Encrypted values are byte arrays, not strings. They may contain null characters. So you can't use strlen(). It's a common error.
G. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Xu, Qiang (FXSGSC) Sent: 12 March 2008 08:26 To: [email protected] Cc: [EMAIL PROTECTED] Subject: crypto library in openssl Hi, all: I come across a problem in using crypto library in OpenSSL. We are using EVP_DecryptInit(), EVP_DecryptUpdate(), and EVP_DecryptFinal() to do the decryption of the user's password after the user logs in. However, I just found when the user's password is "$elkins02", the decrypted string will be empty one (whose strlen() == 0). I have changed the user's password to "$dlkins02", "$flkins02", and "$Elkins02", and all of them can be decypted correctly. So I suspect crypto library can't handle the substring "$e" in password. But another password "$eFair123" can be decrypted correctly. I am really at a loss what combination will cause the crypto library unable to decrypt password. Anyone has spotted the problem before? We are using OpenSSL 0.9.7a. Any suggestion is welcome, Xu Qiang ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
