Replacing DES_ede3_cbc_encrypt with EVP API's for upgrading to openssl 3.0

Paramashivaiah, Sunil Sunil.Paramashivaiah at rbbn.com
Tue Aug 17 10:18:26 UTC 2021


Hi All,

               I am trying to upgrade over application to use openssl 3.0 from openssl 1.0.2.
               I am trying to replace DES_ede3_cbc_encrypt with EVP API's as below.
               DES_ede3_cbc_encrypt accepts 3 keys got from des_key_sched.
               But for same thing to work using EVP API we have option for only one key.
              EVP_EncryptInit_ex2(ctx, EVP_des_ede3_cbc(), (unsigned char *)key->v, (unsigned char *)iv->v, NULL)

              Please suggest if this is correct. Even for decrypt, will passing only one key to  EVP_EncryptInit_ex2 work

Old Code:
    if (des_key_sched((void *)key->v, ks1) != 0)
        return NULL;
    if (des_key_sched((void *)(key->v + 8), ks2) != 0)
        return NULL;
    if (des_key_sched((void *)(key->v + 16), ks3) != 0)
        return NULL;

    /* decryption data */
    DES_ede3_cbc_encrypt((const unsigned char *)data->v, (unsigned char *)res->v, data->l,
                 &ks1, &ks2, &ks3, (unsigned char (*)[8])iv->v, DES_ENCRYPT);

New Code:
   EVP_EncryptInit_ex2(ctx, EVP_des_ede3_cbc(), (unsigned char *)key->v, (unsigned char *)iv->v, NULL)

   EVP_EncryptUpdate(ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v,
         data->l)
   EVP_EncryptFinal_ex(ctx, (unsigned char *) res->v + outl, &tmpl)

Thanks and Regards,
Sunil

Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210817/45bed6f3/attachment-0001.html>


More information about the openssl-users mailing list