You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by bu...@apache.org on 2010/04/18 12:09:59 UTC

DO NOT REPLY [Bug 49148] New: OpenSSL:SymmetricKey::decryptFinish - Out of range padding value in final block

https://issues.apache.org/bugzilla/show_bug.cgi?id=49148

           Summary: OpenSSL:SymmetricKey::decryptFinish - Out of range
                    padding value in final block
           Product: Security
           Version: C++ 1.5.1
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encryption
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: jeremy.coulon@free.fr


Created an attachment (id=25322)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=25322)
Patch

Hello,

I started using XML Security (C++) in my own project a few days ago.
I am using the svn latest version.

I created a simple command line tool based on simpleEncrypt and simpleDecrypt
examples.
My goal is to create a small utility for encrypting/decrypting xml files with
AES256_CBC (randomly generated key) and RSA_15 Public/Private keys (loaded from
PEM files).

I ran into an error when I tried decrypting my previously encrypted xml file :
An error occurred during an encryption operation
Message: OpenSSL:SymmetricKey::decryptFinish - Out of range padding value in
final block

I used valgrind to track down the problem and it seems to be related to the use
of uninitilised value during both encrypting and decrypting.

A patch is available in attachment that fixes my problem.
The main problem is in XSECSafeBuffer.cpp
The 2 other files modification are just small memory leaks.

Please let me know if something is wrong with my patch.

Thanks.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

DO NOT REPLY [Bug 49148] OpenSSL:SymmetricKey::decryptFinish - Out of range padding value in final block

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=49148

Scott Cantor <ca...@osu.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #1 from Scott Cantor <ca...@osu.edu> 2010-04-19 10:36:59 EDT ---
http://svn.apache.org/viewvc?view=revision&revision=935593

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.