> From: owner-openssl-us...@openssl.org On Behalf Of Prashanth kumar N
> Sent: Thursday, 29 March, 2012 10:02
> Bit confusing... are you saying that i need to add NULL termination
> at the end of encrypted data? Isn't this wrong? I assume i shouldn't be
> NULL terminating the input string which needs to be encrypted.
That's not what he said. See below.
> On Thu, Mar 29, 2012 at 7:10 PM, Ken Goldman <kgold...@us.ibm.com>
wrote:
> On 3/29/2012 1:40 AM, Prashanth kumar N wrote:
> Thanks Ken for pointing out the mistake... after
changing to
> AES_Decrypt(), it worked but i still see issue when
i print the
> decrypted output as it has extra non-ascii
characters in it.
>> That's what happens in C if you try to printf an array that's not
>> NUL terminated. The printf just keeps going, right past the end of the
buffer,
>> until it either hits a \0 or segfaults.
>> You encrypted 16 bytes, not nul terminated, decrypted to the same
>> 16 bytes, then pretended that it was nul terminated and tried to printf.
This is partly wrong. The input actually was nul-terminated, because
unsigned char text[]="test12345678abc2";
allocates 17 bytes. If you had used printf %s on that input, it
would have worked. But the termination wasn't needed for AES_Encrypt
which takes exactly 16 bytes (one block) and ignores any more.
In general crypto routines like OpenSSL work on arbitrary bytes with
explicit lengths or fixed length like here, not using nul-termination.
*Sometimes* plaintext is actually human-readable or otherwise printable
characters, but sometimes it isn't, and (modern) ciphertext never is.
Similarly AES_Encrypt gives and AES_Decrypt takes exactly 16 bytes,
as you did correctly, and AES_Decrypt gives exactly 16 bytes. So far
so good. But those 16 bytes don't include a nul-terminator, and
aren't followed by one in the same array, so when you use printf %s
which *requires* a nul-terminated string, it screws up. Similarly
if you used other C string functions like strcpy() strlen().
There are ways in C to handle character arrays that aren't
nul-terminated. In this case you could use:
printf ("Decrypted: %.16s\n", decrypted);
which prints until nul OR 16 chars whichever is hit first.
But usually in C it's easiest to follow the beaten path and use
nul-termination. To do that you need to decrypt into an array of
*17* unsigned chars and set decrypted[16] = 0. Or if you prefer,
decrypt into an array of 16 bytes, then memcpy() that to an array
of 17 bytes where you add the nul-terminator.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
