Hello,
> Documentation says that, for EVP_EncryptUpdate, buffer of length (input
> length + cipher block size - 1) should be passed to output parameter.
>
> Suppose if we take AES-128, if the input length is 33, output written by
> EVP_EncryptUpdate will be 32. So, possible size could be
> ((input_length)/(cipher_block_size))*(cipher_block_size). What is the reason
> for passing buffer of size (input length + cipher block size - 1)? Similarly
> for EVP_DecryptUpdate, according to documentation, we have to pass (input
> length + cipher block size).
>
> As I can think of, all block ciphers have equal input block size and output
> block size. Documentation says that amount of data written depends on the
> block alignment of the encrypted data.
>
> Can someone explain this to me?
>
> I searched answers on the web and could not find anything useful.
This is true for block ciphers.
Block ciphers can encrypt data in block_size chunks.
For that, this function has internal buffer for data
that is less then block_size.
For example, suppose you want to encrypt some data with DES
cipher (block_size=8) and you call this function first as:
EVP_EncryptUpdate(&ctx, outbuf, &outlen, inbuf, 7)
this 7 bytes of input data can not be encrypted and is stored
in internal buffer. outlen returns 0.
Next you call this function as:
EVP_EncryptUpdate(&ctx, outbuf, &outlen, inbuf+7, 1)
and because we have now enough data to encrypt (7 bytes
in internal buffer and 1 byte in this call) one full block
will be written to outbuf and outlen returns 8.
And calculation:
input length + cipher block size - 1
is true for this case:
1 + 8 - 1 (=8)
and we got 8 bytes, not 1.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
