Hi

Within evp/evp_enc.c, function EVP_DecryptFinal_ex() it looks at the last
byte of any padding, then works backwards ensuring that all padding
characters are the same.  This is, I believe, conformant to PKCS#5.

However, this doesn't allow for other padding schemes such as that
specified in FIPS 81, Appendix C (CBC mode), which states that the padding
bytes between the end of the plaintext, and the last byte containing the
count can be any random data.  Although I realise that FIPS 81 is concered
with DES and CBC mode.

FIPS 81 could be implemented in EVP_DecryptFinal_ex() with a minor change,
and it wouldn't affect plain text padded with PKCS#5.  Alternatively a new
padding mode could be specified, where the additional PKCS#5 checks are
not made.  Of course, nothing could be done and I could put my padding
removal into the application layer.

I'd favour an additional padding scheme specified in the cipher context
flags.  I can make this change and submit a patch unless there are any
objections.  There may be a very good reason why this hasn't been done
already.

- DR

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to