[EMAIL PROTECTED] writes: > > Does OUTSIZE not function as a guard to make it easier to avoid > > overflowing the 'out' buffer? > > Yes, it is true. But I mean, we can provide a function or macro > which return the size of the encrypted output buffer. So we avoid > caller need know about padding, for example. > > Do that function always fill the output buffer? Or it is possible to > calculate the size of the output buffer that is going to be filled? >
For AESv2 and ARC4 it is possible. For AESv2 the output buffer_must to_ have the length of input buffer after it was padded, at least. However for ARC4 the output always have same length than input. e.g for AESv2: input buffer length = 28 bytes ...after padding = 32 bytes ...with IV = 48 bytes Then output buffer should have at least 48 bytes. e.g for ARC4: input buffer length = 28 bytes Then output buffer should have at least 28 bytes. --
