I apologize if that has been asked/answered before. After lots of googling I could find no satisfactory answer.
I have a question about the way AES-CBC EVP has been implemented. Specifically how EVP handles the IV. I have an application using the AES EVP functions in CBC mode. Most examples you see something like this: /*one time full init*/ EVP_EncryptInit_ex(enc_ptr,EVP_aes_128_cbc(),NULL,key,ivec) /*elsewhere in the actual encryption routine, quick init to function again */ EVP_EncryptInit_ex(enc_ptr,NULL,NULL,NULL,NULL) EVP_EncryptUpdate(enc_ptr,...) EVP_EncryptFinal(enc_ptr,...) My application is utilizing these functions for encrypting streaming data in real time. So I am using the same key for hours, to encrypt / decrypt hundreds of different messages as they come across the network. I have noticed in debugging that the same message will produce the exact same ciphertext. >From what I'm seeing, calls to Encrypt_init_ex "reset" the IV, to the original "non-null" call. Is this the intended behavior? Further, is there a simple way to carry the IV forward with me as I go? I realize I could abandon the EVP methods and use the lower level AES ones. But the padding that the EVP functions do is very useful. I also realize I could save the last 16 ciphertext bytes and input that as the "next" IV. I was just hoping I am not the first one encounter this problem. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
