I think of it as all EVP_*Update() functions are always ready to consume more data and you can call them multiple times until all data is digested. All EVP_*Final and EVP_*Final_ex() functions are "commit and finalize" and quite often they are the core of the operation (like producing a signature of the final digest).
So you always do the following: - initialize (once) - update (1..many) - finalize (once) In your case (as in any other), yes, you need to call EVP_EncryptFinal_ex(). Cheers, Kris 2013/4/8 Taraniteja Vishwanatha <taranit...@gmail.com> > Hey all, > > > I am using EVP APIs to do AES 256 encryption. I have a question regarding > EVP_EncryptFinal_ex. The documentation says this API is used to encrypt the > last few bytes if any remaining. > > Is this API required? I am allocating the cipher text size before passing > into EVP_EncryptUpdate in the order of AES_BLOCK_SIZE (16). > > So for example my plaintext length is 20 bytes, I am allocating cipher > text as 32 bytes before passing into EVP_EncryptUpdate. > > Will I need to use EVP_EncryptFinal_ex regardless of the length allocated? > > Thank you, > Tarani >
