Thanks for your help. I appreciate the prompt response. On Wed, Apr 1, 2009 at 3:27 PM, Dr. Stephen Henson <st...@openssl.org>wrote:
> On Wed, Apr 01, 2009, m r wrote: > > > I'm looking to migrate AES encryption code from BSAFE to openSSL. As a > test, > > I encrypted a string using BSAFE AES & tried to decrypt using AES of > > openSSL. The openSSL manages to decrypt, but it adds some junk (mostly > > unprintable characters) in the end. For example, if my input is 1234, the > > decrypted output in hex form is [313233340c0c0c0c0c0c0c0c0c0c0c0c], > > (31323334 is 1234 in hex form). > > For 12345 -> [31323334350b0b0b0b0b0b0b0b0b0b0b] > > For 123456 -> [3132333435360a0a0a0a0a0a0a0a0a0a] > > > > Basically, the junk after the decrypted text is 16 - (string length of > > decrypted text) > > > > For example, 1234's length is 4, 16 - 4 = 12 = 0c in hex & so it gets > > filled with that. (313233340c0c0c0c0c0c0c0c0c0c0c0c) > > For example, 12345's length is 5, 16 - 5 = 11 = 0b in hex & so it gets > > filled with that.(31323334350b0b0b0b0b0b0b0b0b0b0b) > > > > So what needs to be done to prevent openSSL API [I'm > > using AES_cbc_encrypt()] to prevent it from writing this strange junk at > the > > end? > > > > Block ciphers can only encrypt a multiple of the block length which for AES > is > 16 bytes. Padding is added to ubambiguously represent the true length. > > The standard OpenSSL EVP routines (see manual pages) automatically remove > this > padding (which BSAFE is adding, not OpenSSL) whereas the low level AES > routines decrypt the raw data including padding. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >