RE: EVP_EncryptUpdate problem

Wed, 12 Dec 2007 00:36:19 -0800 

Thks.

But, I also meet a problem when decrypt data(the encrypted data is a 16 bytes 
long ).  The code is below:

    int ret;
    EVP_CIPHER_CTX ctx;
    EVP_CIPHER_CTX_init(&ctx);
    
    ret = EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), 0, key, iv); // ret=1
    cout<<"EVP_CIPHER_CTX_block_size: "<<EVP_CIPHER_CTX_block_size(&ctx)<<endl; 
 // 16
    cout<<"EVP_CIPHER_CTX_key_length: "<<EVP_CIPHER_CTX_key_length(&ctx)<<endl; 
// 16
    cout<<"EVP_CIPHER_CTX_iv_length: "<<EVP_CIPHER_CTX_iv_length(&ctx)<<endl; 
//16

    int outl;
    int len=0;
    ret = EVP_DecryptUpdate(&ctx, buffer, &outl, (unsigned char *)in, 16);  //  
ret = 1, outl=0   why?
    len += outl;
    ret = EVP_DecryptFinal_ex(&ctx, buffer+len, &outl);  // ret = 0   why?  
here len=0
    len += outl;
    ret = EVP_CIPHER_CTX_cleanup(&ctx);


But, when I call EVP_DecryptUpdate with param inl = 17
ret = EVP_DecryptUpdate(&ctx, buffer, &outl, (unsigned char *)in, 17);   // ret 
= 1, outl = 16

I get correct decrypted data.  What's wrong with me?

Bian


> Hi
>
>     This is my piece of program:
>
>     EVP_CIPHER_CTX_init(&ctx);
>     ret = EVP_CIPHER_CTX_set_padding(&ctx, 0); //0 for no
> padding, 1 for padding  // ret ==1 here
>     unsigned char *key = GetKeyPtr();
>     ret = EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), NULL, NULL);
> // ret ==1 here
>     ret = EVP_CIPHER_CTX_set_key_length(&ctx, 16);  // ret ==1 here
>     ret = EVP_EncryptInit(&ctx, NULL, key, NULL);  // ret ==1 here
> ///...
>     unsigned char buffer[128];
>     int outl;
>     int len=0;
>
>     ret = EVP_EncryptUpdate(&ctx, buffer, &outl, (unsigned char
> *)in, 16);  // ret ==1 here
>     len += outl;  // == 16
Why is this line here? The output buffer doesn't contain the final output
yet, so there's no reason to add the length to the final length.
>     ret = EVP_EncryptFinal(&ctx, buffer+len, &outl);  // ret ==1 here
>     len += outl;   // == 32
> ///...
>
> Should len equals 16 at last ? But , why the result is 32?   Can
> anyone tell me the reason?
You added the same data twice. If you want to find *new* data that has been
output, you have to look at the *change* in 'outl'. It is both an input and
an output parameter.
If you always want 'len' to contain the amount of ouput data, you need a
'len -= outl' before you call EVP_EncryptFinal. Whether it makes sense to do
that or just eliminate the 'len += outl' above depends on what you're doing
with the intermediate results. Since your example does nothing with the
intermediate results, it makes no sense to add thier size to 'len'.
DS


      ___________________________________________________________ 
天生购物狂,狂抢购物券,你还等什么! 
http://cn.mail.yahoo.com/promo/taobao20/index.php
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to