[openssl] OpenSSL_1_1_1-stable update
beldmit at gmail.com
beldmit at gmail.com
Sun Dec 8 19:34:40 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 03fbef9c241d9a04e2baa45aa2b436bdae8ba67e (commit)
from 580b8db8b4f1290ec879bfd0bb772012695ac370 (commit)
- Log -----------------------------------------------------------------
commit 03fbef9c241d9a04e2baa45aa2b436bdae8ba67e
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Sun Dec 1 11:53:14 2019 +0300
Difference between EVP_CipherInit and EVP_CipherInit_ex
Fixes #10455
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10550)
-----------------------------------------------------------------------
Summary of changes:
doc/man3/EVP_EncryptInit.pod | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index 6b068617b0..aaf9975c4c 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -492,6 +492,15 @@ EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
existing context without allocating and freeing it up on each call.
+There are some differences between functions EVP_CipherInit() and
+EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills
+the passed context object with zeros. As a consequence, EVP_CipherInit() does
+not allow step-by-step initialization of the ctx when the I<key> and I<iv> are
+passed in separate calls. It also means that the flags set for the CTX are
+removed, and it is especially important for the
+B<EVP_CIPHER_CTX_FLAG_WRAP_ALLOW> flag treated specially in
+EVP_CipherInit_ex().
+
EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.
=head1 BUGS
More information about the openssl-commits
mailing list