On Tue, Oct 18, 2011 at 6:47 AM, Nico Flink <fl...@coolux.de> wrote:
>
> I have a question concerning the size of the out buffer filled by
> EVP_CipherUpdate() and EVP_CipherFinal().
>
> The evp man page gives the following description:
>
> EVP_EncryptUpdate() encrypts inl bytes from the buffer in and writes the
> encrypted version to out. […] The amount of data written depends on the
> block alignment of the encrypted data: as a result the amount of data
> written may be anything from zero bytes to (inl + cipher_block_size - 1).
>
> If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts the
> ``final'' data, that is any data that remains in a partial block.
>
> I observed the following behaviour of EVP_CipherUpdate(). It fills the out
> buffer with (int)(inSize / cipher_block_size) blocks of data. The remaining
> bytes of data are written to the buffer when calling EVP_CipherFinal().
> During my tests the size of the decrypted buffer always equalled the size of
> the encrypted buffer and vice versa.
>
> But if I understand the man page correctly this behaviour is not guaranteed
> as EVP_EncryptUpdate() could fill up the partial block with data and write
> (inl + cipher_block_size - 1) bytes to the out buffer. Is this correct and
> if so how can I know where my en-/decrypted data ends in the buffer? Does it
> still always equal the size of the in buffer even if more data is written to
> the out buffer?
inl + cipher_block_size - 1 is a maximum size. The actual size is
returned to you in .

The idea is to give you the size of the maximum buffer needed. You
alloc the maximum size, and then only use outlen bytes within that
buffer.

See the logic in crypto/evp/evp_enc.c.

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to