On Sun, Sep 25, 2011, Paul Suhler wrote: > Hi, everyone. > > > > (This got no response on the developers list, so I'll retry it here.) > > > > Should EVP_Cipher() be used? I've found an inconsistency in its return > values: For the cipher EVP_aes_256_gcm, successful decryption returns > the length of the input. (That's what aes_gcm_cipher() returns.) For > other ciphers, like EVP_aes_256_cbc, EVP_Cipher() returns 1 for success. > Is this inconsistency indicative of a deprecated API that isn't being > maintained? It's not documented on the website. >
The preferred EVP interface to ciphers is via the Update/Final mechanism. It is possible to use EVP_Cipher but this is a more low level interface and bypasses block padding or buffering. There is only one specific type of cipher which returns the length and that is a custom cipher type. The custom cipher type requires additional setup to work correctly anyway so it wont affect existing applications. In other words if you want to use a custom cipher type correctly you have to know how to set it up and its other special properties. Currently there are only two custom cipher types for gcm/ccm. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
