encryption - Encrypt and decrypt string with c++, Openssl and aes -

i'm trying encrypt , decrypt string c++ openssl , aes cbc.

the weird thing is, on 1 pc works, , on other pc doesn't. there have 3/4 of original string, ending wrong.

the other weird thing is, when add dll called "libeay32.dll" directory of exe file on second pc, works, not on first pc.

in summary, first pc works without dll, second pc works dll.

my question is, can code improved, , why dll needed on 1 computer not on other.

here's i've written:

key , iv defines:

#define key "abc" #define iv  "abc" 

encryption function:

string aes_encrypt(string _instr) {     string  enckey,             enciv;      aes_key enc_key;      unsigned char * aes_key   = (unsigned char *) malloc (sizeof(unsigned char) * (32)),                   * iv_enc    = (unsigned char *) malloc (sizeof(unsigned char) * aes_block_size),                   * aes_input = (unsigned char *) malloc (sizeof(unsigned char) * _instr.size ()),                   * enc_out   = (unsigned char *) malloc (sizeof(unsigned char) * ((_instr.size () + aes_block_size) / aes_block_size) * aes_block_size);        memcpy ((char *) aes_input, _instr.c_str (), _instr.size ());      memset (aes_key, 0, 32);      enckey = key;     enciv  = iv;      (int = 0; < 50; i++)         enckey = md5 (enckey.c_str ());       (int = 0; < 305; i++)         enciv = md5 (enciv.c_str ());      enciv.erase (16);      memcpy (aes_key, enckey.c_str (), 32);     memcpy (iv_enc,  enciv.c_str  (), 16);       aes_set_encrypt_key (aes_key, 128, &enc_key);     aes_cbc_encrypt     (aes_input, enc_out, _instr.size (), &enc_key, iv_enc, aes_encrypt);       free (aes_key);     free (aes_input);     free (iv_enc);       aes_key     = null;     aes_input   = null;     iv_enc      = null;      return string ((char *) enc_out);  } 

decryption function:

string aes_decrypt (string _instr) {     string  enckey,             enciv;      aes_key dec_key;      unsigned char * aes_key   = (unsigned char *) malloc (sizeof(unsigned char) * (32)),                   * iv_dec    = (unsigned char *) malloc (sizeof(unsigned char) * aes_block_size),                   * enc_out   = (unsigned char *) malloc (sizeof(unsigned char) * _instr.size ()),                   * dec_out   = (unsigned char *) malloc (sizeof(unsigned char) * _instr.size ());       memcpy (enc_out, _instr.c_str (), _instr.size ());      memset (aes_key, 0, 32);      enckey = key;     enciv  = iv;      (int = 0; < 50; i++)         enckey = md5 (enckey.c_str ());      (int = 0; < 305; i++)         enciv = md5 (enciv.c_str ());      enciv.erase (16);      memcpy (aes_key, enckey.c_str (), 32);     memcpy (iv_dec,  enciv.c_str  (), 16);      aes_set_decrypt_key(aes_key, 128, &dec_key);     aes_cbc_encrypt(enc_out, dec_out, _instr.size (), &dec_key, iv_dec, aes_decrypt);      free (aes_key);     free (iv_dec);      free (enc_out);        aes_key     = null;     iv_dec      = null;     enc_out     = null;      return string ((char *) dec_out);  } 

output of first pc:

input:

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

encrypted:

s^wo◄┘"â▼~¼\é╣$╨l╡`ac♠·ñz½h╠∟≥ä°╪╥=αp╙iφocyn°☺§)↨xwy+☼▀╤m▓÷√nÉk┼≡<ák◄Ä┬÷∙z ¼üt@¥≈╟∙¶√Ñù°7å²²²²½½½½½½½½ε■ε■

decrypted:

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

output of second pc:

input:

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

encrypted:

s^wo?+"â?~¼\é¦$ðlÁ`ac?·ñz½h¦?=ä°ÏÊ=ÓpËiÝocyn°?§)?xwy+¤¯Ðm¦÷¹nÉk+­<ák?Ä-÷¨zð+bñfb yÙ]?s

decrypted:

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa?wλh+²²²²¦¦¦¦¦¦w$ö?ó:

these 2 broken sure....

for (int = 0; < 50; i++)     enckey = md5 (enckey.c_str ());  (int = 0; < 305; i++)     enciv = md5 (enciv.c_str ()); 

you need like:

enckey = string(md5 (enckey.c_str ()), 16); 

otherwise, string produced md5 truncated @ first 0x00 string constructor encounters.

---

these trouble:

memcpy (aes_key, enckey.c_str (), 32); memcpy (iv_enc,  enciv.c_str  (), 16); 

at best, md5 produces string of 16 bytes. can't pull 32 bytes out of 16 byte string in enckey.

and in trouble if either enckey or enciv has embedded null. if either has one, string not 16 bytes.

---

and jim pointed out in comment below, trouble:

return string ((char *) dec_out); 

it needs similar to:

string aes_encrypt(string _instr) {     ...     return string ((char *) dec_out, <some size>); } 

---

and use of aes_cbc_encrypt looks wrong. should stick evp_* interface. example, see evp symmetric encryption , decryption on openssl wiki.

better, use authenticated encryption mode gcm authenticity/integrity assurances, too. example, see evp authenticated encryption , decryption on openssl wiki.

---

finally, use larger hash sha256 or sha512. md5 no longer desired other backwards compatibility.