[openssl-users] OpenSSL AES encryption using AES_* functions and EVP_* functions

Purushotham Nayak nayak_purushotham at yahoo.com
Wed Dec 31 17:21:43 UTC 2014


I have some data that was encrypted using the openssl (`AES_*`) functions. I want update this code to use the newer (EVP_*) functions which are FIPS compliant. But I should be able to decrypt data that was encrypted using the old code.
I've pasted below both the old and the new code. The encrypted/decrypted contents are different. i.e. I can't use them interchangeably. This means I can't upgrade the code without having to decrypt using the old code and then re-encrypt.
Are there any values for the parameters to EVP_BytesToKey so that aes_key derived is the same in both cases. Or is there any other way to accomplish the same using the (EVP_*) functions? I've tried several different values for `digest`, `rounds` and tried making IV NULL, but didn't really work i.e. it doesn't provide the same output as the old method. What algorithm is being used in AES_set_encrypt/decrypt_key function?
The code using the `AES_*` functions
    #include <stdio.h>    #include <openssl/aes.h>    #include <print_util.h>        static const unsigned char user_key[] = {       0x00, 0x01, 0x02, 0x03,       0x10, 0x11, 0x12, 0x13,       0x20, 0x21, 0x22, 0x23,       0x30, 0x31, 0x32, 0x33    };        int main()    {        unsigned char p_text[]="plain text";        unsigned char c_text[16];        unsigned char d_text[16];            AES_KEY aes_key;            AES_set_encrypt_key(user_key, 128, &aes_key);        AES_encrypt(p_text, c_text, &aes_key);            printf("plain text = %s\n", p_text);        printbuf((char*)c_text, 16, "cipher text = ");            AES_set_decrypt_key(user_key, 128, &aes_key);        AES_decrypt(c_text, d_text, &aes_key);        printf("plain text (decrypted) = %s \n", d_text);            return 0;    }
The code using the `EVP_*` functions. (Encryption code is below and the decryption code is similar).
    #include <strings.h>    #include <openssl/evp.h>    #include <print_util.h>        static const unsigned char user_key[16] = {       0x00, 0x01, 0x02, 0x03,       0x10, 0x11, 0x12, 0x13,       0x20, 0x21, 0x22, 0x23,       0x30, 0x31, 0x32, 0x33    };        int main()    {        EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));        EVP_CIPHER_CTX_init(ctx);            const EVP_CIPHER *cipher = EVP_aes_128_ecb(); // key size 128, mode ecb (not FIPS compliant?)        const EVP_MD *digest = EVP_md5();        int rounds = 10;        unsigned char aes_key[EVP_MAX_KEY_LENGTH];        unsigned char aes_iv[EVP_MAX_IV_LENGTH];            EVP_BytesToKey(cipher, digest, NULL, user_key, 16, rounds, aes_key, aes_iv);            EVP_EncryptInit(ctx, cipher, aes_key, aes_iv);            unsigned char p_text[]="plain text"; int p_len = sizeof(p_text);        unsigned char c_text[16]; int c_len = 16;        int t_len;            EVP_EncryptUpdate(ctx, c_text, &c_len, p_text, p_len);        EVP_EncryptFinal(ctx, (c_text + c_len), &t_len);            c_len += t_len;            printf("==> p_text: %s\n", p_text);        printbuf((char*)c_text, c_len, "==> c_text:");    }
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141231/0132282b/attachment.html>


More information about the openssl-users mailing list