On Tue, Jul 28, 2020 at 02:05:58PM +0300, Ard Biesheuvel wrote: > > But isn't the final chunksize a function of cryptlen? What happens if > i try to use cts(cbc(aes)) to encrypt 16 bytes with the MORE flag, and > <16 additional bytes as the final chunk? The final chunksize is an attribute that the caller has to act on. So for cts it tells the caller that it must withhold at least two blocks (32 bytes) of data unless it is the final chunk. Of course the implementation should not crash when given malformed input like the ones you suggested but the content of the output will be undefined. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
