I tried it on a Solaris with cc and got the crash. Changing the BUFSIZE did not help (I tried doubling and quadrupling it). The crash on Solaris actually occurred in RSA_free() at the end and may be because error handling is deficient in the earlier routines. I was getting additional error messages that the PRNG had not been adequately seeded. I noticed that RAND_seed is called for DSA but not RSA so added a RAND_seed() call at the start of MAIN() with a "fake" seed key and the crash went away. I had seen this before in other areas: a SIGSEGV fault if random seeding is not done (by the user app, obviously). I still got the EVP bad decrypt errors but you have explained that and I will try your solution. Chris Brook
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roman Pletka Sent: Wednesday, June 23, 2004 7:24 PM To: Jack Lloyd Cc: [EMAIL PROTECTED] Subject: Re: Segfault in speed measurements with aes ecb decrypt Jack Lloyd wrote: > Hmm. If you increase BUFSIZE in speed.c, the segfaults go away, but it still > complains about bad decrypts. Yes, increasing the buffer size fixes this. > As for the bad decrypt errors - seems to be something else. If you modify it to > only test with 3 different buffer sizes, you get only three 'bad decrypt' > errors. Suspicious. > At the end of the encryption process (in EVP_EncryptFinal_ex()) when the last block is not fully used the rest of the buffer ctx->buf is filled with the number of remaining (unused) bytes. This value is later on extracted during decryption in EVP_DecryptFinal_ex(). If only decryption is used, then the rest of the buffer is not filled with the padding value, hence the error messages. This can be fixed as follows: buf_len is always = 0 when the message length is a multiple of the block size. Therefore we need to test when decrypting the final block whether buf_len = 0. If so, we can not take the number we have left from the rest of the block as the block is full. The number we have left is zero then (See patch attached). Thanks all of you guys who helped me on this! -- Roman ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]