Clarify the change of enc -S behavior in 3.0

Fixes #19730 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19732)
2024-12-09 05:51:54 +08:00 · 2023-01-24 14:40:57 +01:00 · 2023-01-24 14:40:57 +01:00 · a4aa977d3a
commit a4aa977d3a
parent b02997c571
1 changed files with 13 additions and 0 deletions
--- a/doc/man1/openssl-enc.pod.in
+++ b/doc/man1/openssl-enc.pod.in
@ -256,6 +256,19 @@ All RC2 ciphers have the same key and effective key length.

 Blowfish and RC5 algorithms use a 128 bit key.

+Please note that OpenSSL 3.0 changed the effect of the B<-S> option.
+Any explicit salt value specified via this option is no longer prepended to the
+ciphertext when encrypting, and must again be explicitly provided when decrypting.
+Conversely, when the B<-S> option is used during decryption, the ciphertext
+is expected to not have a prepended salt value.
+
+When using OpenSSL 3.0 or later to decrypt data that was encrypted with an
+explicit salt under OpenSSL 1.1.1 do not use the B<-S> option, the salt will
+then be read from the ciphertext.
+To generate ciphertext that can be decrypted with OpenSSL 1.1.1 do not use
+the B<-S> option, the salt will be then be generated randomly and prepended
+to the output.
+
 =head1 SUPPORTED CIPHERS

 Note that some of these ciphers can be disabled at compile time