Joel Christner wrote:
Hello,
I have a simple client-server program and am using blowfish. I'm using
the EVP_* routines to initialize, encrypt, and decrypt. Variable-length
data is taken in from the client through stdin and sent to the server
socket after encryption. One question I have is how I clear what's
already been decrypted on the server-side from the buffer. It appears
that the data I've already read out of the buffer (post-decryption) is
not being discarded, thus when data is received, it starts back at the
beginning and I get the same data back. Any insight would be much
appreciated!
On my client side, my code is (simplified)
EVP_EncryptInit(&context,EVP_bf_cbc(),key,iv):
while(1) {
fgets(buffer,sizeof(buffer),stdin);
padBuffer(buffer,paddedBuffer); (my own routine just to pad to length
that is multiplier of 8-bytes)
writeBuffer=encrypt(&context,paddedBuffer,strlen(paddedBuffer),&i);
writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct
sockaddr *)&serveraddress,sizeof(serveraddress));
}
and on the server side, my code is (simplified):
EVP_DecryptInit(&context,EVP_bf_cbc(),key,iv);
while(1) {
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;i<strlen(readBuffer);i++) {
readBufferClear=decrypt(&context,readBuffer+i,1);
if (readBufferClear!=0)
strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
}
unpadBuffer(readBufferFinal,readBufferPadded);
printf("cleartext=%s\n",readBufferPadded);
}
Major problem with your code - _do_not_ use strlen() or other string
functions on binary data (encrypted buffers don't necessarily follow the
C-string rule of null-termination and can have '\0' anywhere in between).
-jb
--
I used to think I was indecisive, but now I'm not so sure.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
