Ok, I will change that. Can you provide any guidance on how to empty the
buffer?
Thanks
On Thu, Feb 14, 2008 at 2:50 AM, jimmy bahuleyan <[EMAIL PROTECTED]>
wrote:
> Joel Christner wrote:
> > Hello,
> >
> > I have a simple client-server program and am using blowfish. I'm using
> > the EVP_* routines to initialize, encrypt, and decrypt. Variable-length
> > data is taken in from the client through stdin and sent to the server
> > socket after encryption. One question I have is how I clear what's
> > already been decrypted on the server-side from the buffer. It appears
> > that the data I've already read out of the buffer (post-decryption) is
> > not being discarded, thus when data is received, it starts back at the
> > beginning and I get the same data back. Any insight would be much
> > appreciated!
> >
> > On my client side, my code is (simplified)
> >
> > EVP_EncryptInit(&context,EVP_bf_cbc(),key,iv):
> > while(1) {
> > fgets(buffer,sizeof(buffer),stdin);
> > padBuffer(buffer,paddedBuffer); (my own routine just to pad to length
> > that is multiplier of 8-bytes)
> > writeBuffer=encrypt(&context,paddedBuffer,strlen(paddedBuffer),&i);
> > writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct
> > sockaddr *)&serveraddress,sizeof(serveraddress));
> > }
> >
> > and on the server side, my code is (simplified):
> >
> > EVP_DecryptInit(&context,EVP_bf_cbc(),key,iv);
> > while(1) {
> > dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
> > for (i=0;i<strlen(readBuffer);i++) {
> > readBufferClear=decrypt(&context,readBuffer+i,1);
> > if (readBufferClear!=0)
> > strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
> > }
> > unpadBuffer(readBufferFinal,readBufferPadded);
> > printf("cleartext=%s\n",readBufferPadded);
> > }
> >
>
> Major problem with your code - _do_not_ use strlen() or other string
> functions on binary data (encrypted buffers don't necessarily follow the
> C-string rule of null-termination and can have '\0' anywhere in between).
>
> -jb
> --
> I used to think I was indecisive, but now I'm not so sure.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
