diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-12-13 10:06:59 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-12-22 13:43:15 +0100 |
commit | 782a34f76f5255ea8b4e5c7e8e8faa62a075beee (patch) | |
tree | 4da0fb261e74dd9c556b8b4d6672ef1aa9b94b9c /doc | |
parent | 141a7389c7612c7cf33c540ed65eee5f3e0284d0 (diff) |
AES: Document that the XTS, SIV, WRAP modes do not support streaming
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23028)
(cherry picked from commit 8f0f814d791e0825b96c30494594de619da3e5a5)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man7/EVP_CIPHER-AES.pod | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/man7/EVP_CIPHER-AES.pod b/doc/man7/EVP_CIPHER-AES.pod index fa1eaa843b..7bd3746c9b 100644 --- a/doc/man7/EVP_CIPHER-AES.pod +++ b/doc/man7/EVP_CIPHER-AES.pod @@ -63,6 +63,19 @@ FIPS provider: This implementation supports the parameters described in L<EVP_EncryptInit(3)/PARAMETERS>. +=head1 NOTES + +The AES-SIV and AES-WRAP mode implementations do not support streaming. That +means to obtain correct results there can be only one L<EVP_EncryptUpdate(3)> +or L<EVP_DecryptUpdate(3)> call after the initialization of the context. + +The AES-XTS implementations allow streaming to be performed, but each +L<EVP_EncryptUpdate(3)> or L<EVP_DecryptUpdate(3)> call requires each input +to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or +EVP_DecryptUpdate() call can optionally have an input that is not a multiple +of the blocksize but is larger than one block. In that case ciphertext +stealing (CTS) is used to fill the block. + =head1 SEE ALSO L<provider-cipher(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)> |