Hi DS,
I corrected the strings issue (a mistake I shouldn't have missed, also
thanks to Jimmy's earlier email). I've leveled it down to a simple, small
piece of code that does nothing more than take data from stdin, encrypt it,
display the ciphertext, decrypt it, display the cleartext. Problem is that
the cleartext continues to appear in subsequent runs (I'm doing this in a
while(1) loop) - even though I'm doing an EVP_EncryptFinal and
EVP_DecryptFinal as part of my methods for encryption and decryption. Would
you be willing to take a look at this code if I unicast it to you?
Thanks,
Joel
On Fri, Feb 15, 2008 at 11:14 AM, David Schwartz <[EMAIL PROTECTED]>
wrote:
> Joel Christner wrote:
>
> > dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
> > for (i=0;i<strlen(readBuffer);i++) {
>
> Umm, you just stored the number of bytes read in 'dataRead'. Why are you
> passing 'readBuffer' to strlen? The 'readBuffer' contains the array of
> bytes
> read from the link, it is not a C-style string. Only a C-style string may
> be
> passed to 'strlen'.
>
> > readBufferClear=decrypt(&context,readBuffer+i,1);
>
> You are passing characters one-at-a-time to your decryption function.
> Depending on exactly what this function does, this may indicate that you
> are
> not getting the security you expected.
>
> > if (readBufferClear!=0) strncat(readBufferFinal,readBufferClear,strlen
> > (readBufferClear));
> > }
>
> Your 'decrypt' function takes as input a single character and returns a
> C-style string?
>
> Either your code is *truly* weird, or you have some basic
> misunderstandings
> about C-style strings.
>
> DS
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
