Fix for a bug which meant encrypting BIOs sometimes wouldn't read the final

block.

diff --git a/CHANGES b/CHANGES
index 5ad39ca2bdc4394947f9d0000f89271fa0782b28..a3a8f2823badcf0f7d7f0988479f9429bc7292b6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 

+  *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first data
+     read consists of only the final block it would not decrypted because
+     EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
+     A misplaced 'break' also meant the decrypted final block might not be
+     copied until the next read.
+     [Steve Henson]
+

   *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
      a few extra parameters to the DH structure: these will be useful if
      for example we want the value of 'q' or implement X9.42 DH.
   *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
      a few extra parameters to the DH structure: these will be useful if
      for example we want the value of 'q' or implement X9.42 DH.

diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index 0a7b1ecf07cb11309e1321992c494daeea1649b2..36a601897d37c7714dc757aec5d294f7fefe36d7 100644 (file)
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -184,9 +184,11 @@ static int enc_read(BIO *b, char *out, int outl)
                                ctx->ok=i;
                                ctx->buf_off=0;
                                }
                                ctx->ok=i;
                                ctx->buf_off=0;
                                }

-                       else
+                       else 
+                               {

                                ret=(ret == 0)?i:ret;
                                ret=(ret == 0)?i:ret;

-                       break;
+                               break;
+                               }

                        }
                else
                        {
                        }
                else
                        {


@@ -194,13 +196,19 @@ static int enc_read(BIO *b, char *out, int outl)
                                (unsigned char *)ctx->buf,&ctx->buf_len,
                                (unsigned char *)&(ctx->buf[8]),i);
                        ctx->cont=1;
                                (unsigned char *)ctx->buf,&ctx->buf_len,
                                (unsigned char *)&(ctx->buf[8]),i);
                        ctx->cont=1;

+                       /* Note: it is possible for EVP_CipherUpdate to
+                        * decrypt zero bytes because this is or looks like
+                        * the final block: if this happens we should retry
+                        * and either read more data or decrypt the final
+                        * block
+                        */
+                       if(ctx->buf_len == 0) continue;

                        }
 
                if (ctx->buf_len <= outl)
                        i=ctx->buf_len;
                else
                        i=outl;
                        }
 
                if (ctx->buf_len <= outl)
                        i=ctx->buf_len;
                else
                        i=outl;

-

                if (i <= 0) break;
                memcpy(out,ctx->buf,i);
                ret+=i;
                if (i <= 0) break;
                memcpy(out,ctx->buf,i);
                ret+=i;