diff options
| author | bcook <> | 2016-09-03 14:54:25 +0000 |
|---|---|---|
| committer | bcook <> | 2016-09-03 14:54:25 +0000 |
| commit | 40f86ac072d3c93d1158f96a747042c4e32ca6a2 (patch) | |
| tree | 7db452907fc08cb3776749169b2f238fa070ae20 /src/lib/libcrypto/doc/EVP_EncryptInit.pod | |
| parent | e5cd7ad2410b187a41e6ac216c000a85d90f9dcd (diff) | |
| download | openbsd-40f86ac072d3c93d1158f96a747042c4e32ca6a2.tar.gz openbsd-40f86ac072d3c93d1158f96a747042c4e32ca6a2.tar.bz2 openbsd-40f86ac072d3c93d1158f96a747042c4e32ca6a2.zip | |
deprecate EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()
This switches EVP_CipherFinal() to work as EVP_EncryptFinal() and
EVP_DecryptFinal() do, always clearing the cipher context on completion.
Indicate that, since it is not possible to tell whether this function will
clear the context (the API has changed over time in OpenSSL), it is better to
use the _ex() variants and explicitly clear instead.
ok beck@
Diffstat (limited to 'src/lib/libcrypto/doc/EVP_EncryptInit.pod')
| -rw-r--r-- | src/lib/libcrypto/doc/EVP_EncryptInit.pod | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod index 02d02ba5f5..e72c101c94 100644 --- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod +++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod | |||
| @@ -23,7 +23,7 @@ EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc, | |||
| 23 | EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc, | 23 | EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc, |
| 24 | EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, | 24 | EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, |
| 25 | EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, | 25 | EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, |
| 26 | EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, | 26 | EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, |
| 27 | EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm, | 27 | EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm, |
| 28 | EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_rc5_32_12_16_cbc, | 28 | EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_rc5_32_12_16_cbc, |
| 29 | EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb | 29 | EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb |
| @@ -168,9 +168,13 @@ initialized and they always use the default cipher implementation. | |||
| 168 | 168 | ||
| 169 | EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are | 169 | EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are |
| 170 | identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and | 170 | identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and |
| 171 | EVP_CipherFinal_ex(). In previous releases they also used to clean up | 171 | EVP_CipherFinal_ex(). In previous releases of OpenSSL they also used to clean |
| 172 | the B<ctx>, but this is no longer done and EVP_CIPHER_CTX_clean() | 172 | up the B<ctx>, but this is no longer done and EVP_CIPHER_CTX_clean() |
| 173 | must be called to free any context resources. | 173 | must be called to free any context resources. As of LibreSSL 2.4, |
| 174 | EVP_EncryptFinal() and EVP_DecryptFinal() will always clean up, and | ||
| 175 | EVP_CipherFinal() also cleans up as of LibreSSL 2.5. The use of | ||
| 176 | EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() is not | ||
| 177 | recommended. | ||
| 174 | 178 | ||
| 175 | EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() | 179 | EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() |
| 176 | return an EVP_CIPHER structure when passed a cipher name, a NID or an | 180 | return an EVP_CIPHER structure when passed a cipher name, a NID or an |