Hi, I've received the attached patch to make EVP_DecryptFinal_ex call EVPerr() in case of an error.
I'm not sure if not calling EVPerr() is intentional or not. Background: http://bugs.debian.org/768681, nodejs's test suite fails because it's not getting the error anymore. Kurt
From: William Bonnet <wllmb...@gmail.com> Date: Sun, 16 Nov 2014 13:55:32 +0100 Subject: [PATCH] Fix for missing Bad Decrypt error code in EVP_DecryptFinal_ex function. When returning padding_good, the EVPerr is not called before returning zero, leading to an undefined error code. --- crypto/evp/evp_enc.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 2f121ff..1a22584 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -546,6 +546,16 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) out[i] = ctx->final[i] & padding_good; /* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */ *outl = padding_good & ((unsigned char)(b - pad)); + + /* + * If the padding_good variable is 0 then a decryption problem occured + * and we have to call EVPerr before returning 0 + */ + if ((padding_good & 1) == 0) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); + } + return padding_good & 1; } else -- 2.1.1