Hey, wait a minute. He wanted to call that command line from a C program. Obviously you shouldn't use this code for serious purposes but I don't see what buffer overflows and unwanted behavior you are talking of.
I only see a performance problem here. If you are sane about the input, the output is sane. There are times when quick and dirty solutions are called for. :-) regards, Girish --- Michal Ludvig <[EMAIL PROTECTED]> wrote: > Girish Venkatachalam wrote: > > FILE *fp; > > sprintf(buf,"echo %s | openssl aes-256-cbc -salt > -a -e > > -pass pass:%s",password,passphrase); > > fp = popen(buf); > > fgets(fd...) for the output > > Dear "be_tnt", don't believe him ;-) This code > snipped blatantly calls > for buffer overflows and other unwanted behaviour. > > 1) You don't need OpenSSL sources. Headers and > development libraries are > enough. > 2) Depending on what system/distribution you use > install the appropriate > package (e.g. openssl-devel on SuSE, openssl-dev on > Debian, etc). > 3) Go through "man evp" and all relevant referenced > EVP_Cipher* manpages. > 4) Play with the stuff until you come up with those > three or four calls > needed to encrypt stuff with OpenSSL library. > 5) Eventually get the sources and see how your > command is implemented. > It won't be too difficult. See openssl/apps > directory. > > Michal Ludvig > -- > * Stuff: http://www.logix.cz/michal > > > > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > Development Mailing List > [email protected] > Automated List Manager > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
