Xu, Qiang (FXSGSC) wrote:
Hi, all:
I come across a problem in using crypto library in OpenSSL.
We are using EVP_DecryptInit(), EVP_DecryptUpdate(), and EVP_DecryptFinal() to do the
decryption of the user's password after the user logs in. However, I just found when the
user's password is "$elkins02", the decrypted string will be empty one (whose
strlen() == 0).
I have changed the user's password to "$dlkins02", "$flkins02", and "$Elkins02", and all of them
can be decypted correctly. So I suspect crypto library can't handle the substring "$e" in password. But another
password "$eFair123" can be decrypted correctly. I am really at a loss what combination will cause the crypto library
unable to decrypt password.
Anyone has spotted the problem before? We are using OpenSSL 0.9.7a.
Any suggestion is welcome,
Xu Qiang
It's quite unlikely that the openssl crypto library (or any crypto
library) would have the kind of problem that you're mentioning.
My guess, would be that the problem lies in your encryption/decryption
code. Make sure that the encrypted password is stored/retrieved properly
(if I dare venture a guess, please check that you're not treating
encrypted material as C strings in your code).
-jb
--
I used to think I was indecisive, but now I'm not so sure.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
