diff options
author | Dmitry Belyavskiy <beldmit@gmail.com> | 2019-12-01 11:53:14 +0300 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2019-12-08 22:27:57 +0300 |
commit | 32745fccdb65c24049a09c93f7170b0236e9893b (patch) | |
tree | 9876c890365eb0856bd5fa39bbaa752ac92d6a0d /doc/man3/EVP_EncryptInit.pod | |
parent | 4c3f748d7cfffb3309451c6bfdd686f89ec290b2 (diff) |
Difference between EVP_CipherInit and EVP_CipherInit_ex
Fixes #10455
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10550)
Diffstat (limited to 'doc/man3/EVP_EncryptInit.pod')
-rw-r--r-- | doc/man3/EVP_EncryptInit.pod | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 1ca3e7478e..50a6cc8702 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -667,6 +667,15 @@ EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an existing context without allocating and freeing it up on each call. +There are some differences between functions EVP_CipherInit() and +EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills +the passed context object with zeros. As a consequence, EVP_CipherInit() does +not allow step-by-step initialization of the ctx when the I<key> and I<iv> are +passed in separate calls. It also means that the flags set for the CTX are +removed, and it is especially important for the +B<EVP_CIPHER_CTX_FLAG_WRAP_ALLOW> flag treated specially in +EVP_CipherInit_ex(). + EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros. =head1 BUGS |