On 21 March 2013 21:04, steveRX04 <srh...@hotmail.com> wrote: > I'm using DES so the cipher block size is 8 bytes. Padding is enabled.
DES? Really? Are you sure you want to use that? It is no longer considered secure. > > I know that if the input buffer is 14 bytes, then by calling > EVP_EncryptUpdate the first 8 bytes will get encrypted, leaving 6 bytes > remaining in the internal buffer. When EVP_encryptFinal these 6 bytes are > encrypted and 2 padding bytes will be applied. > > But at this point I've been told two different things and I'm not sure if > either is correct... Neither is correct. If your plaintext has less bytes than a multiple of the block length, then padding will be applied to make it a multiple of the block length (i.e. bytes are added until the length is a multiple of 8 bytes for DES). Padding will always be applied to every message. If your plaintext is a multiple of the block length, then a whole additional block of padding will be applied (an additional 8 bytes in the DES case). If you plaintext is a string remember to either include the NULL terminator in the calculation of the number of bytes (if you are going to encrypt it), or remember to add the NULL terminator when you decrypt - it won't be added by the Decrypt routines. > > 1. The minimum output buffer for the complete encrypted packet would be 24 > bytes = 14 bytes encrypted data + 2 padding bytes + 1 extra (8 byte) cipher > block used for pad length and payload type. > > 2. The minimum would be only 22 bytes = 14 bytes encrypted data + 1 extra > cipher block that is used for padding, padding length & payload type. The pad length is incorporated into the padding itself, so 1 byte of padding will be: 01 Two bytes will be: 02 02 Three bytes: 03 03 03 and so on up to: 08 08 08 08 08 08 08 08 Payload type is not incorporated into the encryption at all (although it could be in any associated protocol). Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
