Kunal Sharma wrote:
void encode2(char *inbuf,char *outbuf)
{
unsigned char key32[] = "As different as chalk and cheese";
unsigned char iv[] = "As dark as pitch";
AES_KEY aeskey;
memset(outbuf, 0, sizeof(outbuf));
AES_set_encrypt_key(key32, 32*8, &aeskey);
AES_cbc_encrypt(inbuf, outbuf, strlen(inbuf), &aeskey, iv,
AES_ENCRYPT);
return;
}
You can't mean 'sizeof(outbuf)' -- 'outbuf' is a *pointer* to the output
buffer. What does the size of that pointer have to do with anything?
void decode2(char *inbuf,char *outbuf,int len)
{
unsigned char key32[] = "As different as chalk and cheese";
unsigned char iv[] = "As dark as pitch";
AES_KEY aeskey;
memset(outbuf, 0, sizeof(outbuf));
AES_set_decrypt_key(key32, 32*8, &aeskey);
AES_cbc_encrypt(inbuf, outbuf, len, &aeskey, iv, AES_DECRYPT);
return;
}
Same use of 'sizeof(outbuf)' where that makes no sense (what does the size
of the pointer to the output buffer have to do with anything?). Also, what
happens if the plaintext is not a precise multiple of the cipher block size?
It seems like you have picked a low-level encryption/decryption function
where you wanted a high-level one.
Also, you have one amusing boner. Your 'decode2' function tries to zero the
output buffer, but actually only zeroes part of it. But you call it with the
output buffer and input buffer the same! So you are actually erasing part of
your input buffer before you use it!
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
