I'm very new to using OpenSSL so I'm hoping someone could please confirm whether my understanding of how the EVP_encryptUpdate() and EVP_EncryptFinal() methods work in relation to the required size of the output buffer.
I'm using DES so the cipher block size is 8 bytes. Padding is enabled. I know that if the input buffer is 14 bytes, then by calling EVP_EncryptUpdate the first 8 bytes will get encrypted, leaving 6 bytes remaining in the internal buffer. When EVP_encryptFinal these 6 bytes are encrypted and 2 padding bytes will be applied. But at this point I've been told two different things and I'm not sure if either is correct... 1. The minimum output buffer for the complete encrypted packet would be 24 bytes = 14 bytes encrypted data + 2 padding bytes + 1 extra (8 byte) cipher block used for pad length and payload type. 2. The minimum would be only 22 bytes = 14 bytes encrypted data + 1 extra cipher block that is used for padding, padding length & payload type. The latter seems wrong to me but using the former is leading to corruption of the payload (upon decryption). Or have I got it wrong completely? And due to system requirements I can't simply just allocate larger than required output buffers. Thanks in advance -- View this message in context: http://openssl.6102.n7.nabble.com/EVP-EncryptUpdate-output-buffer-length-tp44485.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
