See http://www.mail-archive.com/openssl-users@openssl.org/msg55632.html
for a basic, similar example where BIO_s_mem is used as a temporary buffer, which automatically adapts its store to contain all the data, which has not yet been read (fetched from the BIO). Alternatevely, you may consider using a BIO_pair, which is another way to provide flexible buffering in a BIO pipeline. See above url for an equivalent example of use. (use BIO_s_mem when you're sure you'll be using BIOs in one I/O direction only; use BIO_pairs when you need full-duplex I/O) Both samples are base64 related (as is the discussing there), but it's very easy to adapt those bits to using EVP_* functions which encrypt/decrypt the data - instead of base64 enc/decoding. On Thu, Jan 22, 2009 at 3:27 PM, Gbenga Taylor <gbenga.tay...@cgifederal.com> wrote: > Hi can you provide an example for using BIO_s_mem(to store the > ciphertext? > thanks > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Victor Duchovni > Sent: Thursday, January 15, 2009 3:00 PM > To: openssl-users@openssl.org > Subject: Re: Help with EVP_DecryptFinal_ex:bad decrypt > > On Thu, Jan 15, 2009 at 02:45:49PM -0500, Adam Bender wrote: > >> > BUG: Don't pass the same buffer/offset to EncryptFinal_ex(), this > clobbers >> > the first encrypted block. Instead use "sym_out_buf + out_total" if > the >> > buffer is long enough for both the original ciphertext and the final > block. >> >> Thanks, that fixes it. I guess I was expecting the context to track > how >> many bytes it had written, or something. > > That would make a poor interface for encrypting data streams, as one > would need a buffer large enough to hold an entire encrypted message, > but > in practice one wants to loop encrypting blocks of data, and to re-use > the same buffer once ciphertext is delivered to the right destination > (usually a network peer or a disk file). > > If you want to buffer multiple cipherblocks, you could use a memory BIO > (see BIO_s_mem(3)) to store the ciphertext, and later read it back from > the BIO. This way you avoid any fragile use of malloc(), ... and can use > a suitable fixed size buffer for symmetric EVP_* operations regardless > of the message size (the variable size storage will be hidden in the > memory BIO). More typically, the data will not linger in memory, but > will > be written to the network or disk. -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
