Hello,
I'd like to clarify one aspect of the API regarding EVP_EncryptUpdate
[0] that is the length of the output buffer that should be passed to
that function ("out" parameter). (Actually I'm using EVP_CipherUpdate
but the docs are more comprehensive for EVP_EncryptUpdate).
[0]: https://www.openssl.org/docs/manmaster/man3/EVP_EncryptUpdate.html
For the record I'm using AES-128 cipher in ECB mode and the docs say:
For most ciphers and modes, the amount of data written can be
anything from zero bytes to (inl + cipher_block_size - 1) bytes. For
wrap cipher modes, the amount of data written can be anything from
zero bytes to (inl + cipher_block_size) bytes. For stream ciphers,
the amount of data written can be anything from zero bytes to inl
bytes.
AES-128-ECB doesn't appear to be a stream cipher (since the "block size"
returns 16 not the magical value of 1) and I'm unable to find any
mentions of "wrap cipher modes" in search engines. Apparently ECB is a
block cipher mode.
Does that mean that "wrap cipher modes" == "block cipher modes"?
Is there any documentation I could read on the reasoning of why a space
for additional block is needed in this case ("(inl + cipher_block_size)
bytes")? I'm trying to understand the differences between OpenSSL and
other cryptographic backends in an OpenPGP library [1].
Thank you for your time and help!
Kind regards,
Wiktor
[1]:
https://gitlab.com/sequoia-pgp/sequoia/-/merge_requests/1361#note_1150958453