I'm traced a problem in an application to what seems to be a bug in the
implementation of BIO_pending and/or BIO_eof for the cipher BIO
(bio_enc.c) in decryption mode.

If I understand this code correctly (and I'm not absolutely certain that
I do), the cipher BIO can reach a state where it has exhausted the "next
BIO" from which it is reading and produced the final full decrypted
block from its internal buffer (leaving it empty), but a partial block
remains to be decrypted in the cipher context. This is the state where
the next call to BIO_read will result in EVP_CipherFinal_ex being

In this state BIO_pending returns 0 and BIO_eof returns 1. It seems to
me that at least one of these results, if not both, are incorrect,
because at this point a call to BIO_read will in fact succeed and
produce the last decrypted bytes.

I guess the traditional thing to do is ignore the eof and pending APIs
and just see if BIO_read can read anything. But my application relies on
being able to detect EOF without needing to attempt a read. Is there
another solution?

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org