On Thu, 2022-12-15 at 20:44 +0100, Wiktor Kwapisiewicz via openssl- users wrote: > Hi Michel, > > On 15.12.2022 19:17, Michel wrote: > > ///"the amount of data written can be anything from zero bytes to > > (inl + > > cipher_block_size) bytes"/(at a maximum) > > > > what you are asking for ? > > > > Resulting in///cipher_block_size/bytesneeded (at max, may be 0) > > when > > callingEVP_CipherFinal() ? > > > > “///The encrypted final data is written to////out////which should > > have > > sufficient space for one cipher block/”. > > This gives a range and I'm looking for exact value. That value can be > calculated using Matt's description [0]. I'm wondering if that can be > done without keeping external state, just using cipher API. > > The "num" parameter looked like exactly what I was looking for but > either I'm holding it wrong or I misunderstood its purpose. > > The use case I have in mind is to provide safe API that checks if the > client provided buffer big enough for next call to CipherUpdate. In > some > cases, for example when encrypting data block by block by the client, > the output buffer of one block is sufficient. > > I hope that clarifies the use case I have in mind. There is no way to get the exact output buffer size needed than by knowing the cipher an the provider. If you know that the cipher used is producing the ciphertext with the same length as the plaintext (at least in the circumstances you follow - for example the length is a multiple of the block size), then you know that if for every previous call to EncryptUpdate (if there was any) the output ciphertext size was the same as the plaintext size, then the next EncryptUpdate call cannot produce any more ciphertext bytes than plaintext size. Of course once you feed the data to EncryptUpdate by chunks sized smaller than block size, there logically has to be some caching involved as a block cipher must encrypt only full blocks unless there is some padding involved but that applies only to the last block. In case of AEAD modes this is also different as there must be some additional space in the ciphertext for the tag. -- Tomáš Mráz, OpenSSL