On Thu, Feb 18, 2010, barcaroller wrote: > > I have inherited some legacy OpenSSL code where the author uses the > following functions for decryption: > > EVP_CIPHER_CTX_init() > EVP_CipherInit() > EVP_Cipher() > EVP_CIPHER_CTX_cleanup() > > > The code works fine but the second function (EVP_CipherInit) is obsolete and > the third function (EVP_Cipher) is not documented in the OpenSSL man pages. > I tried to replace them with the following up-to-date functions (with the > additional parameters, of course): > > > EVP_CIPHER_CTX_init() > EVP_CipherInit_ex() // <--- > EVP_CipherUpdate() // <--- > EVP_CipherFinal_ex() // <--- > EVP_CIPHER_CTX_cleanup() > > > The code compiles cleanly but does not work anymore (data is not getting > decrypted properly). Does anyone know what needs to be done to get rid of > EVP_CipherInit() and EVP_Cipher()? > >
EVP_Cipher() calls the low level cipher directly bypassing the padding code. The actual behaviour can be subject to any quirks of the underlying cipher its use isn't recommended by applications unless they're sure they know what they are doing... It is used internally in OpenSSL in a few places because it is more efficient and OpenSSL hopefully *does* know what it is doing ;-) If what you have works OK then the encryption code hopefully handles things in multiples of the block size already and doesn't want or need any padding. I'd suggest adding a call to disable padding after the call to EVP_CipherInit_ex(): EVP_CIPHER_CTX_set_padding(ctx, 0); Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
