On Fri, Aug 1, 2014 at 5:46 AM, David Li <[email protected]> wrote:
> Hi,
>
> I am using openssl 1.0.1h and AES128 CBC mode to encrypt some arbitrary
> long ASCII string.
> I encountered an issue at decryption. If I use EVP_DecryptFinal_ex then
> the output is unrecognizable. If I remove the following then the output is
> OK.
>
> if ((rc = EVP_DecryptFinal_ex(&ctx, debuf, &tmplen)) == 0) {
> printf (" Finalization error: %d\n", rc);
> return -1;
> }
>
You are most probably over-writing the decrypted data you have got with
EVP_DecryptUpdate. Skip the the length that you have already decrypted in
debuf. i.e If you have got outlen bytes from DecryptUpdate, you should
supply "debuf+outlen" as second argument to EVP_DecryptFinal
> Can anyone explain why?
>
> David
>
>
