EVP | Code for paper 'Audio-Driven Emotional Video Portraits | Machine Learning library

This is prefaced by the top comments.

your answer fixed it. The error on EVP_DecryptFinal_ex comes because of a wrong key Feel free to post your comment as an answer! – Akreter

plaintext is uninitialized in main.

I tried:

The signing methods of both codes do not hash implicitly, i.e. the already hashed data must be passed. While this is satisfied for the CNG code, it is not satisfied for the OpenSSL code.

For the OpenSSL code, the hash can be determined and applied as follows:

The easiest way would be to use the resource compiler to translate the raw .dat file into a resource file (commonly with a .res extension) the linker can pick up and wrap the user-defined resource into the final executable's image.

A resource script (commonly with an .rc extension) can be as simple as this:

There are plenty of things you can do to optimize the code.

Here is the list of the important points:

• compiler optimizations need to be enabled (using -O3 in GCC);
• std::array can be used instead of the slower dynamically-sized std::vector (since the size of a hash is 32), one can even define a new Hash type for clarity;
• parameters should be passed by reference (C++ pass parameter by copy by default)
• the C++ vectors can be reserved to pre-allocate the memory space and avoid unneeded copies;
• OPENSSL_free must be called to release the allocated memory of OPENSSL_hexstr2buf;
• push_back should be avoided when the size is a constant known at compile time;
• using std::copy is often faster (and cleaner) than a manual copy;
• std::reverse is often faster (and cleaner) than a manual loop;
• the size of a hash is supposed to be 32, but one can check that using assertions to be sure it is fine;
• count is not needed as it is the size of the txids vector;

Here is the resulting code:

Try

actualKey needs to be pointing to a buffer of appropriate size before you pass it to EVP_BytesToKey. As it is you are passing in an uninitialised pointer which would explain your inconsistent results.

The documentation for EVP_BytesToKey has this to say:

If data is NULL, then EVP_BytesToKey() returns the number of bytes needed to store the derived key.

So you can call EVP_BytesToKey once with the data parameter set to NULL to determine the length of actualKey, then allocate a suitable buffer and call it again with actualKey pointing to that buffer.

As others have noted, passing sizeof(keygen) to EVP_BytesToKey is also incorrect. You probably meant strlen (argv [2]).

Likewise, passing sizeof(actualKey) to RC4_set_key is also an error. Instead, you should pass the value returned by EVP_BytesToKey.

However when i am printing the size of the encrypted data in client.c it's 256 whereas on server.c it's printing some number between 1 and 256.

What the server is printing is not the size of the encrypted data, it's strlen(buffer[0]); you overlook that encrypted data can contain null characters, so it's inappropriate to apply strlen.

As suggested here's the also helpful comment by Jeremy Friesner:

There's no guarantee (either in TCP or in OpenSSL) that you will receive all of the sent bytes via single call to read(). You need to keep calling read() until you've received all the bytes you expected to get (or until read() returns 0, indicating that the connection has been closed)

The key and IV passed on the command line should be formatted as a hex string representing the bytes of the key and IV, not as ASCII text.

So instead of: