Currently we are using openssl1.1 for a file encryption/decryption.
We are facing a problem when we migrate to opensl3.0.
Below is the code flow used to encrypt the file.
// Set up the encryption context
const EVP_CIPHER *cipher = EVP_aes_256_cbc(); // Using AES 256 in CBC mode
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, cipher, nullptr, (const unsigned char *)key.c_str(), null);
// Encrypt the data
int len;
unsigned char buffer[1024];
EVP_EncryptUpdate(ctx,buffer,&len,(const unsigned char *)plaintext.c_str(), plaintext.length());
ciphertext.insert(ciphertext.end(), buffer, buffer + len);
// Finalize the encryption
EVP_EncryptFinal_ex(ctx, buffer, &len);
ciphertext.insert(ciphertext.end(), buffer, buffer + len);
// Clean up
EVP_CIPHER_CTX_free(ctx);
And in a similar way we have done the decryption also.
The same code is not working with openssl3.0, we identified that passing a valid IV instead of NULL is working fine in openssl3.0.
We understand that IV should be a random number, but passing null was working fine in openssl1.0.
Is there anything changed in openssl3.0 related to IV ?
We tried using valid IV instead of null, it is working fine.