Coincidently I was in the middle of writing a blog entry about the verification where similar three functions are used. Now it is published: http://kriscience.blogspot.co.uk/2013/04/verifying-signatures-with-openssl.html
Cheers, Kris 2013/4/8 Taraniteja Vishwanatha <taranit...@gmail.com> > Thanks Kris. Will do. > > > On Mon, Apr 8, 2013 at 9:31 AM, Krzysztof Konopko < > krzysztof.kono...@gmail.com> wrote: > >> I think of it as all EVP_*Update() functions are always ready to consume >> more data and you can call them multiple times until all data is digested. >> All EVP_*Final and EVP_*Final_ex() functions are "commit and finalize" and >> quite often they are the core of the operation (like producing a signature >> of the final digest). >> >> So you always do the following: >> - initialize (once) >> - update (1..many) >> - finalize (once) >> >> In your case (as in any other), yes, you need to call >> EVP_EncryptFinal_ex(). >> >> Cheers, >> Kris >> >> >> 2013/4/8 Taraniteja Vishwanatha <taranit...@gmail.com> >> >>> Hey all, >>> >>> >>> I am using EVP APIs to do AES 256 encryption. I have a question >>> regarding EVP_EncryptFinal_ex. The documentation says this API is used to >>> encrypt the last few bytes if any remaining. >>> >>> Is this API required? I am allocating the cipher text size before >>> passing into EVP_EncryptUpdate in the order of AES_BLOCK_SIZE (16). >>> >>> So for example my plaintext length is 20 bytes, I am allocating cipher >>> text as 32 bytes before passing into EVP_EncryptUpdate. >>> >>> Will I need to use EVP_EncryptFinal_ex regardless of the length >>> allocated? >>> >>> Thank you, >>> Tarani >>> >> >> >