<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
p.Textedebulles, li.Textedebulles, div.Textedebulles
{mso-style-name:"Texte de bulles";
mso-style-link:"Texte de bulles Car";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.TextedebullesCar
{mso-style-name:"Texte de bulles Car";
mso-style-priority:99;
mso-style-link:"Texte de bulles";
font-family:"Tahoma","sans-serif";}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
font-variant:normal !important;
color:windowtext;
text-transform:none;
font-weight:normal;
font-style:normal;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal" style="background:white"><span style="color:black">Michel,<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">Thank you very much for your email.<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">The example given in your email works out fine if the encryption and decryption are performed in the same routine.<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">The problem we are having is that we perform the encryption and then at some in the future we need to do the decryption.<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">At that point, we do not have the clear text password available nor do we know the length that was the result of the previous<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">encryption so we don't have the correct encrypted length value to pass to the decryption routine.<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">Some passwords have encrypted results that have nulls embedded in them, so strlen() cannot be used on the<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">encrypted result to get its length.<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">Have you come across a situation such as this or is there something else you can suggest to me?<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="color:black">Phil<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> openssl-users [mailto:openssl-users-bounces@openssl.org]
<b>On Behalf Of </b>Michel<br>
<b>Sent:</b> Thursday, March 26, 2015 6:02 PM<br>
<b>To:</b> openssl-users@openssl.org<br>
<b>Subject:</b> Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi Phil,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">> "… or is the encrypted length put into the encrypted information so an EVP call is available to retrieve it?"<o:p></o:p></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">It is NOT the case.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">May not be the answer you expected :<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">The encrypted length is length of clear text + size of 1 cipher block if padding is enabled.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><a href="https://www.openssl.org/docs/crypto/EVP_EncryptInit.html">https://www.openssl.org/docs/crypto/EVP_EncryptInit.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal">> "is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers) and the corresponding EVP_cleanup call necessary for each encrypt and decrypt ?"<o:p></o:p></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">NO, and It should NOT, especially in multi-threaded applications :<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">"A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting."<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><a href="https://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html">https://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">Also : <a href="https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption">
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">Hope this helps,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D">Michel.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">De :</span></b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> openssl-users [<a href="mailto:openssl-users-bounces@openssl.org">mailto:openssl-users-bounces@openssl.org</a>]
<b>De la part de</b> Philip Bellino<br>
<b>Envoyé :</b> jeudi 26 mars 2015 15:53<br>
<b>À :</b> <a href="mailto:openssl-users@openssl.org">openssl-users@openssl.org</a><br>
<b>Objet :</b> [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="FR"><o:p> </o:p></span></p>
<p class="MsoNormal">I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords<o:p></o:p></p>
<p class="MsoNormal">with cipher des_ede3_cbc as follows:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">encrypt routines:<o:p></o:p></p>
<p class="MsoNormal">EVP_CIPHER_CTX_init<o:p></o:p></p>
<p class="MsoNormal">EVP_EncryptInit_ex<o:p></o:p></p>
<p class="MsoNormal">EVP_EncryptUpdate<o:p></o:p></p>
<p class="MsoNormal">EVP_EncryptFinal_ex<o:p></o:p></p>
<p class="MsoNormal">EVP_CIPHER_CTX_cleanup<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">decrypt routines:<o:p></o:p></p>
<p class="MsoNormal">EVP_CIPHER_CTX_init<o:p></o:p></p>
<p class="MsoNormal">EVP_DecryptInit_ex<o:p></o:p></p>
<p class="MsoNormal">EVP_DecryptUpdate<o:p></o:p></p>
<p class="MsoNormal">EVP_DecryptFinal_ex<o:p></o:p></p>
<p class="MsoNormal">EVP_CIPHER_CTX_cleanup<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">similar to examples found here:<o:p></o:p></p>
<p class="MsoNormal"><a href="http://www.openssl.org/docs/crypto/EVP_CIPHER_CTX_init.html#EXAMPLES">http://www.openssl.org/docs/crypto/EVP_CIPHER_CTX_init.html#EXAMPLES</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Passwords are encrypted and stored when created, and decrypted<o:p></o:p></p>
<p class="MsoNormal">at a later time to compare against the password<o:p></o:p></p>
<p class="MsoNormal">given upon login. None of the examples show determining the length<o:p></o:p></p>
<p class="MsoNormal">of the encrypted information via an EVP call in order to pass<o:p></o:p></p>
<p class="MsoNormal">that information to the decryption routines. Should I assume it<o:p></o:p></p>
<p class="MsoNormal">is incumbent upon the coder to store the encrypted length when<o:p></o:p></p>
<p class="MsoNormal">storing the encrypted password, for retrieval later? Or is the encrypted<o:p></o:p></p>
<p class="MsoNormal">length put into the encrypted information so an EVP call is available to<o:p></o:p></p>
<p class="MsoNormal">retrieve it? I believe from all the information I see that it is the former.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Please confirm this for me.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Also, is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers)<o:p></o:p></p>
<p class="MsoNormal">and the corresponding EVP_cleanup call necessary for each encrypt and<o:p></o:p></p>
<p class="MsoNormal">decrypt? My encryption and decryption seem to be working without calling<o:p></o:p></p>
<p class="MsoNormal">those routines but after seeing them used (for examples in test/evp_test.c), I don't understand why.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any insight that can be shared would be most appreciated.<o:p></o:p></p>
<p class="MsoNormal">Thank you.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">Phil Bellino<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:#7F7F7F">Principal Software Engineer</span></b><b><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">
</span></b><b><span style="font-size:10.0pt;color:#5A4099">| </span></b><b><span style="font-size:10.0pt;color:#7F7F7F">MRV Communications Inc.<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">300 Apollo Drive
</span><b><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#8064A2">|
</span></b><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">Chelmsford, MA 01824
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">Phone: 978-674-6870</span><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:teal">
</span><b><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#8064A2">|
</span></b><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F">Fax: 978-674-6799<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><a href="www.mrv.com"><span style="font-size:9.0pt;color:#7F7F7F">www.mrv.com</span></a><span style="font-size:9.0pt;font-family:"Verdana","sans-serif";color:#7F7F7F"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt"><img border="0" width="188" height="25" id="Picture_x0020_3" src="cid:image001.png@01D06867.9D0EAFD0" alt="MRV-email"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><a href="http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform"><span style="border:solid windowtext 1.0pt;padding:0in;text-decoration:none"><img border="0" width="100" height="100" id="_x0000_i1026" src="cid:image002.jpg@01D06867.9D0EAFD0" alt="Image supprimée par l'expéditeur. E-Banner"></span></a><br>
<o:p></o:p></span></p>
<div>
<p style="line-height:8.0pt;background:white"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#B8B9C8">The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed
and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.<o:p></o:p></span></p>
</div>
</div>
<a href="http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform"><img src="http://www.mrv.com/images/Awards_Banner.jpg" alt="E-Banner"></a><br>
<br>
<div style="background-color:#FFFFFF; padding:.8em; ">
<p style="font-size:8pt;color:#b8b9c8; line-height:8pt; font-family:
'arial','times roman',serif;">
The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the
sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.</p>
</div>
</body>
</html>