On Tue, Oct 18, 2011 at 6:47 AM, Nico Flink fl...@coolux.de wrote:
I have a question concerning the size of the out buffer filled by
EVP_CipherUpdate() and EVP_CipherFinal().
The evp man page gives the following description:
EVP_EncryptUpdate() encrypts inl bytes from the buffer in and writes the
encrypted version to out. […] The amount of data written depends on the
block alignment of the encrypted data: as a result the amount of data
written may be anything from zero bytes to (inl + cipher_block_size - 1).
If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts the
``final'' data, that is any data that remains in a partial block.
I observed the following behaviour of EVP_CipherUpdate(). It fills the out
buffer with (int)(inSize / cipher_block_size) blocks of data. The remaining
bytes of data are written to the buffer when calling EVP_CipherFinal().
During my tests the size of the decrypted buffer always equalled the size of
the encrypted buffer and vice versa.
But if I understand the man page correctly this behaviour is not guaranteed
as EVP_EncryptUpdate() could fill up the partial block with data and write
(inl + cipher_block_size - 1) bytes to the out buffer. Is this correct and
if so how can I know where my en-/decrypted data ends in the buffer? Does it
still always equal the size of the in buffer even if more data is written to
the out buffer?
inl + cipher_block_size - 1 is a maximum size. The actual size is
returned to you in .
The idea is to give you the size of the maximum buffer needed. You
alloc the maximum size, and then only use outlen bytes within that
buffer.
See the logic in crypto/evp/evp_enc.c.
Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org