Hi, I test AES CBC mode with below test case(from RFC 3602 section 4). I meet some questions which are strange for me. (I use openssl-0.9.8g, under WidowsXP, VC6++), 1 EVP_EncryptFinal_ex() shall be called after calling EVP_EncryptUpdate(), or not if the block is just 16 bytes long 2 when I decrypt the ciphertest from the test case , why failed
from RFC 3602 section 4: Case #1: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Key : 0x06a9214036b8a15b512e03d534120006 IV : 0x3dafba429d9eb430b422da802c9fac41 Plaintext : "Single block msg" Ciphertext: 0xe353779c1079aeb82708942dbe77181a below is my test progarm unsigned char *EncryptTest(unsigned char *in, int inl, unsigned char *key, unsigned char *iv, int *outl) { EVP_CIPHER_CTX ctx; int ret; EVP_CIPHER_CTX_init(&ctx); ret = EVP_CIPHER_CTX_set_padding(&ctx, 0); //0 for no padding, 1 for padding if(!ret) abort(); ret = EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), 0, key, iv); if(!ret) abort(); cout<<"EVP_CIPHER_CTX_block_size: "<<EVP_CIPHER_CTX_block_size(&ctx)<<endl; // 16 cout<<"EVP_CIPHER_CTX_key_length: "<<EVP_CIPHER_CTX_key_length(&ctx)<<endl; // 16 cout<<"EVP_CIPHER_CTX_iv_length: "<<EVP_CIPHER_CTX_iv_length(&ctx)<<endl; // 16 unsigned char *out=0; *outl=0; out = (unsigned char *)malloc(inl + EVP_CIPHER_CTX_block_size(&ctx)); int len=0; ret = EVP_EncryptUpdate(&ctx, out, outl, in, inl); if(!ret) abort(); len += *outl; // code here will lead to return 32 bytes long // without below code, the result is right, I get right ciphertext as test case. Why???????????????????????? /* ret = EVP_EncryptFinal_ex(&ctx, out+len, outl); if(!ret) abort(); len += *outl; *outl = len; */ return out; } The decrypt program: unsigned char *DecryptTest(unsigned char *in, int inl, unsigned char *key, unsigned char *iv, int * outl) { int ret; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); ret = EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), 0, key, iv); if(!ret) abort(); cout<<"EVP_CIPHER_CTX_block_size: "<<EVP_CIPHER_CTX_block_size(&ctx)<<endl; // 16 cout<<"EVP_CIPHER_CTX_key_length: "<<EVP_CIPHER_CTX_key_length(&ctx)<<endl; // 16 cout<<"EVP_CIPHER_CTX_iv_length: "<<EVP_CIPHER_CTX_iv_length(&ctx)<<endl; // 16 here unsigned char *out=0; *outl=0; out = (unsigned char *)malloc(inl + EVP_CIPHER_CTX_block_size(&ctx)+1); int len=0; ret = EVP_DecryptUpdate(&ctx, out, outl, in, inl ); // inl=16 here, if I set inl>16, I can get right result, why ???????????????????? if(!ret) abort(); len += *outl; // *outl = 0 here, why????????????????????????????????? ret = EVP_DecryptFinal_ex(&ctx, out, outl); if(!ret) abort(); // !!! abort here, why ?????????????????????????????????????? len += *outl; ret = EVP_CIPHER_CTX_cleanup(&ctx); if(!ret) abort(); *outl = len; return out; } The main : int i; unsigned char key[]={ 0x06,0xa9,0x21,0x40, 0x36,0xb8,0xa1,0x5b, 0x51,0x2e,0x03,0xd5, 0x34,0x12,0x00,06 }; unsigned char iv[]={ 0x3d,0xaf,0xba,0x42, 0x9d,0x9e,0xb4,0x30, 0xb4,0x22,0xda,0x80, 0x2c,0x9f,0xac,0x41 }; char Plaintext[]="Single block msg"; unsigned char Ciphertext[]={ 0xe3,0x53,0x77,0x9c, 0x10,0x79,0xae,0xb8, 0x27,0x08,0x94,0x2d, 0xbe,0x77,0x18,0x1a }; unsigned char *out; int outl; out = EncryptTest((unsigned char*)Plaintext, sizeof(Plaintext), key,iv, &outl); printf("Ciphertext: "); for(i=0; i<outl; i++) printf("%.2x",out[i]); printf("\n"); unsigned char *out2; int outl2; out2 = DecryptTest(Ciphertext, sizeof(Ciphertext), key,iv, &outl2); free(out); free(out2); bian ___________________________________________________________ 天生购物狂,狂抢购物券,你还等什么! http://cn.mail.yahoo.com/promo/taobao20/index.php ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]