"num" parameter and expected output buffer size in EVP_CipherUpdate

Michel michel.sales at online.fr
Thu Dec 15 20:19:27 UTC 2022

> This gives a range and I'm looking for exact value. 

Ha, OK. I missed that.
But don't you think that an exact value smaller than the 
cipher block size might look like an hazardous 'optimization', 
for a very hypothetical gain ?

I don't know much about EVP_CIPHER_CTX_num() use case, 
looks new to me (OpenSSL version > 3 ?),



-----Message d'origine-----

This gives a range and I'm looking for exact value. That value can be 
calculated using Matt's description [0]. I'm wondering if that can be 
done without keeping external state, just using cipher API.

The "num" parameter looked like exactly what I was looking for but 
either I'm holding it wrong or I misunderstood its purpose.

The use case I have in mind is to provide safe API that checks if the 
client provided buffer big enough for next call to CipherUpdate. In some 
cases, for example when encrypting data block by block by the client, 
the output buffer of one block is sufficient.

I hope that clarifies the use case I have in mind.

Have a nice day!

Kind regards,


More information about the openssl-users mailing list