As I understand it, it's legal to provide the exact same input and output buffer to EVP_EncryptUpdate and EVP_DecryptUpdate, but it's not legal to provide pointers into different parts of the same buffer. That's a good check. However, my implementation is getting triggered by this code in EVP_DecryptUpdate(): if (ctx->final_used) { /* see comment about PTRDIFF_T comparison above */ => if (((PTRDIFF_T)out == (PTRDIFF_T)in) || is_partially_overlapping(out, in, b)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; } Can someone explain why, only in this specific situation where we're decrypting the final block, we require that OUT and IN not be the same buffer? Everywhere else we check is_partially_overlapping() only, without equality. I read the comment about PTRDIFF_T but I didn't come up with a reason for the equality check. This check was added back in 2016 in SHA 5fc77684f1 FWIW. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users