> -----Original Message----- > From: Richard Levitte [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 12, 2008 7:21 PM > To: openssl-users@openssl.org; Xu, Qiang (FXSGSC) > Subject: Re: crypto library in openssl > > Note: openssl-dev is inappropriate, as it is meant for the > _development_ _of_ OpenSSL. Your inquiry is about the _use_ > of OpenSSL, making openssl-users much more appropriate. I'm > therefore redirecting it there.
Thanks for redirecting me to the correct group. I didn't realized it yesterday. > You're doing three mistakes: > > 1. you're assuming the EVP routines treat your data as character > strings. That's incorrect, it treats them as binary blobs. Any of > the bytes in that blob can be zero, and apparently, you're getting > a result that starts with a zero byte. Just got to understand this a little bit. Sorry for my slowness. > 2. you're not using the resulting length from the EVP routines. Doing > so will give you correct answer, strlen() is not guaranteed to do > that (it will only give you the correct answer if you have no zero > byte anywhere in the result). Could you give me any suggestions to improve the code the decrypt the password? How to check the resulting length from EVP routines? > 3. you're also not checking the returned result from the EVP routines. If the result of decryption has zero bytes in it, how can I get the correct char string from it? My idea is to check the byte in the resulting length from EVP routines, and rip the zeros of the result. Is it feasible? Thanks a lot, Xu Qiang ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
