Encrypted values are byte arrays, not strings. They may contain null
characters. So you can't use strlen(). It's a common error.

G.


-----Original Message-----
From: owner-openssl-dev@openssl.org
[mailtowner-openssl-dev@openssl.org] On Behalf Of Xu, Qiang (FXSGSC)
Sent: 12 March 2008 08:26
To: openssl-dev@openssl.org
Cc: openssl-users@openssl.org
Subject: crypto library in openssl

Hi, all:

I come across a problem in using crypto library in OpenSSL.

We are using EVP_DecryptInit(), EVP_DecryptUpdate(), and
EVP_DecryptFinal() to do the decryption of the user's password after the
user logs in. However, I just found when the user's password is
"$elkins02", the decrypted string will be empty one (whose strlen() =
=3D=3D
0).

I have changed the user's password to "$dlkins02", "$flkins02", and
"$Elkins02", and all of them can be decypted correctly. So I suspect
crypto library can't handle the substring "$e" in password. But another
password "$eFair123" can be decrypted correctly. I am really at a loss
what combination will cause the crypto library unable to decrypt
password.

Anyone has spotted the problem before? We are using OpenSSL 0.9.7a.

Any suggestion is welcome,
Xu Qiang
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org