal(...)){
/* error handling routine */
}
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
