[openssl-users] Two questions on OpenSSL EVP API
Paul Smith
paul at mad-scientist.net
Wed Dec 19 07:01:07 UTC 2018
On Wed, 2018-12-19 at 08:57 +0300, Dmitry Belyavsky wrote:
> > I would have thought that the true maximum would be round-up(inl,
> > cipher_block_size); that is, for inl values 1-15 you'd get 16
> > bytes, and for inl values 16-31 you'd get 32 bytes, etc. (I'm not
> > actually sure whether inl of 16 gets you 16 or 32 bytes...)
> >
> > Am I wrong about that? Would some ciphers/modes write beyond the
> > end of the current "block" and into the next one?
>
> When you use a block cipher and pass data less than block size, it is
> stored in the internal buffer. In this case you do not get encrypted
> data until there is enough plain text to encrypt the full block.
>
> When you add more data, if you pass enough data to finalize a
> previously unfinished block, you get more long ciphertext than
> plaintext passed in a particular call of CipherUpdate.
I see. So you potentially need enough for an almost full previous
block, plus the current data. That makes sense.
Thanks!
More information about the openssl-users
mailing list