> -----Original Message-----
> From: Richard Levitte [mailto:richard@levitte.org]
> Sent: Wednesday, March 12, 2008 7:21 PM
> To: openssl-users@openssl.org; Xu, Qiang (FXSGSC)
> Subject: Re: crypto library in openssl
>
> Note: openssl-dev is inappropriate, as it is meant for the
> _development_ _of_ OpenSSL. Your inquiry is about the _use_
> of OpenSSL, making openssl-users much more appropriate. I'm
> therefore redirecting it there.


Thanks for redirecting me to the correct group. I didn't realized it yester=
day.

> You're doing three mistakes:
>
> 1. you're assuming the EVP routines treat your data as character
> strings. That's incorrect, it treats them as binary blobs. Any of
> the bytes in that blob can be zero, and apparently, you're getting
> a result that starts with a zero byte.


Just got to understand this a little bit. Sorry for my slowness.

> 2. you're not using the resulting length from the EVP routines. Doing
> so will give you correct answer, strlen() is not guaranteed to do
> that (it will only give you the correct answer if you have no zero
> byte anywhere in the result).


Could you give me any suggestions to improve the code the decrypt the passw=
ord? How to check the resulting length from EVP routines?

> 3. you're also not checking the returned result from the EVP routines.


If the result of decryption has zero bytes in it, how can I get the correct=
char string from it? My idea is to check the byte in the resulting length =
from EVP routines, and rip the zeros of the result. Is it feasible?

Thanks a lot,
Xu Qiang
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org