Hello, I want to use AES encryption in my C application, but I am missing
documentation. I only have openssl/aes.h but there isn't any manpage. Can someone points me to any how-to or source code? Thanks for you help. -- Julien ALLANOS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Julien ALLANOS wrote:
> Hello, I want to use AES encryption in my C application, but I am missing > documentation. I only have openssl/aes.h but there isn't any manpage. Can > someone points me to any how-to or source code? Thanks for you help. consider using the EVP_Cipher* etc. functions (see EVP_CipherInit_ex manpage) Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Quoting Nils Larsch <[hidden email]>:
> Julien ALLANOS wrote: >> Hello, I want to use AES encryption in my C application, but I am missing >> documentation. I only have openssl/aes.h but there isn't any manpage. Can >> someone points me to any how-to or source code? Thanks for you help. > > consider using the EVP_Cipher* etc. functions (see EVP_CipherInit_ex > manpage) > > Nils Thanks Nils. This manpage shows a great example of an encryption/decryption function using this high-level API. However, I have a last question: is there any limit on the input buffer size for EVP_CipherUpdate()? I see in the example that you're using 1024 bytes buffers inside a for loop. In my application, most of the buffers I'm encrypting using AES-192 are <1024 bytes, but there might be cases where a buffer has a greater size (not so much though). I'm wondering if calling EVP_CipherUpdate() only once would be generic enough to handle these situations, or if I should use a for loop as you did. Thanks for any help. -- Julien ALLANOS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Quoting Julien ALLANOS <[hidden email]>:
> Quoting Nils Larsch <[hidden email]>: > >> Julien ALLANOS wrote: >>> Hello, I want to use AES encryption in my C application, but I am missing >>> documentation. I only have openssl/aes.h but there isn't any manpage. Can >>> someone points me to any how-to or source code? Thanks for you help. >> >> consider using the EVP_Cipher* etc. functions (see EVP_CipherInit_ex >> manpage) >> >> Nils > > Thanks Nils. This manpage shows a great example of an encryption/decryption > function using this high-level API. However, I have a last question: is there > any limit on the input buffer size for EVP_CipherUpdate()? I see in > the example > that you're using 1024 bytes buffers inside a for loop. In my > application, most > of the buffers I'm encrypting using AES-192 are <1024 bytes, but > there might be > cases where a buffer has a greater size (not so much though). I'm > wondering if > calling EVP_CipherUpdate() only once would be generic enough to handle these > situations, or if I should use a for loop as you did. Thanks for any help. Actually, I have tested the following: EVP_CIPHER_CTX_init(&ctx); EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, key->data, NULL, 1); if (!EVP_CipherUpdate(&ctx, ciphertext->data, (int *) &ciphertext->length, plaintext->data, (int) plaintext->length)) { EVP_CIPHER_CTX_cleanup(&ctx); return NULL; } if (!EVP_CipherFinal_ex(&ctx, ciphertext->data, (int *) &ciphertext->length)) { EVP_CIPHER_CTX_cleanup(&ctx); return NULL; } EVP_CIPHER_CTX_cleanup(&ctx); Here, key, plaintext and ciphertext are structs with an unsigned char * 'data' field and a size_t 'length' field. plaintext->length is 59 (in bytes), so I have allocated 59 + 16 bytes for ciphertext->data before the snippet of code above. But after encryption, ciphertext->length is only 16 bytes long! Do I have to call EVP_CipherUpdate multiple times (and manage an offset for both plaintext and ciphertext) to encrypt the entire incoming data? If so, what's the purpose of the inl parameter if only a block length (16 bytes for AES) is read per call? Thanks for any enlightenment. -- Julien ALLANOS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Julien ALLANOS wrote:
... > Actually, I have tested the following: > > EVP_CIPHER_CTX_init(&ctx); > EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, key->data, NULL, 1); > > if (!EVP_CipherUpdate(&ctx, ciphertext->data, (int *) > &ciphertext->length, > plaintext->data, (int) plaintext->length)) > { > EVP_CIPHER_CTX_cleanup(&ctx); > return NULL; > } > > if (!EVP_CipherFinal_ex(&ctx, ciphertext->data, > (int *) &ciphertext->length)) here you overwrite the previously set length and data. Have a look at the do_crypt example in the EVP_EncryptInit manpage. Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Quoting Nils Larsch <[hidden email]>:
> Julien ALLANOS wrote: > ... >> Actually, I have tested the following: >> >> EVP_CIPHER_CTX_init(&ctx); >> EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, key->data, NULL, 1); >> >> if (!EVP_CipherUpdate(&ctx, ciphertext->data, (int *) >> &ciphertext->length, >> plaintext->data, (int) plaintext->length)) >> { >> EVP_CIPHER_CTX_cleanup(&ctx); >> return NULL; >> } >> >> if (!EVP_CipherFinal_ex(&ctx, ciphertext->data, >> (int *) &ciphertext->length)) > > here you overwrite the previously set length and data. Have a look > at the do_crypt example in the EVP_EncryptInit manpage. > > Nils Fine, it is working well now. Thanks for your help. Can I just assume that: 1/ AES_BLOCK_LENGTH = 16 ? 2/ output buffer size = input buffer size + AES_BLOCK_LENGTH for EVP_CipherUpdate()? 3/ output buffer size = AES_BLOCK_LENGTH for EVP_CipherFinal_ex()? -- Julien ALLANOS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |