vendor/openssl/1.1.1e

author: Jung-uk Kim <jkim@FreeBSD.org> 2020-03-17 21:27:57 +0000
committer: Jung-uk Kim <jkim@FreeBSD.org> 2020-03-17 21:27:57 +0000
commit: aa144ced5d61b5c7fb74acaebb37d85bd08f0416 (patch)
tree: 2de6902cff4b007f4fae30a7d6c546b4dd3d1740 /doc/man3/EVP_EncryptInit.pod
parent: fbc3ad1ae1976eb5f2bac351260f2c5ee255c27f (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index 6b068617b0ad..aaf9975c4c26 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -492,6 +492,15 @@ EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
 EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
 existing context without allocating and freeing it up on each call.
 
+There are some differences between functions EVP_CipherInit() and
+EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills
+the passed context object with zeros.  As a consequence, EVP_CipherInit() does
+not allow step-by-step initialization of the ctx when the I<key> and I<iv> are
+passed in separate calls. It also means that the flags set for the CTX are
+removed, and it is especially important for the
+B<EVP_CIPHER_CTX_FLAG_WRAP_ALLOW> flag treated specially in
+EVP_CipherInit_ex().
+
 EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.
 
 =head1 BUGS
author	Jung-uk Kim <jkim@FreeBSD.org>	2020-03-17 21:27:57 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2020-03-17 21:27:57 +0000
commit	aa144ced5d61b5c7fb74acaebb37d85bd08f0416 (patch)
tree	2de6902cff4b007f4fae30a7d6c546b4dd3d1740 /doc/man3/EVP_EncryptInit.pod
parent	fbc3ad1ae1976eb5f2bac351260f2c5ee255c27f (diff)