Friends,
I was able to resolve the problem with my web application not able to read
the entire contents of encrypted file. Now my encryption and decryption is
working ok.
Thanks for all the help.
Kunal
On Sat, May 22, 2010 at 12:34 AM, ~ Kunal Sharma ~ <koolku...@gmail.com>wrote:
> Ok friends. I'm back after trying out EVP stuff. Here's my code:
>
> DECRYPT
>
> int wfd;
> if((wfd = creat("/etc/rgconf_encrypted",0644)) == -1) {
> console_printf("Couldn't open output file for writingn");
> }else{
> console_printf("\nuser input encrypted file len =
> %d\n",strlen(buf)); //buf is encrypted data from some other routine
> write(wfd,buf,strlen(buf));
> close(wfd);
> }
> console_printf("\ndecode3 returned %d\n",decode3()); //decode3
> decrypts "/etc/rgconf_encrypted" and saves to "/etc/rgconf_decrypted"
>
> FILE *file;
> char *buffer=NULL;
> unsigned long fileLen;
>
> file = fopen("/etc/rgconf_decrypted", "r");
> if (!file)
> {
> console_printf("Unable to open file\n");
> }else{
> //Get file length
> fseek(file, 0, SEEK_END);
> fileLen=ftell(file);
> rewind (file);
>
> console_printf("decrypted file len = %lu\n",fileLen);
> //Allocate memory
> buffer=(char *)malloc(fileLen+1); // +1 for null terminated
> string
> if (!buffer)
> {
> console_printf("Memory error!\n");
> }else{
>
> //Read file contents into buffer
> console_printf("\nRead in buffer no. of bytes =
> %d\n",fread(buffer, 1, fileLen, file)); //read file in buffer
> buffer[fileLen] = 0;
>
> //do something with buffer here...
>
> free(buffer);
>
> }
>
> fclose(file);
> unlink("/etc/rgconf_encrypted");
> unlink("/etc/rgconf_decrypted");
> }
>
>
>
> ENCRYPT
>
>
> char *buffer = NULL;
>
> int wfd;
> if((wfd = creat("/etc/rgconf",0644) ) == -1) {
> console_printf("Couldn't open output file for writing");
> }else{
> write(wfd,rg_conf_buf,strlen(rg_conf_buf)); //rg_conf_buf is
> read from some other supplier routine
> close(wfd);
>
> console_printf("\nencode3 returned %d\n",encode3()); //encode3
> encrypts "/etc/rgconf" in AES-256 CBC and saves to "/etc/rgconf_encrypted"
>
> //read the encrypted file in a buffer to be sent
> FILE *file;
> unsigned long fileLen;
>
> file = fopen("/etc/rgconf_encrypted", "r");
>
> if (!file)
> {
> console_printf("Unable to open file\n");
> }else{
> //Get file length
> fseek(file, 0, SEEK_END);
> fileLen=ftell(file);
> rewind (file);
>
> console_printf("encrypted file len = %lu\n",fileLen);
>
> //Allocate memory
> buffer=(char *)malloc(fileLen);
> if (!buffer)
> {
> console_printf("Memory error!\n");
> }else{
> //Read file contents into buffer
> console_printf("\nRead in buffer no. of bytes =
> %d\n",fread(buffer, 1, fileLen, file)); //read file in buffer
>
> //send the buffer containing encrypted data back to user
>
> free(buffer);
> }
>
> fclose(file);
> unlink("/etc/rgconf");
> unlink("/etc/rgconf_encrypted");
> }
> }
>
> I have tested encode3 and decode3 to work fine with their encrypting and
> decrypting functions. I wrote some stuff to a file, encrypted it using
> encode3, saved to file2 and decrypted file2 using decode3 to file3. the
> contents of file and file3 are same. So I know my EVP logic is working fine.
> But this is only when I'm working on the files stored on the disk.
>
> Actually, my application has an interface with the user through a web
> server. So I upload and download data to the application through a browser
> using files. The user needs some data encrypted so application fetches it
> from some database in a file, encrypts it and sends it to the browser from
> where it can be downloaded in a file on the disk. Similarly, the user feeds
> a file containing encrypted data to web interface and application decrypts
> the data and updates the database.
>
> What I see happening is this:
>
> ENCRYPT - size of /etc/rgconf on disk is 157043 bytes
> ENCRYPT - size of /etc/rgconf_encrypted on disk is 157044 bytes.
> BROWSER saves the file to disk - size is 136 bytes (How ???)
> ..............this is a Windows machine
>
> user feeds the same file
>
> traces from DECRYPT -
>
> user input encrypted file len = 136
>
> Trouble with unpadding the last block
>
> decrypted file len = 128
>
> Read in buffer no. of bytes = 128
>
>
>
> 1) Why could I be seeing different lengths of data on linux and windows ?
