"num" parameter and expected output buffer size in EVP_CipherUpdate

Wiktor Kwapisiewicz wiktor at metacode.biz
Thu Dec 15 19:44:05 UTC 2022

Hi Michel,

On 15.12.2022 19:17, Michel wrote:
> ///"the amount of data written can be anything from zero bytes to (inl + 
> cipher_block_size) bytes"/(at a maximum)
> what you are asking for ?
> Resulting in///cipher_block_size/bytesneeded (at max, may be 0) when 
> callingEVP_CipherFinal() ?
> “///The encrypted final data is written to////out////which should have 
> sufficient space for one cipher block/”.

This gives a range and I'm looking for exact value. That value can be 
calculated using Matt's description [0]. I'm wondering if that can be 
done without keeping external state, just using cipher API.

The "num" parameter looked like exactly what I was looking for but 
either I'm holding it wrong or I misunderstood its purpose.

The use case I have in mind is to provide safe API that checks if the 
client provided buffer big enough for next call to CipherUpdate. In some 
cases, for example when encrypting data block by block by the client, 
the output buffer of one block is sufficient.

I hope that clarifies the use case I have in mind.

Have a nice day!

Kind regards,


More information about the openssl-users mailing list