commit cf70188d53b6c400fffb98c7b302d012c782903e
author David Benjamin <davidben@chromium.org> Wed Dec 17 05:16:16 2014 -0500
committer Adam Langley <agl@google.com> Thu Dec 18 19:37:24 2014 +0000
tree f297e25eff1487b61b8815a750bf1a190224c439
parent 1bea173fd494123d596a1754664d0928a936d15c

Update EVP_Cipher documentation some more.

It doesn't retain partial blocks but it DOES update internal cipher state. ssl/
depends on this property.

Change-Id: I1e44b612c2e1549e096de8b71726007dcbc68de3
Reviewed-on: https://boringssl-review.googlesource.com/2640
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/cipher.h

diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
index 9c498e8..d78debf 100644
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h
@@ -193,9 +193,12 @@
                                        int *out_len);
 
 /* EVP_Cipher performs a one-shot encryption/decryption operation. No partial
- * blocks etc are maintained between calls. It returns one on success and zero
- * otherwise, unless |EVP_CIPHER_flags| has |EVP_CIPH_FLAG_CUSTOM_CIPHER|
- * set. Then it returns the number of bytes written or -1 on error.
+ * blocks are maintained between calls. However, any internal cipher state is
+ * still updated. For CBC-mode ciphers, the IV is updated to the final
+ * ciphertext block. For stream ciphers, the stream is advanced past the bytes
+ * used. It returns one on success and zero otherwise, unless |EVP_CIPHER_flags|
+ * has |EVP_CIPH_FLAG_CUSTOM_CIPHER| set. Then it returns the number of bytes
+ * written or -1 on error.
  *
  * WARNING: this differs from the usual return value convention when using
  * |EVP_CIPH_FLAG_CUSTOM_CIPHER|.