[openssl-dev] [openssl.org #4472] [PATCH] alllowing wrap mode using enc command
Michel via RT
rt at openssl.org
Fri Mar 25 19:53:35 UTC 2016
To be sure I understand you well (again, excuse my laborious english), do you think everything will work fine as expected, even using a BIO chain if, for Wrap and CCM modes only, we use a buffer as big as the data size to encrypt (with an upper limit), and we do not loop reading data (lines 604-612), and only work with 'regular' files (disable the use of stdin) ?
Michel.
-----Message d'origine-----
De : openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de Michel via RT
Envoyé : vendredi 25 mars 2016 17:49
Cc : openssl-dev at openssl.org
Objet : Re: [openssl-dev] [openssl.org #4472] [PATCH] alllowing wrap mode using enc command
Thank's Steve.
So, if I understand you correctly, we can assume that for files whose data size is lower than the buffer size - which we can adjust - it will always work. Right ?
If yes, it looks to me still better than not being able to use it at all.
And for big files, we could warn about this in the documentation.
Can I expect my patch to be applied as this anyway ?
Would you prefered I remove the part concerning the wrap mode ?
Thanks again for any advice,
Regards,
Michel
-----Message d'origine-----
De : Stephen Henson via RT [mailto:rt at openssl.org]
Envoy� : vendredi 25 mars 2016 14:15
� : michel.sales at free.fr
Cc : openssl-dev at openssl.org
Objet : [openssl.org #4472] [PATCH] alllowing wrap mode using enc command
The enc command uses a cipher BIO chain which requires that a cipher is able to stream. That means the output doesn't depend on how the input is presented:
e.g. all in one piece or one byte at a time.
The wrap modes by their very nature cannot stream and so cannot work easily with the enc command. It may work for some cases but if buffers fill and you end up getting data in more than one piece the result is different. There are other modes which have problem with streaming too such as CCM.
I think supporting wrap modes in the 'enc' utility is a good idea but it unfortunately requires rather more significant changes to bypass the cipher BIO mechanism and present the data in a single operation where required. That would also mean things like chaining (base64 operations) cannot work.
We support tests already in evptests.txt: some additions in there would be welcome.
Steve.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4472
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4472
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list