<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
font-variant:normal !important;
color:windowtext;
text-transform:none;
font-weight:normal;
font-style:normal;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords<o:p></o:p></p>
<p class="MsoNormal">with cipher des_ede3_cbc as follows:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">encrypt routines:<o:p></o:p></p>
<p class="MsoNormal">EVP_CIPHER_CTX_init<o:p></o:p></p>
<p class="MsoNormal">EVP_EncryptInit_ex<o:p></o:p></p>
<p class="MsoNormal">EVP_EncryptUpdate<o:p></o:p></p>
<p class="MsoNormal">EVP_EncryptFinal_ex<o:p></o:p></p>
<p class="MsoNormal">EVP_CIPHER_CTX_cleanup<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">decrypt routines:<o:p></o:p></p>
<p class="MsoNormal">EVP_CIPHER_CTX_init<o:p></o:p></p>
<p class="MsoNormal">EVP_DecryptInit_ex<o:p></o:p></p>
<p class="MsoNormal">EVP_DecryptUpdate<o:p></o:p></p>
<p class="MsoNormal">EVP_DecryptFinal_ex<o:p></o:p></p>
<p class="MsoNormal">EVP_CIPHER_CTX_cleanup<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">similar to examples found here:<o:p></o:p></p>
<p class="MsoNormal">http://www.openssl.org/docs/crypto/EVP_CIPHER_CTX_init.html#EXAMPLES<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Passwords are encrypted and stored when created, and decrypted<o:p></o:p></p>
<p class="MsoNormal">at a later time to compare against the password<o:p></o:p></p>
<p class="MsoNormal">given upon login. None of the examples show determining the length<o:p></o:p></p>
<p class="MsoNormal">of the encrypted information via an EVP call in order to pass<o:p></o:p></p>
<p class="MsoNormal">that information to the decryption routines. Should I assume it<o:p></o:p></p>
<p class="MsoNormal">is incumbent upon the coder to store the encrypted length when<o:p></o:p></p>
<p class="MsoNormal">storing the encrypted password, for retrieval later? Or is the encrypted<o:p></o:p></p>
<p class="MsoNormal">length put into the encrypted information so an EVP call is available to<o:p></o:p></p>
<p class="MsoNormal">retrieve it? I believe from all the information I see that it is the former.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Please confirm this for me.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Also, is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers)<o:p></o:p></p>
<p class="MsoNormal">and the corresponding EVP_cleanup call necessary for each encrypt and<o:p></o:p></p>
<p class="MsoNormal">decrypt? My encryption and decryption seem to be working without calling<o:p></o:p></p>
<p class="MsoNormal">those routines but after seeing them used (for examples in test/evp_test.c), I don't understand why.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any insight that can be shared would be most appreciated.<o:p></o:p></p>
<p class="MsoNormal">Thank you.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">Phil Bellino<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#7F7F7F">Principal Software Engineer</span></b><b><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">
</span></b><b><span style="font-size:10.0pt;color:#5A4099">| </span></b><b><span style="font-size:10.0pt;color:#7F7F7F">MRV Communications Inc.<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">300 Apollo Drive
</span><b><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#8064A2">|
</span></b><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">Chelmsford, MA 01824
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">Phone: 978-674-6870</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:teal">
</span><b><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#8064A2">|
</span></b><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">Fax: 978-674-6799<o:p></o:p></span></p>
<p class="MsoNormal"><a href="www.mrv.com"><span style="font-size:9.0pt;color:#7F7F7F">www.mrv.com</span></a><span style="font-size:9.0pt;color:#7F7F7F"><br>
<br>
</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt"><img border="0" width="188" height="25" id="Picture_x0020_3" src="cid:image001.png@01D067B3.27EB18B0" alt="MRV-email"></span><span style="font-size:10.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<a href="http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform"><img src="http://www.mrv.com/images/Awards_Banner.jpg" alt="E-Banner"></a><br>
<br>
<div style="background-color:#FFFFFF; padding:.8em; ">
<p style="font-size:8pt;color:#b8b9c8; line-height:8pt; font-family:
'arial','times roman',serif;">
The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the
sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.</p>
</div>
</body>
</html>