Hi Phil, First, let me emphasized that Richard was rigth in a previous post : it is not good pratice to compare login info to decrypted password. It is better NOT to keep user password when possible, and compare login to salted hash password instead.
As you already know : the encrypted length is length of clear text + size of 1 cipher block if padding is enabled. As a result, the length of the clear text is allways shorter (or equal) than the length of the cipher text. :-) And the EVP_DecryptFinal() function will NOT count the number of padding bytes it has removed in the value returned in the 'outl' parameter. https://www.openssl.org/docs/crypto/EVP_EncryptInit.html So, to retrieve the total clear text length, you can safely do like the example at : https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption (in this example, it is obviously named 'plaintext_len') I hope I did not misunderstand you, And hope this helps, Regards, Michel De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Philip Bellino Envoyé : vendredi 27 mars 2015 13:48 À : openssl-users@openssl.org Objet : Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions Michel, Thank you very much for your email. The example given in your email works out fine if the encryption and decryption are performed in the same routine. The problem we are having is that we perform the encryption and then at some in the future we need to do the decryption. At that point, we do not have the clear text password available nor do we know the length that was the result of the previous encryption so we don't have the correct encrypted length value to pass to the decryption routine. Some passwords have encrypted results that have nulls embedded in them, so strlen() cannot be used on the encrypted result to get its length. Have you come across a situation such as this or is there something else you can suggest to me? Thanks, Phil _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
