Re: Emptying the buffer
On 2/15/08, Joel Christner [EMAIL PROTECTED] wrote: Anyone have any ideas? Thanks does it still happen after you changed your code? -jb __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Emptying the buffer
Hi DS,
I corrected the strings issue (a mistake I shouldn't have missed, also
thanks to Jimmy's earlier email). I've leveled it down to a simple, small
piece of code that does nothing more than take data from stdin, encrypt it,
display the ciphertext, decrypt it, display the cleartext. Problem is that
the cleartext continues to appear in subsequent runs (I'm doing this in a
while(1) loop) - even though I'm doing an EVP_EncryptFinal and
EVP_DecryptFinal as part of my methods for encryption and decryption. Would
you be willing to take a look at this code if I unicast it to you?
Thanks,
Joel
On Fri, Feb 15, 2008 at 11:14 AM, David Schwartz [EMAIL PROTECTED]
wrote:
Joel Christner wrote:
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
Umm, you just stored the number of bytes read in 'dataRead'. Why are you
passing 'readBuffer' to strlen? The 'readBuffer' contains the array of
bytes
read from the link, it is not a C-style string. Only a C-style string may
be
passed to 'strlen'.
readBufferClear=decrypt(context,readBuffer+i,1);
You are passing characters one-at-a-time to your decryption function.
Depending on exactly what this function does, this may indicate that you
are
not getting the security you expected.
if (readBufferClear!=0) strncat(readBufferFinal,readBufferClear,strlen
(readBufferClear));
}
Your 'decrypt' function takes as input a single character and returns a
C-style string?
Either your code is *truly* weird, or you have some basic
misunderstandings
about C-style strings.
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
RE: Emptying the buffer
Joel Christner wrote:
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
Umm, you just stored the number of bytes read in 'dataRead'. Why are you
passing 'readBuffer' to strlen? The 'readBuffer' contains the array of bytes
read from the link, it is not a C-style string. Only a C-style string may be
passed to 'strlen'.
readBufferClear=decrypt(context,readBuffer+i,1);
You are passing characters one-at-a-time to your decryption function.
Depending on exactly what this function does, this may indicate that you are
not getting the security you expected.
if (readBufferClear!=0) strncat(readBufferFinal,readBufferClear,strlen
(readBufferClear));
}
Your 'decrypt' function takes as input a single character and returns a
C-style string?
Either your code is *truly* weird, or you have some basic misunderstandings
about C-style strings.
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Emptying the buffer
Joel Christner wrote:
Hello,
I have a simple client-server program and am using blowfish. I'm using
the EVP_* routines to initialize, encrypt, and decrypt. Variable-length
data is taken in from the client through stdin and sent to the server
socket after encryption. One question I have is how I clear what's
already been decrypted on the server-side from the buffer. It appears
that the data I've already read out of the buffer (post-decryption) is
not being discarded, thus when data is received, it starts back at the
beginning and I get the same data back. Any insight would be much
appreciated!
On my client side, my code is (simplified)
EVP_EncryptInit(context,EVP_bf_cbc(),key,iv):
while(1) {
fgets(buffer,sizeof(buffer),stdin);
padBuffer(buffer,paddedBuffer); (my own routine just to pad to length
that is multiplier of 8-bytes)
writeBuffer=encrypt(context,paddedBuffer,strlen(paddedBuffer),i);
writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct
sockaddr *)serveraddress,sizeof(serveraddress));
}
and on the server side, my code is (simplified):
EVP_DecryptInit(context,EVP_bf_cbc(),key,iv);
while(1) {
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
readBufferClear=decrypt(context,readBuffer+i,1);
if (readBufferClear!=0)
strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
}
unpadBuffer(readBufferFinal,readBufferPadded);
printf(cleartext=%s\n,readBufferPadded);
}
Major problem with your code - _do_not_ use strlen() or other string
functions on binary data (encrypted buffers don't necessarily follow the
C-string rule of null-termination and can have '\0' anywhere in between).
-jb
--
I used to think I was indecisive, but now I'm not so sure.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Emptying the buffer
Ok, I will change that. Can you provide any guidance on how to empty the
buffer?
