Kunal, If your data can include NULs, you should not use strlen to calculate the length of the buffer, you need to provide the length in some other way - in your example presumably as an additional parameter.
Carter Carter Browne CBCS cbro...@cbcs-usa.com 781-721-2890 On 5/21/2010 2:30 AM, ~ Kunal Sharma ~ wrote: > David, > > Thanks for taking out time to review my code and reply. > > 1) I agree that using sizeof was a blunder on my part. > 2) I'm calling decode2 with rg_conf_buf_dup and rg_conf_buf_dup_2, > second one being the output buffer. So I'm certain that I don't modify > the input buffer (though I just zero out only the part of my output > buffer due to sizeof thing). > > I was also wondering about the cipher block size. I was thinking of > using 16 as block size, read the input buffer in chunks of block size > one at a time, decrypt, copy and append to the output buffer. Do you > think that would work ? Could I then use the buffer holding decrypted > data in the decode2 function and get the original data back ? How can > I get the size of decrypted buffer - strlen wouldn't work, I suppose ? > > Thanks, > Kunal > > > On Thu, May 20, 2010 at 8:38 PM, David Schwartz <dav...@webmaster.com > <mailto:dav...@webmaster.com>> wrote: > > > Kunal Sharma wrote: > > > void encode2(char *inbuf,char *outbuf) > { > unsigned char key32[] = "As different as chalk and cheese"; > unsigned char iv[] = "As dark as pitch"; > > AES_KEY aeskey; > > memset(outbuf, 0, sizeof(outbuf)); > > AES_set_encrypt_key(key32, 32*8, &aeskey); > > AES_cbc_encrypt(inbuf, outbuf, strlen(inbuf), &aeskey, iv, > AES_ENCRYPT); > > return; > } > > You can't mean 'sizeof(outbuf)' -- 'outbuf' is a *pointer* to the > output > buffer. What does the size of that pointer have to do with anything? > > void decode2(char *inbuf,char *outbuf,int len) > { > unsigned char key32[] = "As different as chalk and cheese"; > unsigned char iv[] = "As dark as pitch"; > > AES_KEY aeskey; > > memset(outbuf, 0, sizeof(outbuf)); > > AES_set_decrypt_key(key32, 32*8, &aeskey); > > AES_cbc_encrypt(inbuf, outbuf, len, &aeskey, iv, AES_DECRYPT); > > return; > } > > Same use of 'sizeof(outbuf)' where that makes no sense (what does > the size > of the pointer to the output buffer have to do with anything?). > Also, what > happens if the plaintext is not a precise multiple of the cipher > block size? > > It seems like you have picked a low-level encryption/decryption > function > where you wanted a high-level one. > > Also, you have one amusing boner. Your 'decode2' function tries to > zero the > output buffer, but actually only zeroes part of it. But you call > it with the > output buffer and input buffer the same! So you are actually > erasing part of > your input buffer before you use it! > > DS > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org <mailto:openssl-users@openssl.org> > Automated List Manager > majord...@openssl.org <mailto:majord...@openssl.org> > >
