Re: using AES encryption

Wed, 15 Jun 2005 07:02:56 -0700 

Quoting Julien ALLANOS <[EMAIL PROTECTED]>:


Quoting Nils Larsch <[EMAIL PROTECTED]>:


Julien ALLANOS wrote:

Hello, I want to use AES encryption in my C application, but I am missing
documentation. I only have openssl/aes.h but there isn't any manpage. Can
someone points me to any how-to or source code? Thanks for you help.


consider using the EVP_Cipher* etc. functions (see EVP_CipherInit_ex
manpage)

Nils


Thanks Nils. This manpage shows a great example of an encryption/decryption
function using this high-level API. However, I have a last question: is there
any limit on the input buffer size for EVP_CipherUpdate()? I see in the example that you're using 1024 bytes buffers inside a for loop. In my application, most of the buffers I'm encrypting using AES-192 are <1024 bytes, but there might be cases where a buffer has a greater size (not so much though). I'm wondering if 
calling EVP_CipherUpdate() only once would be generic enough to handle these
situations, or if I should use a for loop as you did. Thanks for any help.


Actually, I have tested the following:

   EVP_CIPHER_CTX_init(&ctx);
   EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, key->data, NULL, 1);

   if (!EVP_CipherUpdate(&ctx, ciphertext->data, (int *) &ciphertext->length,
       plaintext->data, (int) plaintext->length))
   {
       EVP_CIPHER_CTX_cleanup(&ctx);
       return NULL;
   }

   if (!EVP_CipherFinal_ex(&ctx, ciphertext->data,
                           (int *) &ciphertext->length))
   {
       EVP_CIPHER_CTX_cleanup(&ctx);
       return NULL;
   }

   EVP_CIPHER_CTX_cleanup(&ctx);

Here, key, plaintext and ciphertext are structs with an unsigned char * 'data'
field and a size_t 'length' field. plaintext->length is 59 (in bytes), so I
have allocated 59 + 16 bytes for ciphertext->data before the snippet of code
above. But after encryption, ciphertext->length is only 16 bytes long! Do I
have to call EVP_CipherUpdate multiple times (and manage an offset for both
plaintext and ciphertext) to encrypt the entire incoming data? If so, what's
the purpose of the inl parameter if only a block length (16 bytes for AES) is
read per call? Thanks for any enlightenment.
--
Julien ALLANOS
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to