From cf70188d53b6c400fffb98c7b302d012c782903e Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 17 Dec 2014 05:16:16 -0500 Subject: [PATCH] Update EVP_Cipher documentation some more. It doesn't retain partial blocks but it DOES update internal cipher state. ssl/ depends on this property. Change-Id: I1e44b612c2e1549e096de8b71726007dcbc68de3 Reviewed-on: https://boringssl-review.googlesource.com/2640 Reviewed-by: Adam Langley --- include/openssl/cipher.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h index 9c498e8c..d78debf6 100644 --- a/include/openssl/cipher.h +++ b/include/openssl/cipher.h @@ -193,9 +193,12 @@ OPENSSL_EXPORT int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len); /* EVP_Cipher performs a one-shot encryption/decryption operation. No partial - * blocks etc are maintained between calls. It returns one on success and zero - * otherwise, unless |EVP_CIPHER_flags| has |EVP_CIPH_FLAG_CUSTOM_CIPHER| - * set. Then it returns the number of bytes written or -1 on error. + * blocks are maintained between calls. However, any internal cipher state is + * still updated. For CBC-mode ciphers, the IV is updated to the final + * ciphertext block. For stream ciphers, the stream is advanced past the bytes + * used. It returns one on success and zero otherwise, unless |EVP_CIPHER_flags| + * has |EVP_CIPH_FLAG_CUSTOM_CIPHER| set. Then it returns the number of bytes + * written or -1 on error. * * WARNING: this differs from the usual return value convention when using * |EVP_CIPH_FLAG_CUSTOM_CIPHER|.