OpenSSL RC4

Discussion in 'Mac Programming' started by hiddenpremise, Jul 23, 2010.

  1. hiddenpremise macrumors regular

    hiddenpremise

    Joined:
    Jul 25, 2008
    Location:
    Somewhere between my imagination and reality
    #1
    I am trying to write an obj-c wrapper for encrypting and decrypting text files (300-1000 lines) in RC4, but am running into an issue with the openssl implementation of the alleged rc4 algorithm. I can't seem to get it to work reliably. The output is rather finicky. I can always get it to encrypt and decrypt something, but rarely a decent sized string. I have attached an example project and you will see that I put a 191 character string into it and when it decrypts it loses the last 76 characters. It is bizarre where it chooses to cut off. I have had it cut strings off at 12 characters before. If anyone has any clues as to why this is happening or where I have messed up, I would greatly appreciate the help.

    Thank you,
    Whit

    LINK TO PROJECT
     
  2. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #2
    The encrypted output of a cipher is a series of random-looking bytes. One possible output byte value is 0x00. Therefore, you cannot treat encrypted output as a nul-terminated C string. You can't treat it as UTF-8, either.

    Is this the problem? I'm not sure. It's just one of several potential problems I saw in your code. The most glaring of those other problems involve potential buffer overruns.

    Also, from the RC4 man page:
    Applications should use the higher level functions EVP_EncryptInit(3)
    etc. instead of calling the RC4 functions directly.
     
  3. hiddenpremise thread starter macrumors regular

    hiddenpremise

    Joined:
    Jul 25, 2008
    Location:
    Somewhere between my imagination and reality
    #3
    Thanks chown :)

    Unfortunately I don't think I have a good enough grip on the language to implement EVP.
     

Share This Page