[openssl-users] How to do AES-256-CBC encryption with EVP_CIPHER_CTX now opaque?

Dave Poirier ekscrypto at gmail.com
Fri Nov 25 14:42:30 UTC 2016


I am relatively new to using OpenSSL libraries in C so please accept my apologies if this may sound simple for most of you.

I have an algorithm that I implemented in 1.0.1c to perform AES-256-CBC encryption, which no longer compiles due to EVP_CIPHER_CTX now being opaque in 1.1.0+.  Here is the algorithm in question (Objective-C mixed in..):

+(NSData *)encryptReport:(NSData *)report usingKey:(NSData *)key withIV:(NSData *)iv
    const unsigned BUFSIZE=4096;
    unsigned char *read_buf = malloc(BUFSIZE);
    unsigned char *cipher_buf;
    unsigned blocksize;
    int out_len;
    int reportIndex = 0;

    EVP_CipherInit(&ctx, EVP_aes_256_cbc(), key.bytes, iv.bytes, 1);
    blocksize = EVP_CIPHER_CTX_block_size(&ctx);
    cipher_buf = malloc(BUFSIZE + blocksize);
    memset(cipher_buf,0,BUFSIZE + blocksize);

    NSMutableData *encryptedData = [NSMutableData dataWithCapacity:report.length + blocksize];
    while (1) {

        // Read in data in blocks until EOF. Update the ciphering with each read.
        int numRead = MIN(BUFSIZE,(int)report.length-reportIndex);
        memcpy(read_buf, &report.bytes[reportIndex], numRead);

        EVP_CipherUpdate(&ctx, cipher_buf, &out_len, read_buf, numRead);
        [encryptedData appendBytes:cipher_buf length:out_len];
        if (numRead < BUFSIZE) { // EOF
        reportIndex += numRead;

    // Now cipher the final block and write it out.

    EVP_CipherFinal(&ctx, cipher_buf, &out_len);
    [encryptedData appendBytes:cipher_buf length:out_len];

    // Free memory
    return [NSData dataWithData:encryptedData];

The error I get is “Variable has incomplete type ‘EVP_CIPHER_CTX’ (aka ‘struct evp_cipher_ctx_st’)”.  Looking at the diff between the releases, I can see the structure definition has been removed.  

Question 1: Are there other functions I should have been using to implement AES-256-CBC than the EVP methods above?

Question 2: If EVP is the way to go for implementing AES-256-CBC, which functions should I be looking at to not require EVP_CIPHER_CTX variable declaration?


Dave Poirier
skype: ekscrypto
twitter: @ekscrypto
facebook: /ekscrypto
email: ekscrypto at gmail.com

All I need is a towel, everything else can be answered by 42.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161125/af334408/attachment-0001.html>

More information about the openssl-users mailing list