Hi Phil, > " or is the encrypted length put into the encrypted information so an EVP call is available to retrieve it?" It is NOT the case. May not be the answer you expected : The encrypted length is length of clear text + size of 1 cipher block if padding is enabled. https://www.openssl.org/docs/crypto/EVP_EncryptInit.html > "is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers) and the corresponding EVP_cleanup call necessary for each encrypt and decrypt ?" NO, and It should NOT, especially in multi-threaded applications : "A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting." https://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html Also : https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption Hope this helps, Regards, Michel. De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de Philip Bellino Envoy? : jeudi 26 mars 2015 15:53 ? : openssl-users at openssl.org Objet : [openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords with cipher des_ede3_cbc as follows: encrypt routines: EVP_CIPHER_CTX_init EVP_EncryptInit_ex EVP_EncryptUpdate EVP_EncryptFinal_ex EVP_CIPHER_CTX_cleanup decrypt routines: EVP_CIPHER_CTX_init EVP_DecryptInit_ex EVP_DecryptUpdate EVP_DecryptFinal_ex EVP_CIPHER_CTX_cleanup similar to examples found here: http://www.openssl.org/docs/crypto/EVP_CIPHER_CTX_init.html#EXAMPLES Passwords are encrypted and stored when created, and decrypted at a later time to compare against the password given upon login. None of the examples show determining the length of the encrypted information via an EVP call in order to pass that information to the decryption routines. Should I assume it is incumbent upon the coder to store the encrypted length when storing the encrypted password, for retrieval later? Or is the encrypted length put into the encrypted information so an EVP call is available to retrieve it? I believe from all the information I see that it is the former. Please confirm this for me. Also, is calling OpenSSL_add_all_algorithms (or OpenSSL_add_all_ciphers) and the corresponding EVP_cleanup call necessary for each encrypt and decrypt? My encryption and decryption seem to be working without calling those routines but after seeing them used (for examples in test/evp_test.c), I don't understand why. Any insight that can be shared would be most appreciated. Thank you. Phil Bellino Principal Software Engineer | MRV Communications Inc. 300 Apollo Drive | Chelmsford, MA 01824 Phone: 978-674-6870 | Fax: 978-674-6799 www.mrv.com MRV-email <http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform> Image supprim?e par l'exp?diteur. E-Banner The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/680c82b8/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/680c82b8/attachment-0001.jpg> -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 6563 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150326/680c82b8/attachment-0001.png>
