Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

EVP errors!

104 views
Skip to first unread message

MusicAndy

unread,
Aug 10, 2009, 8:09:46 AM8/10/09
to

OK, so after the last post I made; I was trying to use the DES library, and
was advised to use the higher level EVP library, I have now used this and
getting the same type of error! %-|

So where do I go from here. The command line that i wish to use for
decrypting the file that i am encrypting is
openssl des3 -d -nosalt -k "1" -in <source filename> -out <destination
filename>

The code that i am using to test these has two file streams, one for the
input and one for the output and is shown below. This is test code only.
What am i doing wrong here? Is it the key that is at fault. Please help...
I also wish to use salt in the final implementation on this. Please
advise...


if(infile == NULL)
AfxMessageBox("File load error");

fseek(infile, 0L, SEEK_END);
numbytes = ftell(infile);

fseek(infile, 0L, SEEK_SET);

buffer = (char*)calloc(numbytes, sizeof(char));

fread(buffer, sizeof(char), numbytes, infile);

unsigned char* input = new unsigned char[numbytes];
input = (unsigned char*)buffer;


if(buffer == NULL)
AfxMessageBox("Error with buffer");

unsigned char password[] = {'1'};
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);

unsigned char* desBuf = new unsigned char[numbytes];

EVP_EncryptInit_ex(&ctx, EVP_des_ede3_cbc(), NULL,password,NULL);

if(!EVP_EncryptUpdate(&ctx,desBuf,&outlen,input,numbytes))
{
AfxMessageBox("error 1");
}

if(!EVP_EncryptFinal_ex(&ctx, desBuf+ outlen, &tmplen))
{
AfxMessageBox("error 2");
/* Error */
}

EVP_CIPHER_CTX_cleanup(&ctx);

outlen += tmplen;

fwrite(desBuf, 1, outlen, outfile);
fclose(outfile);
fclose(infile);
--
View this message in context: http://www.nabble.com/EVP-errors%21-tp24898590p24898590.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Dr. Stephen Henson

unread,
Aug 10, 2009, 9:22:46 AM8/10/09
to

Well that's the problem right there. You have to pass a key and IV of the
correct length to EVP_EncryptInit_ex(). You are passing 1 byte and whatever
garbage follows it in memory.

You need to derive the correct key using EVP_BytestToKey() and pass the
derived key to EVP_EncryptInit_ex().

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

MusicAndy

unread,
Aug 10, 2009, 9:46:18 AM8/10/09
to

Since awaiting for a reply, I realised this was the case.

So the question is now, for different ciphers is the key length also
different? is it eight characters for des3?

Also, how will i eventually add salt to this (specified in the command line
as -salt but with no number present)

--
View this message in context: http://www.nabble.com/EVP-errors%21-tp24898590p24900014.html


Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________

Dr. Stephen Henson

unread,
Aug 10, 2009, 10:03:22 AM8/10/09
to
On Mon, Aug 10, 2009, MusicAndy wrote:

>
> Since awaiting for a reply, I realised this was the case.
>
> So the question is now, for different ciphers is the key length also
> different? is it eight characters for des3?
>

Is is 24 for des3. You can use EVP_MAX_KEY_LENGTH for the key and
EVP_MAX_IV_LENGTH for the iv. The EVP_BytesToKey() call uses the correct
lengths automatically.

> Also, how will i eventually add salt to this (specified in the command line
> as -salt but with no number present)
>

You have to mimic the format used by the enc utility, see the docs. You read
the salt from the stream on decrypt and use that. If you need to encrypt you
generate a random salt with RAND_bytes().

MusicAndy

unread,
Aug 10, 2009, 10:18:40 AM8/10/09
to

Thanks for your help so far, but still cannot get this working...

Here is my latest code.

I am trying to emulate something that should be simple, which can be
decrypted using


openssl des3 -d -nosalt -k "1" -in <source filename> -out <destination
> filename>

EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
const EVP_CIPHER* cipher=EVP_des_ede3_cbc();
const EVP_MD *dgst=EVP_sha1();

u_char pass[8];
// char salt[8];

unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char iv[EVP_MAX_IV_LENGTH];

// printf("key_len: %d\n", cipher->key_len);
// printf(" iv_len: %d\n", cipher->iv_len);

strcpy((char*)pass, "1");
// strcpy((char*)salt, "ATHENA.MIT.EDUraeburn");


EVP_BytesToKey(cipher,dgst,NULL,pass, 1, 3, key, iv);

unsigned char* desBuf = new unsigned char[numbytes];

