Hi, I have a problem with Thunderbird which works via the cryptoki to our device which makes use of OpenSSL.
Thunderbird passes ciphertext which falls exactly on the blocksize boundary. I translate the cryptoki DecryptUpdate() call to the OpenSSL DecryptUpdate(). OpenSSL retains the last block of ciphertext and return the first (N-1)*blocksize of plaintext. Next I expect a cryptoki DecryptFinal() call so as to decrypt and return the last block of plaintext. Thunderbird instead expected _all_ the plaintext to be returned from the DecryptUpdate() call (it seems). In a discussion with them, they mention that they determined that the ciphertext is not padded and hence expected this behaviour. There code now fails because the length of the plaintext returned by my OpenSSL DecryptUpdated() does not match the length of the ciphertext send to it. Am my understanding of the OpenSSL DecryptUpdate() the wrong: Is it possible to decrypt all the ciphertext and return all the plaintext or must one always call the DecryptFinal() after any and all DecryptUpdate() function calls? Thanks for your time LJB