diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-12-13 10:06:59 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-12-22 13:43:44 +0100 |
commit | 6610de034b7be34d2659575f23855246019c6d2e (patch) | |
tree | bab5e2e209d95f3148e0fb5f1b7e17226d8debad | |
parent | 8493cf0d3a5bd114f2665ed27934fb1d61bf2c3d (diff) |
AES: Document that the XTS, SIV, WRAP modes do not support streaming
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23028)
(cherry picked from commit 8f0f814d791e0825b96c30494594de619da3e5a5)
-rw-r--r-- | doc/man7/EVP_CIPHER-AES.pod | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/man7/EVP_CIPHER-AES.pod b/doc/man7/EVP_CIPHER-AES.pod index 2c790d9cbd..3313245f98 100644 --- a/doc/man7/EVP_CIPHER-AES.pod +++ b/doc/man7/EVP_CIPHER-AES.pod @@ -61,6 +61,19 @@ FIPS provider: This implementation supports the parameters described in L<EVP_EncryptInit(3)/PARAMETERS>. +=head1 NOTES + +The AES-SIV and AES-WRAP mode implementations do not support streaming. That +means to obtain correct results there can be only one L<EVP_EncryptUpdate(3)> +or L<EVP_DecryptUpdate(3)> call after the initialization of the context. + +The AES-XTS implementations allow streaming to be performed, but each +L<EVP_EncryptUpdate(3)> or L<EVP_DecryptUpdate(3)> call requires each input +to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or +EVP_DecryptUpdate() call can optionally have an input that is not a multiple +of the blocksize but is larger than one block. In that case ciphertext +stealing (CTS) is used to fill the block. + =head1 SEE ALSO L<provider-cipher(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)> |