Thanks
On Thu, Feb 14, 2008 at 2:50 AM, jimmy bahuleyan [EMAIL PROTECTED]
wrote:
Joel Christner wrote:
Hello,
I have a simple client-server program and am using blowfish. I'm using
the EVP_* routines to initialize, encrypt, and decrypt. Variable-length
data is taken in from the client through stdin and sent to the server
socket after encryption. One question I have is how I clear what's
already been decrypted on the server-side from the buffer. It appears
that the data I've already read out of the buffer (post-decryption) is
not being discarded, thus when data is received, it starts back at the
beginning and I get the same data back. Any insight would be much
appreciated!
On my client side, my code is (simplified)
EVP_EncryptInit(context,EVP_bf_cbc(),key,iv):
while(1) {
fgets(buffer,sizeof(buffer),stdin);
padBuffer(buffer,paddedBuffer); (my own routine just to pad to length
that is multiplier of 8-bytes)
writeBuffer=encrypt(context,paddedBuffer,strlen(paddedBuffer),i);
writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct
sockaddr *)serveraddress,sizeof(serveraddress));
}
and on the server side, my code is (simplified):
EVP_DecryptInit(context,EVP_bf_cbc(),key,iv);
while(1) {
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
readBufferClear=decrypt(context,readBuffer+i,1);
if (readBufferClear!=0)
strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
}
unpadBuffer(readBufferFinal,readBufferPadded);
printf(cleartext=%s\n,readBufferPadded);
}
Major problem with your code - _do_not_ use strlen() or other string
functions on binary data (encrypted buffers don't necessarily follow the
C-string rule of null-termination and can have '\0' anywhere in between).
-jb
--
I used to think I was indecisive, but now I'm not so sure.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Emptying the buffer
Anyone have any ideas?
Thanks
On Wed, Feb 13, 2008 at 6:44 PM, Joel Christner [EMAIL PROTECTED]
wrote:
Hello,
I have a simple client-server program and am using blowfish. I'm using
the EVP_* routines to initialize, encrypt, and decrypt. Variable-length
data is taken in from the client through stdin and sent to the server socket
after encryption. One question I have is how I clear what's already been
decrypted on the server-side from the buffer. It appears that the data I've
already read out of the buffer (post-decryption) is not being discarded,
thus when data is received, it starts back at the beginning and I get the
same data back. Any insight would be much appreciated!
On my client side, my code is (simplified)
EVP_EncryptInit(context,EVP_bf_cbc(),key,iv):
while(1) {
fgets(buffer,sizeof(buffer),stdin);
padBuffer(buffer,paddedBuffer); (my own routine just to pad to length
that is multiplier of 8-bytes)
writeBuffer=encrypt(context,paddedBuffer,strlen(paddedBuffer),i);
writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct sockaddr
*)serveraddress,sizeof(serveraddress));
}
and on the server side, my code is (simplified):
EVP_DecryptInit(context,EVP_bf_cbc(),key,iv);
while(1) {
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
readBufferClear=decrypt(context,readBuffer+i,1);
if (readBufferClear!=0)
strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
}
unpadBuffer(readBufferFinal,readBufferPadded);
printf(cleartext=%s\n,readBufferPadded);
}
Emptying the buffer
Hello,
I have a simple client-server program and am using blowfish. I'm using the
EVP_* routines to initialize, encrypt, and decrypt. Variable-length data is
taken in from the client through stdin and sent to the server socket after
encryption. One question I have is how I clear what's already been
decrypted on the server-side from the buffer. It appears that the data I've
already read out of the buffer (post-decryption) is not being discarded,
thus when data is received, it starts back at the beginning and I get the
same data back. Any insight would be much appreciated!
On my client side, my code is (simplified)
EVP_EncryptInit(context,EVP_bf_cbc(),key,iv):
while(1) {
fgets(buffer,sizeof(buffer),stdin);
padBuffer(buffer,paddedBuffer); (my own routine just to pad to length that
is multiplier of 8-bytes)
writeBuffer=encrypt(context,paddedBuffer,strlen(paddedBuffer),i);
writeData=sendto(connfd,writeBuffer,strlen(writeBuffer),0,(struct sockaddr
*)serveraddress,sizeof(serveraddress));
}
and on the server side, my code is (simplified):
EVP_DecryptInit(context,EVP_bf_cbc(),key,iv);
while(1) {
dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL);
for (i=0;istrlen(readBuffer);i++) {
readBufferClear=decrypt(context,readBuffer+i,1);
if (readBufferClear!=0)
strncat(readBufferFinal,readBufferClear,strlen(readBufferClear));
}
unpadBuffer(readBufferFinal,readBufferPadded);
printf(cleartext=%s\n,readBufferPadded);
}
