OpenSSL EVP Series 4 --- EVP_ENCRYPT Series Function Detailed (1)
--- Translation and your own understanding
(Author: DragonKing, Mail: wzhah@263.net, released in:
Http://openssl.126.com OpenSSL Professional Forum, Version: OpenSSL-0.9.7)
The EVP_CIPHER series contains a lot of functions, I will be divided into two parts, some are the basic function series, which is to introduce this article, and the other part is the set function series, which will be introduced later. The basic series functions are mainly functions for basic encryption and decryption operations, and their definition is as follows (openssl / evp.h):
INT EVP_CIPHER_CTX_INIT (EVP_CIPHER_CTX * A);
INT EVP_ENCRYPTINIT_EX (EVP_CIPHER_CTX * CTX, Const EVP_CIPHER * TYPE,
ENGINE * IMPL, UNSIGNED CHAR * Key, Unsigned Char * iv);
INT EVP_ENCRYPTUPDATE (EVP_CIPHER_CTX * CTX, Unsigned Char * OUT,
INT * OUTL, UNSIGNED CHAR * IN, INT INL);
INT EVP_ENCRYPTFINAL_EX (EVP_CIPHER_CTX * CTX, Unsigned Char * OUT,
INT * OUTL);
INT EVP_DECRYPTINIT_EX (EVP_CIPHER_CTX * CTX, Const EVP_CIPHER * TYPE,
ENGINE * IMPL, UNSIGNED CHAR * Key, Unsigned Char * iv);
INT EVP_DECRYPTUPDATE (EVP_CIPHER_CTX * CTX, unsigned char * out,
INT * OUTL, UNSIGNED CHAR * IN, INT INL);
INT EVP_DECRYPTFINAL_EX (EVP_CIPHER_CTX * CTX, unsigned char * OUTM,
INT * OUTL);
INT EVP_CIPHERINIT_EX (EVP_CIPHER_CTX * CTX, Const EVP_CIPHER * TYPE,
ENGINE * IMPL, UNSIGNED Char * Key, Unsigned Char * IV, INT ENC
INT EVP_CIPHERUPDATE (EVP_CIPHER_CTX * CTX, Unsigned Char * OUT,
INT * OUTL, UNSIGNED CHAR * IN, INT INL);
INT EVP_CIPHERFINAL_EX (EVP_CIPHER_CTX * CTX, unsigned char * OUTM,
INT * OUTL);
INT EV_ENCRYPTINIT (EVP_CIPHER_CTX * CTX, Const EVP_CIPHER * TYPE,
Unsigned char * key, unsigned char * iv);
INT EVP_ENCRYPTFINAL (EVP_CIPHER_CTX * CTX, Unsigned Char * OUT,
INT * OUTL);
INT EVP_DECRYPTINIT (EVP_CIPHER_CTX * CTX, Const Evp_cipher * Type,
Unsigned char * key, unsigned char * iv);
INT EVP_DECRYPTFINAL (EVP_CIPHER_CTX * CTX, Unsigned Char * OUTM, INT * OUTL);
INT EVP_CIPHERINIT (EVP_CIPHER_CTX * CTX, Const EVP_CIPHER * TYPE,
Unsigned char * key, unsigned char * iv, int enc);
INT EVP_CIPHERFINAL (EVP_CIPHER_CTX * CTX, Unsigned Char * OUTM,
INT * OUTL);
INT EVP_CIPHER_CTX_CLEANUP (EVP_CIPHER_CTX * A);
In fact, there are many functions listed here, but most of them are duplicate, some are the functions of the old version support, and the new version can no longer be used. In fact, the function EVP_ENCRYPTINIT, EVP_ENCRYPTFINAL, EVP_DECRYPTFINAL, EVP_DECRYPTINAl, EVP_CIPHERINIT, and EVPHERFINAL should not be used in the new code, they keep only for compatibility with previous code. In the new code, you should use EVP_EncryptInit_ex, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptFinal_ex, EVP_CipherInit_ex and EVP_CipherFinal_ex function, as they can after each finished algorithm calls, without re-release and reuse the existing distribution structure under the circumstances EVP_CIPHER_CTX memory structure, Convenient. Here we introduce these functions separately.
[EVP_CIPHER_CTX_INIT]
This function initializes an EVP_CIPHER_CTX structure, which is only used in the functions described below after initialization. Operation successfully returns 1, otherwise it returns 0.
