Hi, There are several standards which define padding for block ciphers. OpenSSL currently implements only PKCS#7 padding mode.
For some reasons I need to use ISO/IEC 7816-4 padding, and hope to get this patch accepted into OpenSSL. Now we have EVP_CIPHER_CTX_set_padding function which accepts integer argument and with zero it disables padding and with non-sero enables it. Obvois idea for more flexible interface is to define some integer constants #define PADDING_PKCS7 1 #define PADDING_ISO7816 2 #define PADDING_ANSI_X_923 3 etc etc and make EVP_CIPHER_CTX_set_padding recognize this constants and complain about any other values. Default should be left PKCS7_PADDING I doubt that there is some code around there that would be broken by this interface change. But to maintain stricter backward compatibility it is possible to define EVP_CIPHER_CTX_set_padding_ex function, which would set padding mode according to this constants and leave EVP_CIPHER_CTX_set_padding with current semantics - set PCKS7 padding on any non-zero argument. Which interface is better? _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev