Jack Lloyd wrote:
Hmm. If you increase BUFSIZE in speed.c, the segfaults go away, but it still
complains about bad decrypts.
Yes, increasing the buffer size fixes this.
As for the bad decrypt errors - seems to be something else. If you modify it to only test with 3 different buffer sizes, you get only three 'bad decrypt' errors. Suspicious.
At the end of the encryption process (in EVP_EncryptFinal_ex()) when the last block is not fully used the rest of the buffer ctx->buf is filled with the number of remaining (unused) bytes. This value is later on extracted during decryption in EVP_DecryptFinal_ex(). If only decryption is used, then the rest of the buffer is not filled with the padding value, hence the error messages.
This can be fixed as follows: buf_len is always = 0 when the message length is a multiple of the block size. Therefore we need to test when decrypting the final block whether buf_len = 0. If so, we can not take the number we have left from the rest of the block as the block is full. The number we have left is zero then (See patch attached).
Thanks all of you guys who helped me on this!
-- Roman
--- crypto/evp/evp_enc.c.orig 2004-06-23 17:02:13.000000000 +0200
+++ crypto/evp/evp_enc.c 2004-06-24 01:12:02.000000000 +0200
@@ -444,7 +444,10 @@
return(0);
}
OPENSSL_assert(b <= sizeof ctx->final);
- n=ctx->final[b-1];
+ if (ctx->buf_len)
+ n=ctx->final[b-1];
+ else
+ n=0;
if (n > b)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
--- apps/speed.c 2004-06-23 22:44:21.000000000 +0200
+++ apps/speed.c.orig 2004-06-23 22:14:12.000000000 +0200
@@ -210,7 +210,7 @@
#endif
#undef BUFSIZE
-#define BUFSIZE ((long)1024*9+1)
+#define BUFSIZE ((long)1024*8+1)
int run=0;
static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0;
pgpNIQfSeQIic.pgp
Description: PGP signature
