I have some data that was encrypted using the openssl (`AES_*`) functions. I want update this code to use the newer (EVP_*) functions which are FIPS compliant. But I should be able to decrypt data that was encrypted using the old code. I've pasted below both the old and the new code. The encrypted/decrypted contents are different. i.e. I can't use them interchangeably. This means I can't upgrade the code without having to decrypt using the old code and then re-encrypt. Are there any values for the parameters to EVP_BytesToKey so that aes_key derived is the same in both cases. Or is there any other way to accomplish the same using the (EVP_*) functions? I've tried several different values for `digest`, `rounds` and tried making IV NULL, but didn't really work i.e. it doesn't provide the same output as the old method. What algorithm is being used in AES_set_encrypt/decrypt_key function? The code using the `AES_*` functions ? ? #include <stdio.h>? ? #include <openssl/aes.h>? ? #include <print_util.h>? ??? ? static const unsigned char user_key[] = {? ? ? ?0x00, 0x01, 0x02, 0x03,? ? ? ?0x10, 0x11, 0x12, 0x13,? ? ? ?0x20, 0x21, 0x22, 0x23,? ? ? ?0x30, 0x31, 0x32, 0x33? ? };? ??? ? int main()? ? {? ? ? ? unsigned char p_text[]="plain text";? ? ? ? unsigned char c_text[16];? ? ? ? unsigned char d_text[16];? ??? ? ? ? AES_KEY aes_key;? ??? ? ? ? AES_set_encrypt_key(user_key, 128, &aes_key);? ? ? ? AES_encrypt(p_text, c_text, &aes_key);? ??? ? ? ? printf("plain text = %s\n", p_text);? ? ? ? printbuf((char*)c_text, 16, "cipher text = ");? ??? ? ? ? AES_set_decrypt_key(user_key, 128, &aes_key);? ? ? ? AES_decrypt(c_text, d_text, &aes_key);? ? ? ? printf("plain text (decrypted) = %s \n", d_text);? ??? ? ? ? return 0;? ? } The code using the `EVP_*` functions. (Encryption code is below and the decryption code is similar). ? ? #include <strings.h>? ? #include <openssl/evp.h>? ? #include <print_util.h>? ??? ? static const unsigned char user_key[16] = {? ? ? ?0x00, 0x01, 0x02, 0x03,? ? ? ?0x10, 0x11, 0x12, 0x13,? ? ? ?0x20, 0x21, 0x22, 0x23,? ? ? ?0x30, 0x31, 0x32, 0x33? ? };? ??? ? int main()? ? {? ? ? ? EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));? ? ? ? EVP_CIPHER_CTX_init(ctx);? ??? ? ? ? const EVP_CIPHER *cipher = EVP_aes_128_ecb(); // key size 128, mode ecb (not FIPS compliant?)? ? ? ? const EVP_MD *digest = EVP_md5();? ? ? ? int rounds = 10;? ? ? ? unsigned char aes_key[EVP_MAX_KEY_LENGTH];? ? ? ? unsigned char aes_iv[EVP_MAX_IV_LENGTH];? ??? ? ? ? EVP_BytesToKey(cipher, digest, NULL, user_key, 16, rounds, aes_key, aes_iv);? ??? ? ? ? EVP_EncryptInit(ctx, cipher, aes_key, aes_iv);? ??? ? ? ? unsigned char p_text[]="plain text"; int p_len = sizeof(p_text);? ? ? ? unsigned char c_text[16]; int c_len = 16;? ? ? ? int t_len;? ??? ? ? ? EVP_EncryptUpdate(ctx, c_text, &c_len, p_text, p_len);? ? ? ? EVP_EncryptFinal(ctx, (c_text + c_len), &t_len);? ??? ? ? ? c_len += t_len;? ??? ? ? ? printf("==> p_text: %s\n", p_text);? ? ? ? printbuf((char*)c_text, c_len, "==> c_text:");? ? } Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141231/0132282b/attachment.html>