[openssl-dev] [openssl.org #4472] [PATCH] alllowing wrap mode using enc command

Michel via RT rt at openssl.org
Fri Mar 25 16:48:37 UTC 2016

Thank's Steve.

So, if I understand you correctly, we can assume that for files whose data size is lower than the buffer size - which we can adjust - it will always work. Right ?
If yes, it looks to me still better than not being able to use it at all.
And for big files, we could warn about this in the documentation.

Can I expect my patch to be applied as this anyway ?
Would you prefered I remove the part concerning the wrap mode ?

Thanks again for any advice,



-----Message d'origine-----
De : Stephen Henson via RT [mailto:rt at openssl.org] 
Envoyé : vendredi 25 mars 2016 14:15
À : michel.sales at free.fr
Cc : openssl-dev at openssl.org
Objet : [openssl.org #4472] [PATCH] alllowing wrap mode using enc command

The enc command uses a cipher BIO chain which requires that a cipher is able to stream. That means the output doesn't depend on how the input is presented:
e.g. all in one piece or one byte at a time.

The wrap modes by their very nature cannot stream and so cannot work easily with the enc command. It may work for some cases but if buffers fill and you end up getting data in more than one piece the result is different. There are other modes which have problem with streaming too such as CCM.

I think supporting wrap modes in the 'enc' utility is a good idea but it unfortunately requires rather more significant changes to bypass the cipher BIO mechanism and present the data in a single operation where required. That would also mean things like chaining (base64 operations) cannot work.

We support tests already in evptests.txt: some additions in there would be welcome.


Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4472
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list