Hi Thulasi/Rich, Thanks! This prompted me to uncover another bug in the code. I did encrypt an extra block of zeros! Now everything makes sense.
Can't help to dig a little deeper into this: In AES-CBC mode, the decryption can be paralleled. Is this what the EVP_DecryptUpdate is doing behind the scene? For example, I need to break a long string into blocks to use EVP_EncryptUpdate but I only need to feed the ciphertext into EVP_DecryptUpdate once. David On Fri, Aug 1, 2014 at 8:36 PM, Salz, Rich <rs...@akamai.com> wrote: > Just wanted to say that Thulasi’s explanations and advice are exactly > correct; thanks! > > > > -- > > Principal Security Engineer > > Akamai Technologies, Cambridge MA > > IM: rs...@jabber.me Twitter: RichSalz > > >