I suggest you carefully read the following function description paying close attention to length.
DES_ncbc_encrypt() encrypts/decrypts using the cipher-block-chaining (CBC) mode of DES. If the encrypt argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the input argument into the ciphertext pointed to by the output argument, using the key schedule provided by the schedule argument, and initialization vector provided by the ivec argument. If the length argument is not an integral multiple of eight bytes, the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. Bill -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nikos Balkanas Sent: March 8, 2009 1:20 PM To: openssl-users@openssl.org Subject: des_ncbc_encrypt question Hi, I am using des_ncbc_encrypt to encrypt/decrypt packages in a server/client architecture (CBC mode). When I test encryption/decryption from within the server I get everything decrypted OK, except the last 4 bytes. However, this is enough for the client to reject the packet. I am using the following code: uchar * output; des_key_schedule des_ks; des_cblock des_key, des_iv; memcpy(des_iv, iv, sizeof(des_iv)); memcpy(des_key, server_write_enc_key, sizeof(des_key)); des_set_odd_parity(&des_key); if (des_set_key_checked(&des_key, des_ks)) { error(0, "wtls_des: Unable to set key schedule"); return(NULL); } output = (uchar *)gw_malloc((len + 1)* sizeof(uchar)); des_ncbc_encrypt(data, output, len, des_ks, &des_iv, crypt); where crypt takes the values DES_ENCRYPT or DES_DECRYPT. <gdb> (gdb) p data + 1640 $11 = ( unsigned char *) 0x75f700 "*ξΥΰl:=8υ\n\236\236π\006\006\006\006\006\006\006" (gdb) p output + 1640 $15 = (uchar *) 0x75e6f0 "YyΚ6ΰ�'\216―LΊkφ\033\232’)«Ε\233" Decrypting output through another call to the same function (everything gets reinitialized) I get: (gdb) p data + 1640 $22 = (unsigned char *) 0x760710 "YyΚ6ΰ�'\216―LΊkφ\033\232’)«Ε\233" (OK) (gdb) p output + 1640 $24 = (uchar *) 0x75c6d0 "*ξΥΰl:=8υ\n\236\236π\006\006\006(VχR" (??) Everything is fine except for the trailing "(VχR". Any ideas or pointers of what is wrong, would be greatly appreciated. Thanx, Nikos Balkanas ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org