On Mon, 17 Sep 2001, Dr S N Henson wrote:
[EMAIL PROTECTED] wrote:
Hello,
I got a problem related to EVP primitives, and i can't find where the
problem is.
in the docs, it says :
..EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the
corresponding decryption operations. EVP_DecryptFinal() will return an
error code if padding is enabled and the final block is not correctly
formatted. ...
I don't understand the final block is not correctly formatted, what is
the format ?! or what are the wrong format which make this function to fail ?.
(excepted null)
The output of EVP_EncryptFinal() uses the correct format. Its
effectively saying that the only place it will notice something wrong
(due to the wrong key, corrupted data etc) is in the final block and
then not always.
Ok the thing is i'm armoring the crypted datas, to use for display
using base[64|128] encoding.
Here are the functions i told you about :
...
#define ALGO EVP_bf_cbc()
...
char *crypt(char *str, unsigned char *key)
{
unsigned char outbuf[1024];
unsigned char iv[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
int outlen, tmplen;
EVP_CIPHER_CTX ctx;
EVP_EncryptInit(ctx, ALGO, key, iv);
EVP_EncryptUpdate(ctx, outbuf, outlen, str, strlen(str));
EVP_EncryptFinal(ctx, outbuf + outlen, tmplen);
outlen += tmplen;
EVP_CIPHER_CTX_cleanup(ctx);
return base128_encode(outbuf, outlen);
}
int decrypt(char *dest, char *str, char *key)
{
unsigned char iv[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
int outlen, tmplen, b128_len;
char *b128;
EVP_CIPHER_CTX ctx;
b128 = base128_decode(str, b128_len);
EVP_DecryptInit(ctx, ALGO, key, iv);
if(!EVP_DecryptUpdate(ctx, dest, outlen, b128, b128_len))
{
perror(EVP error);
return 0;
}
if(!EVP_DecryptFinal(ctx, dest + outlen, tmplen))
{
perror(EVP_errors);
return 0;
}
EVP_CIPHER_CTX_cleanup(ctx);
return 1;
}
when i define ALGO as EVP_enc_null() it works fine, no encryption
just base128 encoded.
If i switch back to EVP_bf_cbc(), it just fails on the decryption routine
and return nothing..(null) string.
base128_[encode|decode] does the allocation return ptr to the encoded
string.
i might have done a stupid error, but obviously i can't see it :)
thanks for feedback.
I've just coded 2 functions,
char *crypt(char *str, char *key) (which works fine)
int decrypt(char *dest, char *str, char *key)
using EVP primitives, i've done the test by using EVP_enc_null()
as encryption/decryption algorithm, which mean that my text was only
base128 armored, and it was working fine, but as long as i put a real
algorithm like EVP_bf_cbc or EVP_bf_cfb (blowfish is the one i want)
it just fails, the length returned by both EVP_DecryptUpdate and Final
is 0, but the input is non null.
any ideas ?!
Impossible to do anything other than guess without seeing your code.
However a common mistake is to assume that functions like strlen() can
be used on the output of EVP_Encrypt*(). They can't because the result
is not null terminated ASCII data, its binary and can contain embedded
nulls.
I did this error and corrected already using what the EVP primitives
returns me for memcpy|strncpy.
the code is above.
Thanks.
Steve.
-rival.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
