On Mon, Mar 21, 2005, Rafael Cividanes wrote:
> I'm doing a little program to encrypt and decrypt a string using
> the EVP API. I couldn't understand if I have to use EVP_DecryptFinal_ex(
> ) or just EVP_DecryptUpdate( ) in the decryption operation. The second
> function return the entire recovered plaintext, then I can't understand
> why EVP_DecryptFinal_ex( ) exist. Just for checking error?
>
> Here is my code:
>
> int main(int argc, char *argv[])
> {
> EVP_CIPHER_CTX ctx;
> char key[EVP_MAX_KEY_LENGTH];
> char iv[EVP_MAX_IV_LENGTH];
> char intext[] = "The problem will be solved until12345"; //32
>
In that example you'll be able to receive all the data because
EVP_DecryptFinal_ex() wont have a partial final block to recover. The reason
is that the plaintext is a multiple of the block length (16 for AES).
If you try it with plaintext that isn't an exact multiple of the block size
you'll see the difference.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
