On Fri, Mar 14, 2003, Brian Hatch wrote: > > > (Note: this question is completely unrelated to the previous > re-keying one, since I've taken out the re-key code for now.) > > I have a socket bio to which I'd like to attach an decrypting > bio for reading and encrypting bio for writing. When I attempt > this I get the following error roughly 22% of the time on the > first BIO_read: > > > BIO_read(bio, buf, 8) > > BIO_read returns -1 > BIO_should_retry is false > error:0606506D:digital envelope routines:EVP_DecryptFinal: > wrong final block length:evp_enc.c:423: > > > This is using blowfish with a blocksize of 8 chars, there are actually > at least 24 bytes in the stream, so there's plenty of data for mac > checks. > > I ran ethereal to watch the data being sent from the client, and it's > identical, yet 1/5 the time the 'final block length' problem pops up. >
BIO_f_cipher() BIOs have a bug in them which makes them mess up when used in conjunction with non blocking I/O or any circumstance where a read/write might not process the same number of bytes as requested. This is largely because BIO_f_cipher() BIOs have been largely unchanged since the dawn of time [*] and never tested in this way. I found this out recently when I was messing around with the non blocking I/O test BIO and the they failed rather badly. Base64 BIOs have similar problems but digest BIOs seem to be OK AFAICs. I've checked in a fix for cipher BIOs which should be in any current stable snapshot, its a trivial fix. The base64 fix was rather more drastic so its only in 0.9.8 in case it breaks something else. I suggest you get the latest stable snapshot and try that out. Steve. [*] Well SSLeay which feels like the dawn of time to some of us. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
