From ssl-lists-owner@mincom.com Tue Oct 15 18:16:14 1996 Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11550 (5.65c/IDA-1.4.4 for eay); Tue, 15 Oct 1996 08:17:41 +1000 Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id IAA12472 for ssl-users-outgoing; Tue, 15 Oct 1996 08:16:35 +1000 (EST) Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id IAA12463 for ; Tue, 15 Oct 1996 08:16:32 +1000 (EST) Received: by orb.mincom.oz.au id AA11544 (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Tue, 15 Oct 1996 08:16:15 +1000 Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST) From: Eric Young X-Sender: eay@orb To: Roland Haring Cc: ssl-users@mincom.com Subject: Re: Symmetric encryption with ssleay In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: ssl-lists-owner@mincom.com Precedence: bulk Status: RO X-Status: On Fri, 11 Oct 1996, Roland Haring wrote: > THE_POINT: > Would somebody be so kind to give me the minimum basic > calls I need to do to libcrypto.a to get some text encrypted > and decrypted again? ...hopefully with code included to do > base64 encryption and decryption ... e.g. that sign-it.c code > posted some while ago was a big help :-) (please, do not point > me to apps/enc.c where I suspect my Heissenbug to be hidden :-) Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes when the data is less than a line long (this is for decoding). I'll dig up the exact fix today and post it. I am taking longer on 0.6.5 than I intended so I'll just post this patch. The documentation to read is in doc/cipher.doc, doc/encode.doc (very sparse :-). and perhaps doc/digest.doc, The basic calls to encrypt with say triple DES are Given char key[EVP_MAX_KEY_LENGTH]; char iv[EVP_MAX_IV_LENGTH]; EVP_CIPHER_CTX ctx; unsigned char out[512+8]; int outl; /* optional generation of key/iv data from text password using md5 * via an upward compatable verson of PKCS#5. */ EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd), key,iv); /* Initalise the EVP_CIPHER_CTX */ EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv); while (....) { /* This is processing 512 bytes at a time, the bytes are being * copied into 'out', outl bytes are output. 'out' should not be the * same as 'in' for reasons mentioned in the documentation. */ EVP_EncryptUpdate(ctx,out,&outl,in,512); } /* Output the last 'block'. If the cipher is a block cipher, the last * block is encoded in such a way so that a wrong decryption will normally be * detected - again, one of the PKCS standards. */ EVP_EncryptFinal(ctx,out,&outl); To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal() will return 0 if the decryption fails (only detectable on block ciphers). You can also use EVP_CipherInit() EVP_CipherUpdate() EVP_CipherFinal() which does either encryption or decryption depending on an extra parameter to EVP_CipherInit(). To do the base64 encoding, EVP_EncodeInit() EVP_EncodeUpdate() EVP_EncodeFinal() EVP_DecodeInit() EVP_DecodeUpdate() EVP_DecodeFinal() where the encoding is quite simple, but the decoding can be a bit more fun (due to dud input). EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the 'last line' was just processed, and 1 if more lines should be submitted. EVP_DecodeFinal() returns -1 for an error or 1 if things are ok. So the loop becomes EVP_DecodeInit(....) for (;;) { i=EVP_DecodeUpdate(....); if (i < 0) goto err; /* process the data */ if (i == 0) break; } EVP_DecodeFinal(....); /* process the data */ The problem in 'enc.c' is that I was stuff the processing up after the EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of base64 data) and this was because 'enc.c' tries to scan over a file until it hits the first valid base64 encoded line. hope this helps a bit. eric -- Eric Young | BOOL is tri-state according to Bill Gates. AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage().