152 EVP_CIPHER_CTX ctx; char key[EVP_MAX_KEY_LENGTH]; char iv[EVP_MAX_IV_LENGTH]; if seed_prng return 0; select_random_keykey, EVP_MAX_KEY_LENGTH; select_random_iviv, EVP_MAX_IV_LENGTH; EVP_EncryptInitctx, EVP_bf_cbc, key, iv; return 1; } Note that multiple implementations of the seed_prng function are provided in Chapter 4 . It returns 0 if the pseudorandom number generator cannot be seeded securely. We return an error status from our setup function in this case, so we dont need to check the return value of RAND_pseudo_bytes when we call it. Also, you may want to use raw entropy. See Chapter 4 for more information. Another thing to note is that the party decrypting the data will need to initialize its cipher context with the same initialization vector created here. Passing the initialization vector in the clear is OK, but it should probably be MACd so that the receiver can detect tampering. If NULL is passed in for an IV, an array filled with zeros is used. Note that IVs can be used in all modes except ECB. In ECB mode, you can still pass in an IV, but block ciphers will ignore it. Setting up for decryption is generally easier, because we already know the key and the IV used. Example 6-2 shows how to set up for decryption under the same configuration. Example 6-2. Preparing to use Blowfish in CBC mode for decryption include opensslevp.h void setup_for_decryptionchar key, char iv { EVP_CIPHER_CTX ctx; EVP_DecryptInitctx, EVP_bf_cbc, key, iv; } Subsequent calls to EVP_EncryptInit or EVP_DecryptInit will change the value of any non-null parameter as long as the cipher type parameter is set to NULL . Otherwise, the context is completely reinitialized. Additionally, the key and the IV can both be set to NULL on the first call to these functions, and set separately later. This is necessary when you specify a cipher and then change the key length from the default. Of course, you will need to at least provide a valid key before encryption begins.

6.2.3 Specifying Key Length and Other Options

Many ciphers take a variable key length, which can be easily set after initialization using the call EVP_CIPHER_CTX_set_key_length . For example, we can set the Blowfish key length to 64 bits, as follows: EVP_EncryptInitctx, EVP_bf_ecb, NULL, NULL; EVP_CIPHER_CTX_set_key_lengthctx, 8; EVP_EncryptInitctx, NULL, key, NULL; 153 In this case, we set the key with a second call to EVP_EncryptInit after we specify the key length. When using this functionality, make sure you only set the key length to a valid value for the cipher. If we wish to check the default key length of a cipher object, we can use the call EVP_CIPHER_key_length . For example, the following will show us the default key length for Blowfish: printfd\n, EVP_CIPHER_key_lengthEVP_bf_ecb; We can also check to see the length of the keys a cipher context is using: printfd\n, EVP_CIPHER_CTX_key_lengthctx; For other cipher parameters, OpenSSL provides a generic call, EVP_CIPHER_CTX_ctrl . Currently, this call can only set or query the effective key strength in RC2 or the number of rounds used in RC5. int EVP_CIPHER_CTX_ctrlEVP_CIPHER_CTX ctx, int type, int arg, void ptr; ctx The cipher context object. type The operation to perform, which can be one of the following constants: • EVP_CTRL_GET_RC2_KEY_BITS • EVP_CTRL_SET_RC2_KEY_BITS • EVP_CTRL_GET_RC5_ROUNDS • EVP_CTRL_SET_RC5_ROUNDS arg The numerical value to set, if appropriate. If not appropriate, its value is ignored. ptr A pointer to an integer for querying the numerical value of a property. For example, to query the effective key bits in an RC2 cipher context, storing the result in a variable called kb : EVP_CIPHER_CTX_ctrlctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, kb; And to set the effective key strength of RC2 to 64 bits: EVP_CIPHER_CTX_ctrlctx, EVP_CTRL_SET_RC2_KEY_BITS, 64, NULL; Setting and querying RC5 rounds works the same way. Remember from our previous discussion that OpenSSL is limited to 8, 12, or 16 rounds for RC5. 154 Another desirable option to set in a cipher context is whether padding is used. Without padding, the size of the ciphertext will always be the same size as the plaintext. On the downside, the length of the data encrypted must be an exact multiple of the block size. With padding, any length in bytes is feasible, but the resulting ciphertext can be up to a block longer than the plaintext. Unfortunately, OpenSSL versions through 0.9.6c do not allow padding to be disabled. This changes in Version 0.9.7, which has a function called EVP_CIPHER_CTX_set_padding that takes a pointer to a cipher context, and an integer that represents a Boolean value 0 for no padding, 1 for padding.

6.2.4 Encryption