From: owner-openssl-us...@openssl.org On Behalf Of django...@gmail.com Sent: Wednesday, 17 December, 2008 11:34
Thanks very much for your input. That is what I suspected but I tried over and over again and I tried to be very careful. The code snippet I posted here suggests that the password isn't bad but the real problem is a "wrong final block length? Thats hard to believe also. That is why I posted my test key. Make sure you check the line number against the correct version of source. You can't be on the line with EVP_R_WRONG_FINAL_BLOCK_LENGTH because that would have displayed a different error text. You're on one of the two EVP_R_BAD_DECRYPT lines, both of which are checking padding. For typical symmetric encryption including this, that's the only known-checkable redundancy, and thus where wrong key (here wrong KEK derived from wrong passphrase) is first detected.