EVP_EncryptInit_ex(&ctx, cipher, NULL,key,iv);

if(!EVP_EncryptUpdate(&ctx,desBuf,&outlen,input,numbytes))
{
AfxMessageBox("error 1");
}

if(!EVP_EncryptFinal_ex(&ctx, desBuf+ outlen, &tmplen))
{
AfxMessageBox("error 2");
/* Error */
}

EVP_CIPHER_CTX_cleanup(&ctx);

outlen += tmplen;

fwrite(desBuf, 1, outlen, outfile);
fclose(outfile);
fclose(infile);


Dr. Stephen Henson wrote:
>
> On Mon, Aug 10, 2009, MusicAndy wrote:
>
>>

> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
>
>

--
View this message in context: http://www.nabble.com/EVP-errors%21-tp24898590p24900649.html


Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________

Dr. Stephen Henson

unread,
Aug 10, 2009, 11:10:54 AM8/10/09
to
On Mon, Aug 10, 2009, MusicAndy wrote:

>
> Thanks for your help so far, but still cannot get this working...
>
> Here is my latest code.
>
> I am trying to emulate something that should be simple, which can be
> decrypted using
> openssl des3 -d -nosalt -k "1" -in <source filename> -out <destination
> > filename>
>
>
>
> EVP_CIPHER_CTX ctx;
> EVP_CIPHER_CTX_init(&ctx);
> const EVP_CIPHER* cipher=EVP_des_ede3_cbc();
> const EVP_MD *dgst=EVP_sha1();
>
> u_char pass[8];
> // char salt[8];
>
> unsigned char key[EVP_MAX_KEY_LENGTH];
> unsigned char iv[EVP_MAX_IV_LENGTH];
>
>
>
> // printf("key_len: %d\n", cipher->key_len);
> // printf(" iv_len: %d\n", cipher->iv_len);
>
> strcpy((char*)pass, "1");
> // strcpy((char*)salt, "ATHENA.MIT.EDUraeburn");
>
>
> EVP_BytesToKey(cipher,dgst,NULL,pass, 1, 3, key, iv);
>
> unsigned char* desBuf = new unsigned char[numbytes];
>
> EVP_EncryptInit_ex(&ctx, cipher, NULL,key,iv);
>

The count parameter must be 1, not 3 for compatibility with the enc program.

Also make sure the file is opened in binary mode ("rb").

You can use the -P option to "enc" and print out the key, IV in your programe
to ensure they are identical.

MusicAndy

unread,
Aug 10, 2009, 11:29:22 AM8/10/09
to

Thanks again Steve,

However the EVP_MAX_KEY_LENGTH appears to be a length of 32, not 24 that
DES3 requires. Therefore when i call EVP_EncryptInit_ex I am only going to
send 24 characters of this key, and see what happens then.

It should only be sending 24 characters shouldnt it?

--
View this message in context: http://www.nabble.com/EVP-errors%21-tp24898590p24901868.html


Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________

MusicAndy

unread,
Aug 10, 2009, 12:42:47 PM8/10/09
to

The Key looks completely different in command line to my program. Why would
this be the case when i am calling the bytes to key function???? I am using
a password of "1" therefore in the C++ do I need to do the same.. do I need
to pad out the password in the C++?

Help :(

--
View this message in context: http://www.nabble.com/EVP-errors%21-tp24898590p24903151.html

Dr. Stephen Henson

unread,
Aug 10, 2009, 1:07:29 PM8/10/09
to
On Mon, Aug 10, 2009, MusicAndy wrote:

>
> The Key looks completely different in command line to my program. Why would
> this be the case when i am calling the bytes to key function???? I am using
> a password of "1" therefore in the C++ do I need to do the same.. do I need
> to pad out the password in the C++?
>
> Help :(
>

The key from EVP_BytesToKey() is in hex format so you need to do a hex dump of
it.

You don't need to pad out the password a standard null terminated string is
fine.

MusicAndy

unread,
Aug 11, 2009, 3:45:11 AM8/11/09
to

This is not working...
I have just done a hex dump and the key still bears no resemblence to the
key reported by the command line....is it because i have version 0.9.8k of
the SDK and 0.9.8g of the command line?

--
View this message in context: http://www.nabble.com/EVP-errors%21-tp24898590p24913177.html


Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________

MusicAndy

unread,
Aug 11, 2009, 4:32:48 AM8/11/09
to

GOT IT WORKING!! WOOHOO! (open up the champagne!)

Now I just need to get it working with salt (maybe with a tequilla and
lemon)

--
View this message in context: http://www.nabble.com/EVP-errors%21-tp24898590p24913748.html

0 new messages