Hello, > In continuation with the error we have motioned before we have the > below query:- > > If an SSL record has no padding bytes then how does openSSL handle it? If we are talking about block cipher used to establish SSL connection like DES or AES then padding is always used. When any side (client or server) wants to send some data to peer then first write MAC is calculated and appended to data, next padding is added to ensure that total length of data+mac+pad is multiple of cipher block size. After that, data+mac+pad is encrypted, SSL record header is added and all this is sent to peer. Peer should check that record data is multiple of cipher block size, decrypt record data, get last byte of decrypted data and treat this byte as a pad (which tells how many bytes to ignore from end of decrypted data). > Does openSSL consider it as bad padding? If record data is multiple of cipher block size then after decryption last byte of data is always treated as pad. If this byte is bigger then record data then we have bad padding. If this byte is bigger then cipher block size for SSL3 then we have bad padding. For TLS1 this byte (padding) may be up to 255.
One more information: if your data+mac is already multiple of cipher block size then padding process adds next block with all bytes equal to block size. For example if you use DES (block size 8) and after adding mac you get 24 bytes of data then after padding you will have 32 bytes of data: |data+mac|0x08|0x08|0x08|0x08|0x08|0x08|0x08|0x08| But bad padding you may get for example when decryption is performed with bad key/iv. > In case openSSL handles this kindly mention us in which files of the > code we can find it? You may look at ssl/s3_pkt.c, ssl/s3_enc.c Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