> 2) 136 byte encrypted data is turned into 128 byte decrypted data....how
> ???
>
> Would be nice if you could provide pointers to this problem or if I need to
> do something extra here.
>
> Thanks again,
> Kunal
>
>
>
> On Fri, May 21, 2010 at 6:32 PM, ~ Kunal Sharma ~ <koolku...@gmail.com>wrote:
>
>> Thanks Jeff, Carter.
>>
>> I'm in the process of trying out EVP routines to do my stuff now. Will
>> post an update once I'm done.
>>
>> Thanks again for your time.
>> - Kunal
>>
>>
>> On Fri, May 21, 2010 at 5:55 PM, Carter Browne <cbro...@cbcs-usa.com>wrote:
>>
>>> Kunal,
>>>
>>> If your data can include NULs, you should not use strlen to calculate the
>>> length of the buffer, you need to provide the length in some other way - in
>>> your example presumably as an additional parameter.
>>>
>>> Carter
>>>
>>> Carter Browne
>>> cbcscbro...@cbcs-usa.com
>>> 781-721-2890
>>>
>>>
>>> On 5/21/2010 2:30 AM, ~ Kunal Sharma ~ wrote:
>>>
>>> David,
>>>
>>> Thanks for taking out time to review my code and reply.
>>>
>>> 1) I agree that using sizeof was a blunder on my part.
>>> 2) I'm calling decode2 with rg_conf_buf_dup and rg_conf_buf_dup_2, second
>>> one being the output buffer. So I'm certain that I don't modify the input
>>> buffer (though I just zero out only the part of my output buffer due to
>>> sizeof thing).
>>>
>>> I was also wondering about the cipher block size. I was thinking of
>>> using 16 as block size, read the input buffer in chunks of block size one at
>>> a time, decrypt, copy and append to the output buffer. Do you think that
>>> would work ? Could I then use the buffer holding decrypted data in the
>>> decode2 function and get the original data back ? How can I get the size of
>>> decrypted buffer - strlen wouldn't work, I suppose ?
>>>
>>> Thanks,
>>> Kunal
>>>
>>>
>>> On Thu, May 20, 2010 at 8:38 PM, David Schwartz <dav...@webmaster.com>wrote:
>>>
>>>>
>>>> Kunal Sharma wrote:
>>>>
>>>>
>>>> void encode2(char *inbuf,char *outbuf)
>>>> {
>>>> unsigned char key32[] = "As different as chalk and cheese";
>>>> unsigned char iv[] = "As dark as pitch";
>>>>
>>>> AES_KEY aeskey;
>>>>
>>>> memset(outbuf, 0, sizeof(outbuf));
>>>>
>>>> AES_set_encrypt_key(key32, 32*8, &aeskey);
>>>>
>>>> AES_cbc_encrypt(inbuf, outbuf, strlen(inbuf), &aeskey, iv,
>>>> AES_ENCRYPT);
>>>>
>>>> return;
>>>> }
>>>>
>>>> You can't mean 'sizeof(outbuf)' -- 'outbuf' is a *pointer* to the
>>>> output
>>>> buffer. What does the size of that pointer have to do with anything?
>>>>
>>>> void decode2(char *inbuf,char *outbuf,int len)
>>>> {
>>>> unsigned char key32[] = "As different as chalk and cheese";
>>>> unsigned char iv[] = "As dark as pitch";
>>>>
>>>> AES_KEY aeskey;
>>>>
>>>> memset(outbuf, 0, sizeof(outbuf));
>>>>
>>>> AES_set_decrypt_key(key32, 32*8, &aeskey);
>>>>
>>>> AES_cbc_encrypt(inbuf, outbuf, len, &aeskey, iv, AES_DECRYPT);
>>>>
>>>> return;
>>>> }
>>>>
>>>> Same use of 'sizeof(outbuf)' where that makes no sense (what does the
>>>> size
>>>> of the pointer to the output buffer have to do with anything?). Also,
>>>> what
>>>> happens if the plaintext is not a precise multiple of the cipher block
>>>> size?
>>>>
>>>> It seems like you have picked a low-level encryption/decryption function
>>>> where you wanted a high-level one.
>>>>
>>>> Also, you have one amusing boner. Your 'decode2' function tries to zero
>>>> the
>>>> output buffer, but actually only zeroes part of it. But you call it with
>>>> the
>>>> output buffer and input buffer the same! So you are actually erasing
>>>> part of
>>>> your input buffer before you use it!
>>>>
>>>> DS
>>>>
>>>> ______________________________________________________________________
>>>> OpenSSL Project http://www.openssl.org
>>>> User Support Mailing List openssl-users@openssl.org
>>>> Automated List Manager majord...@openssl.org
>>>>
>>>
>>>
>>
>
