I am trying to do encryption using the "evp" APIs. For testing I am
using "AES-128-ECB" as the cypher. I have no problem encrypting and
decrypting, rather I am having problems with the sizes of the buffers.
My program is largely the same as evp_test.c function "test1" with
the release /openssl-0.9.8c/test, however this program does not
handle the padding -- all the test cases have even block-count bytes
and the padding is turned off. I removed the call to turn off the
padding in my program. My program is also like a sample program I
found on-line which handles the padding the same as I
do: http://tldp.org/LDP/LG/issue87/vinayak.html
When encrypting a string of 37 bytes and passing as such:
if (!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,37)) {
outl becomes 48 at this point (which is the expected size since this
alogrithm appears to block at 16 bytes). However, the next call as such:
if (!EVP_EncryptFinal(&ctx,out+outl,&outl2)) {
this sets outl2 to 16 ... meaning it padded one more additional block.
If I send decrypt 64 bytes it gives the desired answer (e.g. my text
is what I expect it to be). This is what I send:
if (!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,64)) {
outl is set to 48 (I would really like it to be 37 ...)
if (!EVP_DecryptFinal(&ctx,out+outl,&outl2)) {
outl2 is set to zero ...
It would seem that the first encrypt SHOULD set 32, the final encrypt
should set 16 and the final result should then be 48 bytes.
It would also seem that the first decrypt should set 32, the final
decrypt should set 5, and the final result should be 37 bytes.
At a bare minimum, it would seem that the "total" from the two
encrypt statements should be 48 and the total from the two decrypt
statement should be 37 or 48, depending on your taste, but I find 37
more useful. Last, I should not have to store 64 bytes of encrypted
data to successfully encrypt and decrypt 37 bytes of data.
I have noticed that if I simply don't do the "final" calls for both
encrypt and decrypt that everything appears to work on the encrypt
and I save 48 bytes ... but when I decrypt it I only get back 32
bytes. And if I do a final decrypt on data that did not have a final
encrypt I get an error.
I suspect I am missing something because using openssl to encrypt the
bytes from a file and in to a file yields a 64 byte file ... just
like my program :-) But I don't understand why.
1) Should I always count on up to 2 extra blocks (1 for the remainder
if any, one for no reason I can tell)?
2) When decrypting, is there a way to find out the original size (in
my case 37)?
3) Am I missing something or is there a bug around here?
4) If I am going to handle large files that require multiple calls to
the Encrypt routines, I presume I would turn the padding off until
the very last block of data? Same with decrypt? My goal would be to
be able to encrypt a file and get the exact same results as command
line openssl. And the reverse.
Thanks,
Eric
This email sent by:
Eric S. Eberhard
(928) 567-3727 Voice
(928) 567-6122 Fax
928-301-7537 -- you may call any time day or night, I turn it off
when I sleep :-) Please try to use a land line first (reception often poor).
Note the change in the domain from vicspdi.com to vicsmba.com !!!!
For Metropolis support and VICS MBA Support!!!!
http://www.vicsmba.com
Completely updated web site of personal pictures with many new
pictures! Includes horses, dogs, Corvairs, and more.
http://www.vicsmba.com/ourpics/index.html
Corvair pictures including the Judson setup on our 62 Sedan and lots
of pictures of Cheryl's 62 Monza Wagon and our 62 Spyder convertible.
http://www.vicsmba.com/ourpics/corvairs.html
My younger brother Martin has started a very serious car company. A
hot rod (very fast) electric roadster is the first offering. The
chassis is built by Lotus to their specs. Check it
out: http://www.teslamotors.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
