On Thu, Oct 17, 2002 at 10:24:01PM +0200, Richard Levitte - VMS Whacker wrote:
> To make it easier to understand what you're talking about, it would be
> good to use terms like CFB-8, i.e. where the block size (in bits) is
> included in the identity.
Okay. To make things clearer: I'm working on some code that processes
PGP encrypted data. PGP uses CFB in the following fashion:
encrypt IV
XOR blocksize worth of ciphertext with IV to produce plain text
set IV to cipher text
encrypt IV
...
Not sure if this is called CFB8 - I guess it is but even Schneier isn't
totally clear on that, IMHO.
At any rate, PGP doesn't pad its data to a multiple of the block
size. (In fact, some of the algorithms even rely on being able to stop
in the middle of a block and "resynchronize" by setting the IV to the
last block size worth of cipher text.)
With 0.9.6, decrypting an odd number of octets worked, whereas in 0.9.7
it doesn't.
As you suggested, allowing to call EVP_DecryptFinal even if the number
of bytes provided is not a full block should cure these problems.
I have no problem either if OpenSSL 0.9.7 changes the default
behavior of EVP_xxx_cfb() but provides EVP_xxx_cfb8() for those who
need it.
Olaf
--
Olaf Kirch | Anyone who has had to work with X.509 has probably
[EMAIL PROTECTED] | experienced what can best be described as
---------------+ ISO water torture. -- Peter Gutmann
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
