> char mykey[EVP_MAX_KEY_LENGTH] = "blowfish_key";
> char iv[EVP_MAX_IV_LENGTH] = "blowfish";
These look problematic. Is it the case that EVP_MAX_KEY_LENGTH ==
sizeof('blowfish_key')? Is it the case that EVP_MAX_IV_LENGTH ==
sizeof('blowfish')?
> EVP_EncryptInit(&ctx, EVP_bf_cfb(), (unsigned char *)mykey, (unsigned
> char *)iv);
> ...
It looks like you have ignored every return value (see
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html). IMHO, a very
bad habit when writing security related software.
> //gcc test_AES.c -L/usr/local/ssl/lib/ -lssl -lcrypto -Wall
-Wall -Wextra. Let the compiler do as much static analysis as
possible. If clang is available, use it also.
Jeff
On Fri, Apr 29, 2011 at 8:41 AM, derleader mail <[email protected]> wrote:
> Hi,
> I'm working on implementation of OpenSSL and Blowfish. Can you help me to
> improve the code, Is there a problem in the code?
>
>
> C code:
>
>
> //cl test_AES.c /IC:\openssl\include /linkC:\openssl\lib\libeay32.lib
> //gcc test_AES.c -L/usr/local/ssl/lib/ -lssl -lcrypto -Wall
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <strings.h>
> #include <openssl/blowfish.h>
> #include <openssl/evp.h>
>
> int main(void) {
>
> char plaintext[1024] = "Hello World? - this is a test of Blowfish! of
> which I'm curious to see if it really is working.\n";
> char ciphertext[1024]= {0,};
> char mykey[EVP_MAX_KEY_LENGTH] = "blowfish_key";
> char iv[EVP_MAX_IV_LENGTH] = "blowfish";
> int tmp_len = 0, in_len, out_len=0;
> EVP_CIPHER_CTX ctx;
>
> //memset(mykey,0,sizeof(mykey));
> //memset(iv,0,sizeof(iv));
>
> in_len = strlen(plaintext);
>
> printf("No encrypt: %s\n", plaintext);
>
> //Encrypt
> EVP_EncryptInit(&ctx, EVP_bf_cfb(), (unsigned char *)mykey, (unsigned
> char *)iv);
> EVP_EncryptUpdate(&ctx, (unsigned char *)ciphertext, &out_len, (unsigned
> char *)plaintext, in_len); //Block through the mem to be encrypted
> tmp_len += out_len;
> EVP_EncryptFinal(&ctx, (unsigned char *) &ciphertext[out_len],
> &out_len); //Finish any remaining encryption and throw a pad on
> tmp_len += out_len;
> printf("Encrypted: %s\n", ciphertext);
>
> //Reset memory for Decryption
> memset(plaintext,0,sizeof(plaintext));
> in_len = tmp_len;
> out_len = tmp_len = 0;
>
> //decrypt
> EVP_DecryptInit(&ctx, EVP_bf_cfb(), (unsigned char *)mykey, (unsigned
> char *)iv);
> EVP_DecryptUpdate(&ctx, (unsigned char *)plaintext, &out_len, (unsigned
> char *)ciphertext, in_len);
> tmp_len += out_len;
> EVP_DecryptFinal(&ctx, (unsigned char *)&plaintext[out_len], &out_len);
> tmp_len += out_len;
>
> //Zero out the pad
> memset(&plaintext[tmp_len],0,(int)(sizeof(plaintext)) - tmp_len);
>
> printf("Decrypted: %s\n", plaintext);
>
> printf("Block Size: %d\n",EVP_CIPHER_CTX_block_size(&ctx));
>
> return 0;
> }
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
