As the code is, EVP_EncryptFinal and EVP_DecryptFinal, do not reset ctx->buf_len to 0 once done (there is an internal buffer to EVP_CIPHER_CTX, that is used to hold on to trailing bytes that do not complete a block). This means that encrypting two sets of data with the same CTX will require EVP_(Encrypt|Decrypt)Init to be called in between. This is wasteful, so I have modified EVP_EncryptFinal and EVP_DecryptFinal to reset the value of ctx->buf_len to zero. Nagendra
diff -urN openssl-0.9.5a/crypto/evp/evp_enc.c openssl-0.9.5a-work/crypto/evp/evp_enc.c --- openssl-0.9.5a/crypto/evp/evp_enc.c Fri Apr 23 15:10:20 1999 +++ openssl-0.9.5a-work/crypto/evp/evp_enc.c Thu Jul 20 09:41:05 2000 @@ -173,6 +173,7 @@ ctx->buf[i]=n; ctx->cipher->do_cipher(ctx,out,ctx->buf,b); *outl=b; + ctx->buf_len=0; } void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, @@ -255,6 +256,7 @@ for (i=0; i<n; i++) out[i]=ctx->buf[i]; *outl=n; + ctx->buf_len=0; } else *outl=0;