Attached is a patch (against 0.9.8d) that implements the "ciphertext stealing" mechanism in EVP to handle partial block at the end of a message. A few things to note:
1. The EVP interface remains the same (except for the addition of EVP_CIPHER_CTX_set_cts()), and the default behavior also remains the same (which is to use padding to handle partial block at the end). In other words, it is completely backward compatible with the current EVP. 2. To use ciphertext stealing, a user of EVP calls EVP_CIPHER_CTX_set_cts() to enable it. Once enabled, usage of the encrypt/decrypt functions are exactly the same as before. 3. Some basic tests are implemented as part of the evp_test.c test program, and test cases with different encryption algorithms are added to the default list in evptests.txt. Please let me know if you find any problems or have any suggestions. Thanks! An-Cheng
cts-11.patch
Description: Binary data
