[openssl-dev] Block cipher padding modes
Victor Wagner
vitus at wagner.pp.ru
Sat Sep 19 18:17:13 UTC 2015
Hi,
There are several standards which define padding for block ciphers.
OpenSSL currently implements only PKCS#7 padding mode.
For some reasons I need to use ISO/IEC 7816-4 padding, and hope to get
this patch accepted into OpenSSL.
Now we have EVP_CIPHER_CTX_set_padding function which accepts integer
argument and with zero it disables padding and with non-sero enables it.
Obvois idea for more flexible interface is to define some integer
constants
#define PADDING_PKCS7 1
#define PADDING_ISO7816 2
#define PADDING_ANSI_X_923 3
etc
etc and make EVP_CIPHER_CTX_set_padding recognize this constants and
complain about any other values. Default should be left PKCS7_PADDING
I doubt that there is some code around there that would be broken by
this interface change.
But to maintain stricter backward compatibility it is possible to define
EVP_CIPHER_CTX_set_padding_ex function, which would set padding mode
according to this constants and leave EVP_CIPHER_CTX_set_padding with
current semantics - set PCKS7 padding on any non-zero argument.
Which interface is better?
More information about the openssl-dev
mailing list