[openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions

Philip Bellino pbellino at mrv.com
Fri Mar 27 12:48:02 UTC 2015


Michel,
Thank you very much for your email.
The example given in your email works out fine if the encryption and decryption are performed in the same routine.
The problem we are having is that we perform the encryption and then at some in the future we need to do the decryption.
At that point, we do not have the clear text password available nor do we know the length that was the result of the previous
encryption so we don't have the correct encrypted length value to pass to the decryption routine.
Some passwords have encrypted results that have nulls embedded in them, so strlen() cannot be used on the
encrypted result  to get its length.

Have you come across a situation such as this or is there something else you can suggest to me?

Thanks,
Phil


From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Michel
Sent: Thursday, March 26, 2015 6:02 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions

Hi Phil,

> "... or is the encrypted length put into the encrypted information so an EVP call is available to retrieve it?"
It is NOT the case.

May not be the answer you expected :
The encrypted length is length of clear text + size of 1 cipher block  if padding is enabled.
https://www.openssl.org/docs/crypto/EVP_EncryptInit.html

> "is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers) and the corresponding EVP_cleanup call necessary for each encrypt and  decrypt ?"
NO, and It should NOT, especially in multi-threaded applications  :
"A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting."
https://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html

Also : https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption

Hope this helps,

Regards,

Michel.

De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de Philip Bellino
Envoyé : jeudi 26 mars 2015 15:53
À : openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Objet : [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions

I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords
with cipher des_ede3_cbc as follows:

encrypt routines:
EVP_CIPHER_CTX_init
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_cleanup

decrypt routines:
EVP_CIPHER_CTX_init
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DecryptFinal_ex
EVP_CIPHER_CTX_cleanup

similar to examples found here:
http://www.openssl.org/docs/crypto/EVP_CIPHER_CTX_init.html#EXAMPLES

Passwords are encrypted and stored when created, and decrypted
at a later time to compare against the password
given upon login. None of the examples show determining the length
of the encrypted information via an EVP call in order to pass
that information to the decryption routines. Should I assume it
is incumbent upon the coder to store the encrypted length when
storing the encrypted password, for retrieval later? Or is the encrypted
length put into the encrypted information so an EVP call is available to
retrieve it? I believe from all the information I see that it is the former.

Please confirm this for me.

Also, is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers)
and the corresponding EVP_cleanup call necessary for each encrypt and
decrypt? My encryption and decryption seem to be working without calling
those routines but after seeing them used (for examples in test/evp_test.c), I don't understand why.

Any insight that can be shared would be most appreciated.
Thank you.

Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com

[MRV-email]


[Image supprimée par l'expéditeur. E-Banner]<http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform>


The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.

[E-Banner]<http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform>


The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150327/115fa3ca/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6563 bytes
Desc: image001.png
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150327/115fa3ca/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 823 bytes
Desc: image002.jpg
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150327/115fa3ca/attachment-0001.jpg>


More information about the openssl-users mailing list