shadedecho
Programmer
so, I have the need to do the following: from a c++ program, i need to take a string inputted (on the command line for instance), encrypt it (i chose 3DES as my algorithm), and stick the encrypted value (and the randomly generated string key used in the encryption) in a mysql DB table.
Then, either in the same program or another one, retrieve the value (and key) and unencrypt it. I have a lot of this working, but if I run the program about 200 times, it fails about 2-5 times, so the 1-3% error rate is what I'm trying to track down and eliminate, as this application must be completely free from failures.
Even though there is some encryption stuff going on here, I have verified the problem is *not* with that code, but with the escaping/insertion/retrieval of the strings in the mysql calls.
this is with mysql 4.0.24, using gcc version 3.3.5 (Debian 1:3.3.5-13), and the libmysqlclient 10.0.0 version (i believe).
so here's a basic idea of how I'm doing this (i've simplified this a little bit, but this is the general pattern of the code):
so, basically, i encrypt a number with a key, escape that encrypted string, stick it in a varchar(255) column, retrieve it, and unencrypt it. during retrieval, it is noticed that the encrypted string before and after the mysql operation sometimes differs, which identifies the source of the problem.
i've also tested that it's not the creation of the query_str through sprintf() that causes the problem, as the escaped string goes through sprintf without modification.
any ideas?
Then, either in the same program or another one, retrieve the value (and key) and unencrypt it. I have a lot of this working, but if I run the program about 200 times, it fails about 2-5 times, so the 1-3% error rate is what I'm trying to track down and eliminate, as this application must be completely free from failures.
Even though there is some encryption stuff going on here, I have verified the problem is *not* with that code, but with the escaping/insertion/retrieval of the strings in the mysql calls.
this is with mysql 4.0.24, using gcc version 3.3.5 (Debian 1:3.3.5-13), and the libmysqlclient 10.0.0 version (i believe).
so here's a basic idea of how I'm doing this (i've simplified this a little bit, but this is the general pattern of the code):
Code:
string p = argv[1];
char* iv_str = "abcdefgh"; // assign any random string ==> iv_str not actually used by 3DES in ECB mode
string key = "sdkfjnsdlkjnsdfsdftytiyu"; // random string of chars
int key_len = key.length(); // for 3DES, 24 bytes long
MCRYPT td = mcrypt_module_open(MCRYPT_3DES, NULL, MCRYPT_ECB, NULL);
int block_size = 8; // 3DES has blocksize of 8
int data_len = p.length();
int real_data_size = ((data_len / block_size) + 1) * block_size; // because 3DES is a block algorithm, needs data in whole blocks, so find next highest block size >= data_len
char* p_str = (char*)malloc(real_data_size + 1);
memset(p_str,0,real_data_size + 1);
memcpy(p_str,(char*)p.c_str(),p.length()); // put contents of p into p_str, for use by mcrypt functions
mcrypt_generic_init(td, (char*)(key.c_str()), key_len, iv_str);
mcrypt_generic(td, p_str, data_size);
mcrypt_generic_deinit(td);
MYSQL mysql;
MYSQL_RES *result;
MYSQL_ROW row;
mysql_real_connect(&mysql, "", "", "", "", 0, "", 0); // real values removed for security
mysql_init(&mysql);
char* p_esc = (char*)malloc(256); // plenty big enough for any escaping chars to be added to string
memset(p_esc,0,256);
int p_esc_len = mysql_real_escape_string(&mysql,p_esc,p_str,data_size);
char* query_str = (char*)malloc(1024);
memset(query_str,0,1024);
int query_len = sprintf(query_str,"insert into my_table values ('%*s')",p_esc_len,p_esc);
mysql_real_query(&mysql,query_str,query_len);
memset(query_str,0,1024);
query_len = sprintf(query_str,"select * from my_table");
mysql_real_query(&mysql,query_str,query_len);
result = mysql_store_result(&mysql);
row = mysql_fetch_row(result);
if (strcmp((char*)row[0],p_str) != 0) {
cout << "inserted/retrieved values don't match." << endl; // the retrieved value differs from what was put into the insert statement about 2% of the time.
}
mcrypt_generic_init(td, (char*)(key.c_str()), key_len, iv_str);
mdecrypt_generic(td, row[0], data_size);
mcrypt_generic_deinit(td);
cout << row[0] << endl; // this should be unencrypted everytime, but it fails obviously when the retrieved value is wrong
so, basically, i encrypt a number with a key, escape that encrypted string, stick it in a varchar(255) column, retrieve it, and unencrypt it. during retrieval, it is noticed that the encrypted string before and after the mysql operation sometimes differs, which identifies the source of the problem.
i've also tested that it's not the creation of the query_str through sprintf() that causes the problem, as the escaped string goes through sprintf without modification.
any ideas?