"num" parameter and expected output buffer size in EVP_CipherUpdate
wiktor at metacode.biz
Fri Dec 16 09:51:23 UTC 2022
On 15.12.2022 21:19, Michel wrote:
> But don't you think that an exact value smaller than the
> cipher block size might look like an hazardous 'optimization',
> for a very hypothetical gain ?
The maximum possible output buffer size is *twice* the block size (due
to any partial blocks that may have been updated previously). As I'm
updating the cipher block by block output buffer size equal to block
size should be sufficient.
> I don't know much about EVP_CIPHER_CTX_num() use case,
> looks new to me (OpenSSL version > 3 ?),
It was introduced in 1.1.0 in this commit:
> commit 83b06347023a573433b6aa23c8042f89df869f9e
> Author: Richard Levitte <levitte at openssl.org>
> Date: Sun Dec 13 21:25:42 2015 +0100
> Add accessors and writers for EVP_CIPHER_CTX
> New functions:
> - EVP_CIPHER_CTX_encrypting()
> - EVP_CIPHER_CTX_iv()
> - EVP_CIPHER_CTX_iv_noconst()
> - EVP_CIPHER_CTX_original_iv()
> - EVP_CIPHER_CTX_buf_noconst()
> - EVP_CIPHER_CTX_num()
> - EVP_CIPHER_CTX_set_num()
> - EVP_CIPHER_CTX_cipher_data()
but it appears it's not widely used outside of OpenSSL's internals (at
least I didn't get any meaningful search results).
Thanks for your time!
More information about the openssl-users