[openssl-users] Two questions on OpenSSL EVP API

Paul Smith paul at mad-scientist.net
Wed Dec 19 07:01:07 UTC 2018


On Wed, 2018-12-19 at 08:57 +0300, Dmitry Belyavsky wrote:
> > I would have thought that the true maximum would be round-up(inl,
> > cipher_block_size); that is, for inl values 1-15 you'd get 16
> > bytes, and for inl values 16-31 you'd get 32 bytes, etc. (I'm not
> > actually sure whether inl of 16 gets you 16 or 32 bytes...)
> > 
> > Am I wrong about that?  Would some ciphers/modes write beyond the
> > end of the current "block" and into the next one?
> 
> When you use a block cipher and pass data less than block size, it is
> stored in the internal buffer.  In this case you do not get encrypted
> data until there is enough plain text to encrypt the full block.
> 
> When you add more data, if you pass enough data to finalize a
> previously unfinished block, you get more long ciphertext than
> plaintext passed in a particular call of CipherUpdate.

I see.  So you potentially need enough for an almost full previous
block, plus the current data.  That makes sense.

Thanks!



More information about the openssl-users mailing list