A followup:
[levitte - Mon Jun 28 14:33:57 2004]:
> > At the end of the encryption process (in EVP_EncryptFinal_ex()) when
> the last
> > block is not fully used the rest of the buffer ctx->buf is filled
> with
> the
> > number of remaining (unused) bytes. This value is later on
> extracted
> during
> > decryption in EVP_DecryptFinal_ex(). If only decryption is used,
> then
> the
> > rest of the buffer is not filled with the padding value, hence the
> error
> > messages.
> >
> > This can be fixed as follows: buf_len is always = 0 when the message
> length is
> > a multiple of the block size. Therefore we need to test when
> decrypting the
> > final block whether buf_len = 0. If so, we can not take the number
> we
> have
> > left from the rest of the block as the block is full. The number we
> have left
> > is zero then (See patch attached).
>
> Your patch is flawed. At that point, there has been a test to check
> if
> ctx->buf_len is non-zero already, and an error is generated if it is.
> At the point of your patch, ctx->buf_len will *always* be zero.
>
> I think the real problem lies in apps/speed.c, which should set the
> EVP_CIPH_NO_PADDING flag for the decrypt tests (at the very least).
> The
> speed difference will be very small.
Please try the following patch, which did fix it for me:
Index: apps/speed.c
===================================================================
RCS file: /e/openssl/cvs/openssl/apps/speed.c,v
retrieving revision 1.83.2.17
diff -u -r1.83.2.17 speed.c
--- apps/speed.c 28 Jun 2004 12:23:40 -0000 1.83.2.17
+++ apps/speed.c 28 Jun 2004 12:49:24 -0000
@@ -1399,6 +1399,7 @@
EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
else
EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
Time_F(START);
if(decrypt)
--
Richard Levitte
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
