Hi,

I am using EVP_DecryptUpdate() and EVP_DecryptFinal_ex() to decrypt a
SSL packet that I have captured. The cipher that I am using AES256 and
I can read the application data in cleartext as a result. The problem
comes if the application data size > 8, which I think has something to
do with me using a block cipher. I can't seem to decrypt the data
then. Anyways, after inspecting the packet dumps, I realized that
sometimes I get fragmented packets.

For Example,

17 03 01 00 20 85 99 2a 94 4d 0e 56 2c 81 bc fc
4d c9 32 aa 85 46 90 02 6d 4e b6 c6 da 4b d9 82
e9 ab cf 77 e7 17 03 01 00 20 76 68 51 17 9e 86
d4 20 6e 31 3e 7a 96 17 d5 cd c0 ba 5c cd ba 11
2b 18 b1 8d d8 3c 15 3d e9 c7

This is actually two packets that are using the SSL application
protocol, each of size 0x20 (The second packet starts on line 3, 6th
byte onwards). While decrypting, should both these packets be merged
together and hence treated as a single packet of size 0x40 or should
packet be processed separately. Since, we are using a block cipher of
size 256 bits(32 bytes), will it even make a difference?

Thanks and Regards,
Vijay K.