I'm traced a problem in an application to what seems to be a bug in the implementation of BIO_pending and/or BIO_eof for the cipher BIO (bio_enc.c) in decryption mode.
If I understand this code correctly (and I'm not absolutely certain that I do), the cipher BIO can reach a state where it has exhausted the "next BIO" from which it is reading and produced the final full decrypted block from its internal buffer (leaving it empty), but a partial block remains to be decrypted in the cipher context. This is the state where the next call to BIO_read will result in EVP_CipherFinal_ex being called. In this state BIO_pending returns 0 and BIO_eof returns 1. It seems to me that at least one of these results, if not both, are incorrect, because at this point a call to BIO_read will in fact succeed and produce the last decrypted bytes. I guess the traditional thing to do is ignore the eof and pending APIs and just see if BIO_read can read anything. But my application relies on being able to detect EOF without needing to attempt a read. Is there another solution? Thanks, John ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
