[openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions

Michel michel.sales at free.fr
Thu Mar 26 22:02:11 UTC 2015 

Hi Phil,

 

> "
 or is the encrypted length put into the encrypted information so an EVP
call is available to retrieve it?"

It is NOT the case.

 

May not be the answer you expected :

The encrypted length is length of clear text + size of 1 cipher block  if
padding is enabled.

https://www.openssl.org/docs/crypto/EVP_EncryptInit.html

 

> "is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers) and
the corresponding EVP_cleanup call necessary for each encrypt and  decrypt
?"

NO, and It should NOT, especially in multi-threaded applications  :

"A typical application will call OpenSSL_add_all_algorithms() initially and
EVP_cleanup() before exiting."

https://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html

 

Also :
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

 

Hope this helps,

 

Regards,

 

Michel.

 

De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de
Philip Bellino
Envoyé : jeudi 26 mars 2015 15:53
À : openssl-users at openssl.org
Objet : [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and
OpenSSL_add_all_ciphers questions

 

I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords

with cipher des_ede3_cbc as follows:

 

encrypt routines:

EVP_CIPHER_CTX_init

EVP_EncryptInit_ex

EVP_EncryptUpdate

EVP_EncryptFinal_ex

EVP_CIPHER_CTX_cleanup

 

decrypt routines:

EVP_CIPHER_CTX_init

EVP_DecryptInit_ex

EVP_DecryptUpdate

EVP_DecryptFinal_ex

EVP_CIPHER_CTX_cleanup

 

similar to examples found here:

http://www.openssl.org/docs/crypto/EVP_CIPHER_CTX_init.html#EXAMPLES

 

Passwords are encrypted and stored when created, and decrypted

at a later time to compare against the password

given upon login. None of the examples show determining the length

of the encrypted information via an EVP call in order to pass

that information to the decryption routines. Should I assume it

is incumbent upon the coder to store the encrypted length when

storing the encrypted password, for retrieval later? Or is the encrypted

length put into the encrypted information so an EVP call is available to

retrieve it? I believe from all the information I see that it is the former.

 

Please confirm this for me.

 

Also, is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers)

and the corresponding EVP_cleanup call necessary for each encrypt and

decrypt? My encryption and decryption seem to be working without calling

those routines but after seeing them used (for examples in test/evp_test.c),
I don't understand why.

 

Any insight that can be shared would be most appreciated.

Thank you.

 

Phil Bellino

Principal Software Engineer | MRV Communications Inc.

300 Apollo Drive |  Chelmsford, MA 01824 

Phone: 978-674-6870  |   Fax: 978-674-6799

www.mrv.com

 

MRV-email

 

 

 <http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform> Image
supprimée par l'expéditeur. E-Banner
 

The contents of this message, together with any attachments, are intended
only for the use of the person(s) to whom they are addressed and may contain
confidential and/or privileged information. If you are not the intended
recipient, immediately advise the sender, delete this message and any
attachments and note that any distribution, or copying of this message, or
any attachment, is prohibited.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/680c82b8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/680c82b8/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6563 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/680c82b8/attachment-0001.png>

More information about the openssl-users mailing list