Hello.
I'm using OpenSSL in an architecture which requires me to perform
encryption and decryption locally.
The decryption function gets a buffer which was encrypted on the other
side of the connection.
The encryption/decryption process usually works fine, but for the case
where the buffer contains a partial cipher block.
I guess my issue boils down to this:
Let s be an SSL object and buf be a memory buffer or encrypted data.
What I do in order to decrypt it (minus error handling, thread safety,
memory safety, etc.) is along the lines of
int decDataBufSize = 1000000; //approximation of length of decrypted
data
int8_t* decData = (int8_t*)malloc(decDataBufSize*sizeof(int8_t)); //room
for the decrypted data to be written into
BIO* bio = BIO_new_mem_buf(encData, decDataBufSize); //set up BIO
pointing to the encrypted data
int decDataLength;
BIO_set_close(bio, BIO_NOCLOSE); //This means OpenSSL doesn't try to
free the encrypted data buffer
int totalDecData = 0;
for(int remaining_length = buffie->getBuffer()->limit() ;
remaining_length > 0 ; )
{
SSL_set_bio(ssl, bio, bio);
remaining_length -= BIO_pending(bio);
int decDataLength = SSL_read(ssl, decData +
totalDecData, decDataBufSize - totalDecData);
totalDecData += decDataLength;
remaining_length += BIO_pending(bio);
}
return decData;
This seems to be working fine but for the case where I have a part of a
block in the buffer.
I know that, had I worked with a socket instead of a memory BIO, I'd get
an SSL_ERROR_WANT_READ, but in my case I get a most laconic
SSL_ERROR_SSL (decryption failed or bad record mac).
Is there any way I could verify in advance that I have a full block?
Thanks in advance
Shai
