More than 14 years ago, on Wed May 15 18:49:25 2002, Dr. Stephen Henson committed a change to crypto/evp/evp_enc.c that made the EVP_*Final() functions identical to the corresponding *_ex() functions.
In 2014, Rich Salz fixed the doc on the master branch with commit 538860a3ce0b9fd142a7f1a62e597cccb74475d3. However, the docs for the current release branch (1.0.2) have not been updated, and still carry misleading information: https://www.openssl.org/docs/man1.0.2/crypto/EVP_CipherFinal.html Whoever relies on the manual without reading the openssl source code, and uses the EVP_*Final() functions without calling EVP_CIPHER_CTX_cleanup() afterwards, is subject to leak memory and probably leave encryption keys floating in RAM, waiting for a bug elsewhere to spill them. Would you mind merging commit 538860a3ce0b9fd142a7f1a62e597cccb74475d3 into the 1.0.2 stable branch? Best regards, g -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4546 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
