diff options
Diffstat (limited to 'doc/crypto/des.pod')
-rw-r--r-- | doc/crypto/des.pod | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 7ccadbc345..0131093ba9 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -240,8 +240,9 @@ is thread safe, unlike the normal crypt. DES_crypt() is a faster replacement for the normal system crypt(). This function calls DES_fcrypt() with a static array passed as the -third parameter. This emulates the normal non-thread safe semantics +third parameter. This mostly emulates the normal non-thread-safe semantics of crypt(3). +The B<salt> must be two ASCII characters. DES_enc_write() writes I<len> bytes to file descriptor I<fd> from buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default) @@ -272,15 +273,11 @@ DES_string_to_key() is available for backward compatibility with the MIT library. New applications should use a cryptographic hash function. The same applies for DES_string_to_2key(). -=head1 CONFORMING TO - -ANSI X3.106 +=head1 NOTES The B<des> library was written to be source code compatible with the MIT Kerberos library. -=head1 NOTES - Applications should use the higher level functions L<EVP_EncryptInit(3)> etc. instead of calling these functions directly. @@ -288,6 +285,14 @@ functions directly. Single-key DES is insecure due to its short key size. ECB mode is not suitable for most applications; see L<des_modes(7)>. +=head1 HISTORY + +The requirement that the B<salt> parameter to DES_crypt() and DES_fcrypt() +be two ASCII characters was first enforced in +OpenSSL 1.1.0. Previous versions tried to use the letter uppercase B<A> +if both character were not present, and could crash when given non-ASCII +on some platforms. + =head1 SEE ALSO L<des_modes(7)>, |