Milton Calnek wrote:

On the last call to aes_key::encrypt_block(), size is less than 16, for some reason
AES_cbc_encrypt() has a seg fault when size is not the block size.

There are two options. The first is that rsyncrypto relies on openssl to pad the size, or it does so itself. Off the top of my head, I find it extremely unlikely that it is the first option. I distinctly remember designing the padding function, and doing reviews to make sure no insecurities are introduced through it (or, at the very least, as little insecurities as possible). As such, if you see rsyncrypto sending a partial buffer to be encrypted, I think it must be a problem in rsyncrypto itself and not in openssl.

The main function is: why should that happen?


Shachar Shemesh
Lingnu Open Source Consulting Ltd.