diff --git a/CHANGES b/CHANGES
index 2b052dd850cd016e0f7015629e04d804d4c2c46b..2375076ae67e7e5f92c0e340ad7b18742be68d13 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,7 +11,7 @@
      do_cipher is subtly changed if this flag is set: the return value
      is the number of characters written to the output buffer (zero is
      no longer an error code) or a negative error code. Also if the
-     input buffer is NULL and length -1 finalisation should be performed.
+     input buffer is NULL and length 0 finalisation should be performed.
      [Steve Henson]
 
   *) If a candidate issuer certificate is already part of the constructed
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 3f8473b348a653cb7a59e7921ca6893eb5b7dd13..c016d1ed627c075f5c8a0614a59fd79a2387c99c 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -368,10 +368,10 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
 	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
 		{
-		i = ctx->cipher->do_cipher(ctx, out, NULL, -1);
+		i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
 		if (i < 0)
 			return 0;
-		else
+		else 
 			*outl = i;
 		return 1;
 		}
@@ -483,7 +483,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
 	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
 		{
-		i = ctx->cipher->do_cipher(ctx, out, NULL, -1);
+		i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
 		if (i < 0)
 			return 0;
 		else