Hi all; I'm working with OpenSSL 1.1.1a, using the EVP interface to encrypt/decrypt with various ciphers/modes. I had a couple of questions: First, the encrypt update docs say: > the amount of data written may be anything from zero bytes to > (inl + cipher_block_size - 1) Is that really true? For example if my block size is 16 and my input length is 4, could the encrypt step really write as many as 19 bytes (4 + 16 - 1)? I would have thought that the true maximum would be round-up(inl, cipher_block_size); that is, for inl values 1-15 you'd get 16 bytes, and for inl values 16-31 you'd get 32 bytes, etc. (I'm not actually sure whether inl of 16 gets you 16 or 32 bytes...) Am I wrong about that? Would some ciphers/modes write beyond the end of the current "block" and into the next one? Second, the type of the outl parameter on EVP encrypt update is "int", rather than (as I would have expected) "unsigned int". Is there a possibility that EVP would set &outl to a negative value and if so, what would that mean? Do I need to check for this in my code? Same with inl; why isn't it "unsigned int"? Is there ever a reason to pass in a negative value? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users