char key[EVP_MAX_KEY_LENGTH]; char iv[EVP_MAX_IV_LENGTH]; EVP_CIPHER_CTX ctx; unsigned char out[512+8]; int outl;Now, call:
EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd),key,iv);to generate key/iv data from a text password. This routine uses MD5 and follows the PCKS#5 standard from RSA.
EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv);to initialize the cipher context EVP_CIPHER_CTX.
while (....)
{
EVP_EncryptUpdate(ctx,out,&outl,in,512);
}
to do the actual encryption, 512 bytes at a time; the resultant
cipher text is placed into out. out should not be the
same as in for reasons mentioned in the documentation.
EVP_EncryptFinal(ctx,out,&outl);to output the last block of 512 bytes. If the cipher is a block cipher, the last block is encrypted in such a way that a wrong encryption will normally be detected, as per one of the PKCS standards.
To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal() will return 0 if the decryption fails (only detectable on block ciphers).
You can also use
EVP_CipherInit() EVP_CipherUpdate() EVP_CipherFinal()which does either encryption or decryption depending on an extra parameter to EVP_CipherInit().
To do base64 encoding, use
EVP_EncodeInit() EVP_EncodeUpdate() EVP_EncodeFinal()and
EVP_DecodeInit() EVP_DecodeUpdate() EVP_DecodeFinal()where the encoding is quite simple, but the decoding can be a bit more fun (due to dud input).
EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the 'last line' was just processed, and 1 if more lines should be submitted.
EVP_DecodeFinal() returns -1 for an error or 1 if things are ok.
So the loop becomes
EVP_DecodeInit(....)
for (;;)
{
i=EVP_DecodeUpdate(....);
if (i < 0) goto err;
/* process the data */
if (i == 0) break;
}
EVP_DecodeFinal(....);