Hi, I am using EVP_DecryptUpdate() and EVP_DecryptFinal_ex() to decrypt a SSL packet that I have captured. The cipher that I am using AES256 and I can read the application data in cleartext as a result. The problem comes if the application data size > 8, which I think has something to do with me using a block cipher. I can't seem to decrypt the data then. Anyways, after inspecting the packet dumps, I realized that sometimes I get fragmented packets.
For Example, 17 03 01 00 20 85 99 2a 94 4d 0e 56 2c 81 bc fc 4d c9 32 aa 85 46 90 02 6d 4e b6 c6 da 4b d9 82 e9 ab cf 77 e7 17 03 01 00 20 76 68 51 17 9e 86 d4 20 6e 31 3e 7a 96 17 d5 cd c0 ba 5c cd ba 11 2b 18 b1 8d d8 3c 15 3d e9 c7 This is actually two packets that are using the SSL application protocol, each of size 0x20 (The second packet starts on line 3, 6th byte onwards). While decrypting, should both these packets be merged together and hence treated as a single packet of size 0x40 or should packet be processed separately. Since, we are using a block cipher of size 256 bits(32 bytes), will it even make a difference? Thanks and Regards, Vijay Kotari
