> From: [email protected] On Behalf Of Chenchu, Rakesh R > Sent: Thursday, 26 May, 2011 14:46
> Recently we identified a following issue when snmpwalk is being done on some tables: > The problem is in freebsd crypto function - EVP_DecryptFinal_ex(). > (n == 0) is a valid case for some OIDs. No it's not. When using PKCS5 padding, which is what this is checking (and is the default), 0 is illegal. > I have ... [output before DecryptFinal] <compressed> > Rakesh final:21 1 25 1 1 0 5 0 <---- last byte (n==0) > This is working tables : > Rakesh final:5 0 6 6 6 6 6 6 <---- (n==6) > Your thoughts? That 5,0 is apparently an ASN.1 NULL encoded after your OID (snipped). Thus the 0 is part of the plaintext, not padding. Either the encryptor is not padding correctly for the n=8 (= exact block for DES) case, or something along the path is dropping the last block of ciphertext (which here is all padding). ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
