Output buffer length in EVP_EncryptUpdate for ECB mode
Wiktor Kwapisiewicz
wiktor at metacode.biz
Thu Nov 3 14:21:53 UTC 2022
Hello,
I'd like to clarify one aspect of the API regarding EVP_EncryptUpdate
[0] that is the length of the output buffer that should be passed to
that function ("out" parameter). (Actually I'm using EVP_CipherUpdate
but the docs are more comprehensive for EVP_EncryptUpdate).
[0]: https://www.openssl.org/docs/manmaster/man3/EVP_EncryptUpdate.html
For the record I'm using AES-128 cipher in ECB mode and the docs say:
> For most ciphers and modes, the amount of data written can be
> anything from zero bytes to (inl + cipher_block_size - 1) bytes. For
> wrap cipher modes, the amount of data written can be anything from
> zero bytes to (inl + cipher_block_size) bytes. For stream ciphers,
> the amount of data written can be anything from zero bytes to inl
> bytes.
AES-128-ECB doesn't appear to be a stream cipher (since the "block size"
returns 16 not the magical value of 1) and I'm unable to find any
mentions of "wrap cipher modes" in search engines. Apparently ECB is a
block cipher mode.
Does that mean that "wrap cipher modes" == "block cipher modes"?
Is there any documentation I could read on the reasoning of why a space
for additional block is needed in this case ("(inl + cipher_block_size)
bytes")? I'm trying to understand the differences between OpenSSL and
other cryptographic backends in an OpenPGP library [1].
Thank you for your time and help!
Kind regards,
Wiktor
[1]:
https://gitlab.com/sequoia-pgp/sequoia/-/merge_requests/1361#note_1150958453
More information about the openssl-users
mailing list