Hi Within evp/evp_enc.c, function EVP_DecryptFinal_ex() it looks at the last byte of any padding, then works backwards ensuring that all padding characters are the same. This is, I believe, conformant to PKCS#5.
However, this doesn't allow for other padding schemes such as that specified in FIPS 81, Appendix C (CBC mode), which states that the padding bytes between the end of the plaintext, and the last byte containing the count can be any random data. Although I realise that FIPS 81 is concered with DES and CBC mode. FIPS 81 could be implemented in EVP_DecryptFinal_ex() with a minor change, and it wouldn't affect plain text padded with PKCS#5. Alternatively a new padding mode could be specified, where the additional PKCS#5 checks are not made. Of course, nothing could be done and I could put my padding removal into the application layer. I'd favour an additional padding scheme specified in the cipher context flags. I can make this change and submit a patch unless there are any objections. There may be a very good reason why this hasn't been done already. - DR ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]