[EVP_ENCRYPTINIT_EX]
This function uses the algorithm of Engine parameter IMPL and initializes the encrypted structure. Where the parameter CTX must be initialized before calling this function. Parameters TYPE typically provides parameters through function types, such as the form of EVP_DES_CBC functions, namely the type of symmetric encryption algorithm described in our last chapter. If the parameter Impl is NULL, the default implementation algorithm is used. The parameter key is a symmetric key used to encrypt, and the IV parameter is an initialization vector (if needed). The key length and initialization key length that truly used in the algorithm are determined based on an algorithm. When calling this function, in addition to the parameter TYPE, all other parameters can be set to null, and then provide it to the other functions, then the parameter TYPE is set to NULL. When the default encrypted parameter is inappropriate, it can be processed. Operation successfully returns 1, otherwise it returns 0.
[EVP_ENCRYPTUPDATE]
This function performs encryption of data. This function encrypts the length of the length INL input from the parameter IN, and writes the encrypted data into the parameter OUT. A continuous data block can be processed by repeating the function. The number of data writes to OUT is determined by the alignment of the encrypted data, theoretically, any number of 0 to (INL CIPHER_BLOCK_SIZE-1) (the unit is byte), so output Parameter OUT has enough space storage data. The actual data length written to OUT is saved in the OUTL parameter. Operation successfully returns 1, otherwise it returns 0.
[EVP_ENCRYPTFINAL_EX]
This function processes a final (FINAL). When the function is turned on (default) (default), it is encrypted by the remaining last data. This algorithm uses a block Padding method (AKA PKCS Padding). The encrypted data is written to the parameter OUT, and the length of the parameter OUT should at least be able to add a block. The data length information written is input to the OUTL parameter. After the function is called, it means that all data is encrypted, and the EVP_ENCRYPTUPDATE function should not be called again. If the Padding function is not set, this function will not encrypt any data. If there is still the remaining data, then the error message will be returned, that is, the total length of the data is not an integer multiple of the block length. Operation successfully returns 1, otherwise it returns 0. The PKCS Padding standard is defined, and the byte of the N value N is added after being encrypted, so that the encrypted data length is an integer multiple of the length of the encryption block. No matter what circumstances, it is necessary to add Padding, that is, if the encrypted data is already an integer multiple of the block length, then N should be equal to the length of the block. For example, if the block length is 9, the data length to encrypted is 11, then the byte of 5 values is 5 should be increased behind the data.
[Evp_Decryptinit_ex, evp_decryptupdate and evp_decryptfinal_ex]
These three functions are the corresponding decryption functions of the above three functions. The parameters of these functions are basically the same as the corresponding encryption functions above. If the padding function is opened, EVP_DecryptFinal will detect the format of the last data, if the format is incorrect, the function returns an error code. Further, if the Padding function is turned on, the length of the parameter OUT of the EVP_DecryptUpdate function should be at least (INL CIPHER_BLOCK_SIZE) byte; however, if the length of the block is 1, it is sufficient for the INL byte. The three functions are successfully returned to 1, otherwise it returns 0.
It should be noted that although the decryption operation provides an error detection function, the function cannot detect whether the input data or key is correct, so even if a random data block may also be completed. The call is called. If the padding function is turned off, the operation always returns successful results when the decryption data length is an integer multiple of the block length.
[EVP_CIPHERINIT_EX, EVP_CIPHERUPDATE and EVP_CIPHERFINAL_EX]
In fact, the functions described above are implemented by calling these three functions, they are more underlying functions. Complete the encryption and decryption function of the data. They decided to perform encryption or decryption operations based on the parameter ENC, if the ENC is 1, then encrypts; if the ENC is 0, decrypt; if the ENC is -1, the data is not changed. The three functions are successfully returned to 1, otherwise it returns 0.
[Evp_cipher_ctx_cleanup]
This function clears all information in an EVP_CIPHER_CTX structure and releases all memory occupied by the structure. This function should be called after using the above function to complete an encryption algorithm, so that some sensitive information remains in memory cause security hidden. Operation successfully returns 1, otherwise it returns 0.
[Evp_encryptinit, evp_decryptinit and evp_cipherinit]
The functions of these three functions are the same as the function EVP_ENCRYPTINIT_EX, EVP_DECRYPTINIT_EX and EVP_CIPHERINIT_EX, but their CTX parameters do not need to be initialized, and use the default algorithm library. The three functions are successfully returned to 1, otherwise it returns 0. [Evp_encryptfinal, evp_decryptfinal and evp_cipherfinal]
These three functions are the same as the function EVP_ENCRYPTFINAL_EX, EVP_DECRYPTFINAL_EX, and EVP_CIPHERFINAL_EX functions, but their parameter CTX will be automatically released after calling. The three functions are successfully returned to 1, otherwise it returns 0.
